Posts categorized: Security
Media Temple, WordPress, Mass Hacking
Update: Media Temple is saying1 that:
- They aren’t 100% sure of the cause, but yes, the hack is their fault.
- About 10% of all (gs) users were affected.
- It’s not WordPress specific, it’s PHP specific.
- Definitely change your passwords, definitely don’t change it back to the original password.
How to Secure Your New WordPress Installation
One of the best ways to ensure strong security for your WordPress-powered site is to secure its foundations during the installation process. Of course these techniques can be implemented at any point during the life of your site, but stetting them before the game starts prevents headaches and saves time. We’ll start with the WordPress database..
You Don’t Need Any Plugins to Stop Comment Spam
I think one of the biggest WordPress myths is that you need a bunch of plugins to control comment spam. Pretty much all of the posts out there on preventing WordPress comment spam are telling you to install some list of “must-have” anti-spam plugins. Some authors insist that you need only a few “choice” plugins, while others advise you to load up on everything you can get your hands on. Such advice is all well-intentioned, I’m sure, but it’s all based on the assumption that plugins are actually necessary to control comment spam. They’re not. WordPress is well-equipped to handle the job all by itself. Plugins may provide additional anti-spam functionality, but they are by no means essential to running a spam-free site.
Password Protect More Than the_content()
WordPress has the ability to easily password protect the content of any Post or Page. Right over by that big juicy blue “Publish” button, there is an option for Visibility. Click edit, and you have the option to make it password-protected and set a password.
How to Remove the WordPress Version Number
In this DigWP tutorial, we take a look at a the potential security risk inherent in displaying your site’s WordPress version number to anyone or anything that happens to stop by for a visit. For anyone who has been working on securing their WP-powered website, one of the most commonly seen security tips around the WordPress-o-Sphere has got to be this:
Spam Link Injection Hacked (and How I Hopefully Fixed It)
Just recently my other blog CSS-Tricks was hacked. I first found out by a very helpful reader emailing me a screenshot from the mobile version of my site.
The xmlrpc.php File and Site Security
Included in the header.php
template of most WordPress themes, there is an important hook called wp_head
. This essential hook enables WordPress functions to output content to the browser in the <head></head>
area of your web pages1.
For example, in newer versions of WordPress, wp_head()
enables WordPress to output the following three lines to your theme’s <head></head>
: