General recommendations
The WordPress Codex is your friend. It has answers for most questions and solutions for most problems. Read it.
The web is full of much poor advice about WordPress. Do not go running commands just because some forum told you it would solve a problem. Get help from the administrators if you need it.
As “chmod 777 *” is not cool, register your blog with the administrators so you can have puppet deal with your permissions for you. See below for more on this.
Do plugin and theme management from the admin interface if at all possible.
Update your plugins and the base install promptly. No need to rush from a date to do it, but pay attention to updates and update as soon as is reasonable.
Follow the WordPress developer blog.
Plugins
We would advise that you not install plugins casually. Consider how popular it is and if it is still in active maintenance before using it. The more plugins you rely on, the harder it will be to upgrade the base wordpress install. And upgrading the base install is very important to keeping the site secure.
Some specific recommendations for useful plugin.
- Akisment: this will handle nearly all of your spam problems.
- Maintenance Mode: This will let you present a friendly message when you bring your site down for major work.
Puppet permission fixing
Puppet is a tool used by the administrators to manage Monkeycosm.net systems. It enforces rules and fixes things that don’t match those rules. If you work with the admins, they can have puppet deal with keeping the permissions of your wordpress install safe and correct.
Specifically, Puppet would set the permissions to all files in the wordpress dir (and below) to owner apache, group usernameweb (which will let you access the files from the shell) and with permissions 770.