9th April 2010
Here we go with some more nifty code for you WordPress developers… As ever, this code is roughly tested but probably not for novices. It’s designed to drop into a custom theme’s functions.php file. It probably should be a plugin, and it might make it one day when it’s thoroughly tested and I get time…
Anyway, it’s a solution to a problem that I’m very surprised isn’t built into the WP core (as an option at least), and isn’t addressed by any easily found plugin or code already out there. As we know, WP provides a good “password strength meter” on the user profile page, which is great as strong passwords are (or should be) one of the first lines of defence against attacks on your site. But it’s just an indicator—there’s nothing stopping someone using “password” as their password, or something dumb like that. All you need is one Administrator or Editor with a dumb password, and the whole site is highly vulnerable.
How about a little enforcement?
Read more »
Permalink |
Posted in WordPress, security |
4 comments » |
1st July 2009
I just had to come up with a quick bit of .htaccess code to very basically protect PDFs on a client’s site from being downloaded by people who aren’t logged into WordPress. I thought I’d share the code, specifically to highlight the way to detect if someone’s logged into WP through Apache’s directives.
Read more »
Permalink |
Posted in Apache, WordPress, security |
No comments yet » |
6th May 2009
I well and truly cut my WordPress security teeth last year when my server got hacked. I summarized my lessons learned in that post, but the post also included a lot of things specific to the attack I was subject to. I thought I’d round up my WP security measures here for easy reference.
There’s many, many things you can do to secure WP. I’ll give links for further reading at the end. Documented here are my “baseline” measures that I make sure are in every WP deployment I create.
Read more »
Permalink |
Posted in WordPress, security |
5 comments » |
19th April 2008
My server was recently subject to a hack attack. In some senses it was pretty serious—many new files containing malicious code, many altered files, new bogus admin accounts in WordPress. But in the end it seems I lost no data, and none of my sites got injected with spam links (which I gather was the intent of the hack).
Needless to say, I’ve been forced to quickly learn a lot about web security, and I’ve been grateful to be forced to do so without major losses. I’ll try and document some useful things I’ve learned here.
NOTE: This post contains some good WordPress security tips, but in response to a specific hacks. For a more general, comprehensive run-down of solid WordPress security measures, see this post.
Read more »
Permalink |
Posted in WordPress, security, spam |
Comments closed |
Welcome! I build websites - mostly based on the brilliant, free & open 