Member Sign In
Not a member?

A Wired.com user account lets you create, edit and comment on Webmonkey articles. You will also be able to contribute to the Wired How-To Wiki and comment on news stories at Wired.com.


It's fast and free.

Sign in with OpenID
Sign In
Webmonkey is a property of Wired Digital.
processing...
Join Webmonkey
Please send me occasional e-mail updates about new features and special offers from Wired/Webmonkey.
Yes No
Please send occasional e-mail offers from Wired/Webmonkey affiliated web sites and publications, and carefully selected companies.
Yes No
I understand and agree that registration on or use of this site constitutes agreement to Webmonkey's User Agreement and Privacy Policy.
Webmonkey is a property of Wired Digital.
processing...

Retrieve Sign In

Please enter your e-mail address or username below. Your username and password will be sent to the e-mail address you provided us.

or
Webmonkey is a property of Wired Digital.
processing...

Welcome to Webmonkey

A private profile page has been created for you.
As a member of Webmonkey, you can now:
  • edit articles
  • add to the code library
  • design and write a tutorial
  • comment on any Webmonkey article
Close
Webmonkey is a property of Wired Digital.

Sign In Information Sent

An e-mail has been sent to the e-mail address registered in this account.
If you cannot find it in your in-box, please check your bulk or junk folders.
Sign In
Webmonkey is a property of Wired Digital.

How To Make Your WordPress Blog More Secure

By Michael Calore January 22, 2008 Categories: Blog Publishing, Programming, Software & Tools

Wordpress
WordPress is widely hailed as the content platform of choice among the roll-your-own blog crowd. It’s free, it’s flexible and extensible, and it’s entirely open source. But just like most other open source software packages, it takes a little bit of knowledgeable back-end tweaking before your installation is truly secure and ready to face the millions of script kiddies on the web.

Google engineer and SEO guru Matt Cutts has posted a handful of tips for WordPress users to help make their blogs more secure. To wit:

  • Secure your /wp-admin/ directory so only specific IPs have access to it.
  • Make an empty wp-content/plugins/index.html file to hide which plug-ins you’re actually running.
  • Subscribe to the WordPress development blog and stay up to date with the latest patches.
  • Delete the version information from your theme’s header.php file.

There are dozens of other suggestions in the comments at Cutts’ site. Matt’s advice may seem trivial to the seasoned web programmer, but what’s obvious to some is often much-needed enlightenment to the masses. For more blogging 101, put Hardening WordPress at the WordPress codex on your reading list. There, you can learn about the most common vulnerabilities and how to side-step them.

Hat tip to Ryan "Don’t call it 27Bstroke6" Singel

Tags: blogs
Post Comment Comments Permalink Print
Reddit Digg
 
Subscribe now

Special Offer For Webmonkey Users

WIRED magazine:
The first word on how technology is changing our world.

Subscribe for just $10 a year