DiggingIntoWordPress

by Chris Coyier & Jeff Starr

Category: Security

You Don’t Need Any Plugins to Stop Comment Spam

Posted by Updated on

I think one of the biggest WordPress myths is that you need a bunch of plugins to control comment spam. Pretty much all of the posts out there on preventing WordPress comment spam are telling you to install some list of “must-have” anti-spam plugins. Some authors insist that you need only a few “choice” plugins, while others advise you to load up on everything you can get your hands on. Such advice is all well-intentioned, I’m sure, but it’s all based on the assumption that plugins are actually necessary to control comment spam. They’re not. WordPress is well-equipped to handle the job all by itself. Plugins may provide additional anti-spam functionality, but they are by no means essential to running a spam-free site.

Password Protect More Than the_content()

Posted by Updated on

WordPress has the ability to easily password protect the content of any Post or Page. Right over by that big juicy blue "Publish" button, there is an option for Visibility. Click edit, and you have the option to make it password-protected and set a password.

The xmlrpc.php File and Site Security

Posted by Updated on

Located in the header.php file of most WordPress themes, there is an important hook called wp_head(). This essential hook enables functions to output content to the browser in the <head></head> area of the web document 1. In newer versions of WordPress, this hook enables WordPress to output the following three lines to your theme’s <head></head> section 2:

Code is poetry