Start learning with our library of video tutorials taught by experts. Get started

WordPress 3: Developing Secure Sites

Finding and reporting vulnerabilities


From:

WordPress 3: Developing Secure Sites

with Jeff Starr

Video: Finding and reporting vulnerabilities

In this screencast, we look at how to find and report vulnerabilities, bugs, and other issues. If you happen to discover a bug while working with WordPress, you may report it at the designated page via the WordPress Codex. If you think you've discovered a security vulnerability, email the support team as soon as possible at security@wordpress.org, and include as much accurate and descriptive information as possible. For security issues, please do not post anywhere on the web before hearing back from the WordPress team.

Watch this entire course now—plus get access to every course in the library. Each course includes high-quality videos taught by expert instructors.

Become a member
Please wait...
WordPress 3: Developing Secure Sites
2h 36m Intermediate Jun 27, 2011

Viewers: in countries Watching now:

This course explains how to secure self-hosted WordPress sites, including site configuration, code modification, and the use of free plug-ins. Beginning with the basics of site security, author Jeff Starr explains how to harden a WordPress site by configuring authentication keys, setting proper file permissions, and removing version numbers. The course shows how to implement a firewall, prevent automated spam, and control proxy access, and concludes with a series of advanced tips and site security best practices.

Topics include:
  • Backing up and restoring your site
  • Setting up strong passwords
  • Choosing trusted plugins and themes
  • Protecting the configuration file and the admin directory
  • Securing the login page
  • Fighting comment spam
  • Blocking access and detecting hacks
  • Finding and reporting vulnerabilities
Subjects:
Developer Web CMS Web Development
Software:
WordPress
Author:
Jeff Starr

Finding and reporting vulnerabilities

In this screencast, we look at how to find and report vulnerabilities, bugs, and other issues. If you happen to discover a bug while working with WordPress, you may report it at the designated page via the WordPress Codex. If you think you've discovered a security vulnerability, email the support team as soon as possible at security@wordpress.org, and include as much accurate and descriptive information as possible. For security issues, please do not post anywhere on the web before hearing back from the WordPress team.

There are several plug-ins that will help you keep a close eye on the overall security and integrity of your WordPress-powered site. They are WordPress File Monitor, which monitors for changes made to your site; Exploit Scanner, which scans your site for signs of hacking; WordPress Security Scan which scans your site for potential vulnerabilities. We covered WordPress File Monitor and Exploit Scanner in previous screencasts, so let's look at that third one, WordPress Security Scan. Here in the Admin area of our WordPress demo site, we click on the Add New link in the Plugins menu.

Then in the Search field we type in 'WordPress Security Scan' or 'WP Security Scan' and click Search Plugins. It's the first result, so go ahead and click on the Details link to bring up the information panel. The description is complete and explains that this plug-in scans for security vulnerabilities and suggests corrective actions. The author is well known and reputable. The plug-in is compatible to WordPress 3.1.3, which is the latest, and this plug-in has been downloaded many times.

Let's take a look at the Installation tab by clicking on Installation. This is a typical installation, and you should have no problems doing so. We have the latest version installed here on this demo site, so let's go ahead and close out of this Information panel and scroll down to the new Security menu, which the plug-in creates for us. Here at the plug-in's main Settings page, here is sort of the Plugins dashboard, giving you an overview of your site security. If you see anything in red, the plug-in will provide tips for fixing it, and here's an overview of our server configuration, PHP info, and so on--again, purely informational.

Then you also get a scanner, which makes it easy to check your files and directories for proper file permissions. We cover this in an earlier video tutorial in the series. And there's also a password tool for auto generating and checking for strong passwords, and finally, a database prefix manager that I would recommend for newer installations, but maybe not when you've got a lot of plug-ins and/or customizations going on. Granted, this plug-in doesn't actually do a whole lot, but it does provide you with valuable information about your site, server details, and WordPress installation in general.

However, when used alongside other plug-ins, such as WordPress File Monitor and Exploit Scanner, the WP Security Scan plug-in fills in the gaps and lets you see the big picture of what's going on with your site. In this screencast, we've seen how to respond properly to bugs and other issues, as well as how to use a variety of plug-ins to keep a close eye on your site's security.

There are currently no FAQs about WordPress 3: Developing Secure Sites.

Share a link to this course
Please wait... Please wait...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.
Upgrade now


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ.

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Upgrade now

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed WordPress 3: Developing Secure Sites.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferencesfrom the dropdown menu.

Continue to classic layout Stay on new layout
Welcome to the redesigned course page.

We’ve moved some things around, and now you can



Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked