DiggingIntoWordPress

by Chris Coyier & Jeff Starr

Category: Security

How to Secure Your New WordPress Installation

Posted by on

One of the best ways to ensure strong security for your WordPress-powered site is to secure its foundations during the installation process. Of course these techniques can be implemented at any point during the life of your site, but stetting them before the game starts prevents headaches and saves time. We’ll start with the WordPress database..

You Don’t Need Any Plugins to Stop Comment Spam

Posted by on

I think one of the biggest WordPress myths is that you need a bunch of plugins to control comment spam. Pretty much all of the posts out there on preventing WordPress comment spam are telling you to install some list of “must-have” anti-spam plugins. Some authors insist that you need only a few “choice” plugins, while others advise you to load up on everything you can get your hands on. Such advice is all well-intentioned, I’m sure, but it’s all based on the assumption that plugins are actually necessary to control comment spam. They’re not. WordPress is well-equipped to handle the job all by itself. Plugins may provide additional anti-spam functionality, but they are by no means essential to running a spam-free site.

The xmlrpc.php File and Site Security

Posted by on

Located in the header.php file of most WordPress themes, there is an important hook called wp_head(). This essential hook enables functions to output content to the browser in the <head></head> area of the web document 1. In newer versions of WordPress, this hook enables WordPress to output the following three lines to your theme’s <head></head> section 2:

Code is poetry