DiggingIntoWordPress

by Chris Coyier & Jeff Starr

Tag: Security

Secure uploads, upgrade and other directories with .htaccess

Posted by on

It sucks, but a lot of plugins require certain directories to be set at CHMOD 777 for its file permissions. Of course, you should not use any plugin that requires 777 directories, but if you absolutely must, you can help protect the folder by adding a thin slice of htaccess. This works great for any directory requiring “loose-ish” permissions (i.e., anything greater than 755), and may also be useful for other key folders as well.

Pimp your wp-config.php

Posted by on

Easily, the most important file in your WordPress installation is the wp-config.php file. It serves as your site’s base configuration file, controlling key aspects of WordPress’ functionality and enabling WordPress to do mission-critical stuff like connect to the database. Without wp-config.php, WordPress simply won’t work. So whenever you install WordPress, one of the first things to do is pimp your wp-config.php with some custom WP configuration tricks.

Add Private Content to Posts via Shortcode

Posted by on

Recently, WPRecipes posted an incredibly useful technique that uses a shortcode to add private content to blog posts. This functionality makes it easy to manage leftover data, miscellaneous notes and other communication by keeping everything together with its corresponding post. Consolidating information like this helps to streamline flow and organization into the future.

WordPress Defender: 30 Ways to Secure Your Website

Posted by on

Looking for a good book on WordPress security? If so, we’ve got great news! John Hoff’s new security e-book WordPress Defender provides 30 practical ways to secure your website from the evil forces of spam, bad bots, and malicious hackers. The book is packed with practical, common-sense security techniques that virtually any WordPress user can use to protect their site from malicious threats.

Stop Spammers with a Custom Comment Blacklist

Posted by on

I usually reserve most of my blacklisting content for Perishable Press, but after posting about using WordPress’ built-in tools to stop comment spam, several DiW readers have asked about a good custom blacklist that may be used for the “Comment Moderation” and/or “Comment Blacklist” features in the WordPress “Discussion Settings” screen. Over the years, I have built up an extensive custom blacklist of terms that has proven quite effective at keeping spam and other garbage out of the comments section, even without using any anti-spam plugins such as Akismet. It’s strictly plug-n-play, and should help protect your site (and reputation) against all sorts of malicious nonsense. So without further ado..

Create a Custom Database Error Page in WordPress

Posted by on

As a dynamic blogging system, WordPress consists of PHP files (the WP core) that interact with a MySQL database to generate the web pages for your website. When everything is working properly, this dynamic interaction keeps WordPress humming along like a champ, but when your database crashes, WordPress can’t operate and will deliver the following message to your visitors:

How to Secure Your New WordPress Installation

Posted by on

One of the best ways to ensure strong security for your WordPress-powered site is to secure its foundations during the installation process. Of course these techniques can be implemented at any point during the life of your site, but stetting them before the game starts prevents headaches and saves time. We’ll start with the WordPress database..

Optimize WordPress Performance with the wp-config.php File

Posted by on

As you may recall, there are a ton of configuration tricks available for the WordPress wp-config.php file. So many in fact, that I think many people may have missed some of the choice definitions aimed at optimizing WordPress performance. In this post, we’ll explore the best ways to improve your site’s performance with WordPress’ wp-config.php file.

The xmlrpc.php File and Site Security

Posted by on

Located in the header.php file of most WordPress themes, there is an important hook called wp_head(). This essential hook enables functions to output content to the browser in the <head></head> area of the web document 1. In newer versions of WordPress, this hook enables WordPress to output the following three lines to your theme’s <head></head> section 2:

Code is poetry