In our recent post on pimping the wp-config.php file, we explain that using strong Security Keys is an important part of securing your WordPress installation. In this post, we want to zoom-in on Security Keys and look at what they are, how they work, and how to use them to greatly improve the security of your site.

This article is split into two parts for ez reference. First some information on the evil WordPress “Pharma Hack”, and then a recipe for protecting your site with a solid security lockdown. Choose your own adventure:

One thing that people love about WordPress are all of the awesome new features rolled out with each new version. WordPress has come a long, long way since I first started working with it back in 2005, and the soon-to-be released version 3.0 takes WordPress’ powerful functionality even further. WordPress 3.0 is currently in public beta, so you can grab a copy and play around to see all the amazing new hotness. New features include a new default theme, custom post-types, and a spicy new menu manager. Version 3.0 will be available soon – so let’s check out some of the latest and greatest new features..

One of the best ways to ensure strong security for your WordPress-powered site is to secure its foundations during the installation process. Of course these techniques can be implemented at any point during the life of your site, but stetting them before the game starts prevents headaches and saves time. We’ll start with the WordPress database..

Close monitoring of your site’s PHP errors is crucial to operating a healthy, secure, and well-performing website. When left undetected, PHP errors can reduce performance, waste bandwidth, and leave your site vulnerable to malicious attack. PHP errors usually occur unpredictably and spontaneously, and may be triggered by even the slightest changes to your server configuration, database setup, or WordPress files. Even if your site appears to working properly on the surface, it may in fact be suffering from undetected PHP errors that should be fixed as soon as possible.

Not everyone loves the post-revisioning feature of WordPress. In fact, some people can’t stand it. On the one hand, it’s nice to have a library of post-draft revisions to drudge through if you should ever make a mistake. On the other hand, multiple copies of every post is a great way to bloat your database with otherwise useless information.

Just recently my other blog CSS-Tricks was hacked. I first found out by a very helpful reader emailing me a screenshot from the mobile version of my site.

Many WordPress users know the wp-config.php file as the key to the WordPress database. It is where you set the database name, username, password, and location (among other things like security keys, database prefix, and localized language).

Here’s a screenshot of wp-config.php (aka the WordPress configuration file) for those who may not yet be familiar:

DigWP.com is home for the book, Digging Into WordPress, written by Chris Coyier and Jeff Starr. Here you will find lots of awesome free WordPress resources, themes, and techniques to improve your site. Check us out for high-quality tutorials, tricks, tips and much more.

Books and blogs are the perfect compliment to each other when it comes to learning web technologies. The book provides the main story, with complete information on setting up, customizing, and rocking with WordPress. The blog provides additional tips, tricks, tutorials, code snippets, and other resources. Digging Into WordPress brings you the best of both worlds.