WordPress developers take security very seriously, and many security experts evaluate WordPress’s code for flaws. Security updates are made frequently to keep users safe. However, there are some extra steps you can take to make a fresh installation of WordPress more secure and protect against future attacks. Remember, no system can ever be completely secure, but taking preventative measures can be helpful. Much of this guide is based on the advice from the WordPress Codex article on hardening WordPress, but it is aimed at the WordPress beginner. In future articles, I’ll cover advanced security measures, hardening existing WordPress installs, and recovering hacked WordPress sites. This guide should be relevant for both WordPress 2.92 (the most recent stable release as of this writing) as well as WordPress 3.0. Overview: -Preliminary steps for securing your WordPress install -Changing defaults in WordPress to implement “security by obscurity” -Choosing strong passwords -Installing and configuring […]
[Continue Reading...]
Posts Tagged ‘upgrades’
Do you find upgrading themes to be a pain? To be honest, I don’t upgrade themes very often if at all but if you do, there is a newly created plugin that ought to make the process much easier on you. It’s called Easy Theme Upgrades and was developed by Chris Jean of iThemes. It’s quite simple to use. Upon giving it a test run this morning, it performed flawlessly without any errors. I also confirmed that the backup zip file contained the changes I made to the files before they were deleted. This is very handy considering many people hack their themes to bits and pieces. This method insures that you don’t lose those changes forever but instead, can go into the archived files to copy and paste your bits into the new version. One of the biggest fears in upgrading a theme is the fact that you’ll lose […]
[Continue Reading...]Here comes yet another way to be notified of new upgrades for WordPress in case you need one. Google has announced that they will be using their processing power to scan the source code of websites to look for the version number of the publishing software they are using and send them a notification through Google Webmaster Tools letting them know that an upgrade is available. In the case of WordPress, the meta tag was moved to the core of WordPress in 2.5. Therefor, anyone running a version of WordPress from 2.5 and above should have it displayed in their source code unless it was either removed or edited out through an action in the functions.php file such as remove_action(‘wp_head’, ‘wp_generator’); Also, some plugins have been created that removes the version info as well, typically security related plugins. Speaking of security, the security through obscurity argument regarding the public display […]
[Continue Reading...]As mentioned by WP Engineer, WordPress 2.9 recently had a new feature added to it called bulk plugin upgrades. The interesting thing about this feature is back on September 11th, Matt published this through his Twitter feed: Just upgraded three plugins in about 30 seconds using one-click upgrade — wish you could do them all at once though. Well, now you can. I attended the WordPress developers chat today and according to the devs, the bulk upgrader works, all it needs now is to be tied into the API along with some cosmetics. I’m sure there are plenty of you, including myself that is pleased to see this addition to WordPress. However, I wonder what happens if during a bulk upgrade, one of the plugins fails. Does the upgrader skip the plugin and move on to the next one or does it ruin the entire upgrade? Looking forward to the […]
[Continue Reading...]A few days ago, something new showed up on each plugin page throughout the repository. This new box on the right hand side is a way of enabling the community to say whether a plugin is compatible with the newest version of WordPress or not. Normally, the plugin information within the FYI box tells you which version of WordPress is required and which version the plugin is compatible up to. Unfortunately, the version the plugin is compatible up to is not updated that often which is why some plugins which state that they only work up to WordPress 2.5 end up working with the latest release. If you have a WordPress.org forum user account, you’ll need to log in in order to vote. The voting is simple. The first box enables you to select which version of WordPress you’re running, including the latest version being worked on. The second box […]
[Continue Reading...]There are many guides out there (one in particular I won’t dare mention) about upgrading to 2.5, but I was curious how your experience was. I’ve personally upgraded two of my blogs — one manually, and one using Keith’s awesome WordPress Automatic Upgrade plugin. In both cases, I ran into no issues aside from a few incompatible plugins (you did check the list, right?). To get the ball rolling, here are several links to some upgrade experiences around the web. My hope is to make this post a resource with a list of upgrade guides and experiences. Please feel free to add your own in the comments below (only one link please). Alex Frison shares with us how to upgrade 2.5 in 5 minutes. Random View shares his experience with upgrading to 2.5. Christer Edwards discusses updating, not one, but multiple blogs to WP 2.5 with no issues. Jeffro2pt0 discusses […]
[Continue Reading...]With WordPress 2.5 due to be released today (Hooray!) now would be a good time to go through a series of upgrade checks to see if your blog is ready for 2.5. Lorelle Van Fossen has written up an excellent article on the BlogHerald in regards to the pre upgrade checks you should perform. These include disabling and or removing old plugins, updating themes and plugins, validation, and checking for compatibilities. Going through this series of pre-flight checks as some would say, will help you prepare for a smooth upgrade process. I know I’ll be one of the first to upgrade my blog when I have the chance. When will you upgrade yours? *Note* WordPress 2.5 was TENTATIVELY scheduled to be release on March 10th, 2008. However, it looks like it’s not ready for production treatment and thus, has not been released.
[Continue Reading...]About the Author
- Klint Finley
Categories
- bbpress
- Best of WordPress
- Blog Templates Blog Skins Blog Themes
- Blogging
- Blogging Essays
- Blogging News
- brainstorming
- buddypress
- Business of Blogging
- CMS
- Code
- Cold Fusion
- Community Interviews
- Cool Scripts
- General
- HOW-TO
- LinkyLoo
- Movable Type Plugins
- Photolog Script
- Podcasting
- QuickLinking
- Spam
- SXSW
- TLA
- Tutorials
- User Reviews
- Web Design
- Web Ethics
- Weblog Add-Ons
- Weblog tools blog tools blogging tools
- Weekly Plugin Review
- WLTC Community
- wordcamp
- WordPress
- WordPress Discussions
- WordPress FAQs
- Wordpress for Beginners
- WordPress Hack
- WordPress News
- WordPress Plugin Competition
- WordPress Plugins
- WordPress Polls
- WordPress Security
- WordPress Templates WordPress Skins WordPress Themes
- WordPress Tips
- WordPress Tools
- WordPress Troubleshooting
- WordPress Weekly
- WordPress Widgets
- WordPress WishList
- XHTML Tips
Obviously Powered by WordPress. © 2003-2013
