Start learning with our library of video tutorials taught by experts. Get started
Viewers: in countries Watching now:
This course explains how to secure self-hosted WordPress sites, including site configuration, code modification, and the use of free plug-ins. Beginning with the basics of site security, author Jeff Starr explains how to harden a WordPress site by configuring authentication keys, setting proper file permissions, and removing version numbers. The course shows how to implement a firewall, prevent automated spam, and control proxy access, and concludes with a series of advanced tips and site security best practices.
In this screencast, we improve the security of the WordPress user login process by adding a set of secret keys to the site's configuration file. This is an important step designed by the WordPress team to better secure your site. Here we are in our FTP/file editor, looking at the WordPress configuration file. Scroll down to just beneath the database credentials, to where it says, "Authentication Unique Keys and Salts." As you can see, freshly installed WordPress doesn't provide any of the secret keys, so we'll need to add our own, and the more random and complicated, the better.
The quickest and easiest way to generate strong key values is to visit WordPress's own secret key service in the browser at secret-key/1.1/salt, and then copy and paste the entire block of code, and then return to your configuration file and just paste it into place, like so. Once the keys are in place, save and upload the file, like so, and that's all there is to it. Of course you don't want to use the example keys shown here; the whole idea is to specify your own unique phrases to improve login security, and it's totally fine to replace these keys at any time, for any reason.
The worst that will happen is the currently logged in users will need to log in again. Trust me, the extra security is worth the minor inconvenience. In this screencast, we enabled WordPress to more securely manage the user login process. This functionality is built into WordPress by default, but you need to enable it by adding your own set of unique secret keys. In the next screencast, we further improve security by specifying a unique database prefix.
There are currently no FAQs about WordPress 3: Developing Secure Sites.
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.