Gallery notes
I use Gallery2 for managing pictures on my web site. It's a target for hacker bots.
I've seen a lot of scripts trying dictionary attacks against Gallery2.
I am the only one that uses my gallery. I make a few changes to make it more secure.
Make non-essential pages disappear
This gets rid of password recovery. I don't need this and I don't need to leave any potential holes open.
Edit gallery2/.htaccess and add a rule after the #END Url Rewrite section:
# END Url Rewrite section # This disables password recovery. RewriteEngine On RewriteCond %{QUERY_STRING} .*UserRecoverPassword.*$ RewriteRule ^.*$ - [R=404]
Always require the Captcha
Login to your gallery2 as admin user and select "Site Admin". On the left menu you should see "Captcha". Select this and set each of the following options as "High": Login, Guest Comments, Password Items. That will mean that you will always have to enter the Captcha image to login.
Disable Member modules
On the left menu select "Modules". Disable the following modules: "New User Registration", "Members List and Profiles". You don't need those for a single user installation.