by Chris Coyier & Jeff Starr

Category: Security

You Don’t Need Any Plugins to Stop Comment Spam

Posted by on

I think one of the biggest WordPress myths is that you need a bunch of plugins to control comment spam. Pretty much all of the posts out there on preventing WordPress comment spam are telling you to install some list of “must-have” anti-spam plugins. Some authors insist that you need only a few “choice” plugins, while others advise you to load up on everything you can get your hands on. Such advice is all well-intentioned, I’m sure, but it’s all based on the assumption that plugins are actually necessary to control comment spam. They’re not. WordPress is well-equipped to handle the job all by itself. Plugins may provide additional anti-spam functionality, but they are by no means essential to running a spam-free site.

The xmlrpc.php File and Site Security

Posted by on

Located in the header.php file of most WordPress themes, there is an important hook called wp_head(). This essential hook enables functions to output content to the browser in the <head></head> area of the web document 1. In newer versions of WordPress, this hook enables WordPress to output the following three lines to your theme’s <head></head> section 2:

Code is poetry