Start learning with our library of video tutorials taught by experts. Get started
Viewers: in countries Watching now:
This course explains how to secure self-hosted WordPress sites, including site configuration, code modification, and the use of free plug-ins. Beginning with the basics of site security, author Jeff Starr explains how to harden a WordPress site by configuring authentication keys, setting proper file permissions, and removing version numbers. The course shows how to implement a firewall, prevent automated spam, and control proxy access, and concludes with a series of advanced tips and site security best practices.
In this screencast, we look at how to find and report vulnerabilities, bugs, and other issues. If you happen to discover a bug while working with WordPress, you may report it at the designated page via the WordPress Codex. If you think you've discovered a security vulnerability, email the support team as soon as possible at firstname.lastname@example.org, and include as much accurate and descriptive information as possible. For security issues, please do not post anywhere on the web before hearing back from the WordPress team.
There are several plug-ins that will help you keep a close eye on the overall security and integrity of your WordPress-powered site. They are WordPress File Monitor, which monitors for changes made to your site; Exploit Scanner, which scans your site for signs of hacking; WordPress Security Scan which scans your site for potential vulnerabilities. We covered WordPress File Monitor and Exploit Scanner in previous screencasts, so let's look at that third one, WordPress Security Scan. Here in the Admin area of our WordPress demo site, we click on the Add New link in the Plugins menu.
Then in the Search field we type in 'WordPress Security Scan' or 'WP Security Scan' and click Search Plugins. It's the first result, so go ahead and click on the Details link to bring up the information panel. The description is complete and explains that this plug-in scans for security vulnerabilities and suggests corrective actions. The author is well known and reputable. The plug-in is compatible to WordPress 3.1.3, which is the latest, and this plug-in has been downloaded many times.
Let's take a look at the Installation tab by clicking on Installation. This is a typical installation, and you should have no problems doing so. We have the latest version installed here on this demo site, so let's go ahead and close out of this Information panel and scroll down to the new Security menu, which the plug-in creates for us. Here at the plug-in's main Settings page, here is sort of the Plugins dashboard, giving you an overview of your site security. If you see anything in red, the plug-in will provide tips for fixing it, and here's an overview of our server configuration, PHP info, and so on--again, purely informational.
Then you also get a scanner, which makes it easy to check your files and directories for proper file permissions. We cover this in an earlier video tutorial in the series. And there's also a password tool for auto generating and checking for strong passwords, and finally, a database prefix manager that I would recommend for newer installations, but maybe not when you've got a lot of plug-ins and/or customizations going on. Granted, this plug-in doesn't actually do a whole lot, but it does provide you with valuable information about your site, server details, and WordPress installation in general.
However, when used alongside other plug-ins, such as WordPress File Monitor and Exploit Scanner, the WP Security Scan plug-in fills in the gaps and lets you see the big picture of what's going on with your site. In this screencast, we've seen how to respond properly to bugs and other issues, as well as how to use a variety of plug-ins to keep a close eye on your site's security.
There are currently no FAQs about WordPress 3: Developing Secure Sites.
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.