Posts categorized: Security
I think one of the biggest WordPress myths is that you need a bunch of plugins to control comment spam. Pretty much all of the posts out there on preventing WordPress comment spam are telling you to install some list of “must-have” anti-spam plugins. Some authors insist that you need only a few “choice” plugins, while others advise you to load up on everything you can get your hands on. Such advice is all well-intentioned, I’m sure, but it’s all based on the assumption that plugins are actually necessary to control comment spam. They’re not. WordPress is well-equipped to handle the job all by itself. Plugins may provide additional anti-spam functionality, but they are by no means essential to running a spam-free site.
WordPress has the ability to easily password protect the content of any Post or Page. Right over by that big juicy blue "Publish" button, there is an option for Visibility. Click edit, and you have the option to make it password-protected and set a password.
In this DigWP tutorial, we take a look at a the potential security risk inherent in displaying your site's WordPress version number to anyone or anything that happens to stop by for a visit. For anyone who has been working on securing their WP-powered website, one of the most commonly seen security tips around the WordPress-o-Sphere has got to be this:
Just recently my other blog CSS-Tricks was hacked. I first found out by a very helpful reader emailing me a screenshot from the mobile version of my site.
Included in the
header.php template of most WordPress themes, there is an important hook called
wp_head. This essential hook enables WordPress functions to output content to the browser in the
<head></head> area of your web pages1.
For example, in newer versions of WordPress,
wp_head() enables WordPress to output the following three lines to your theme’s