Download Source Files
- Source files for this tutorial are available to Premium members.
Get a Premium Membership
In this Premium tutorial and screencast, you’ll learn how to protect your website from hackers, spammers, automated software, and bots that run rampant online. WordPress is by far the most popular self-hosted blogging solution, and for that very reason, it’s also one of the most targeted for vulnerabilities. You may be surprised how easy it is to take preventative measures to protect your site. Sign up today!
Join Tuts Plus
For those unfamiliar, the family of TUTS sites runs a premium membership service called “Premium”. For $9 per month, you gain access to exclusive premium tutorials, screencasts, and freebies at nettuts+, psdtuts+, and vectortuts+! For the price of a pizza, you’ll learn from some of the best minds in the business. Join today!
- Subscribe to the NETTUTS RSS Feed for more daily web development tuts and articles.
Enjoyed this Post?
Subscribe to our RSS Feed, Follow us on Twitter or simply recommend us to friends and colleagues!
Premium Members
Source Files, Bonus Tutorials & More for all relevant Tuts+ sites in one subscription. Join Now
Related Posts
Premium Membership
Source Files, Bonus Tutorials & More for all relevant Tuts+ sites in one subscription
Rockstar WordPress Designer
Now updated for WordPress 3.0, this classic book on WordPress theming and design has sold over 3500 copies! Get yours now!
Balazs Koch / photographer - More
Web Basix
Just getting started? Start with our basix tutorials on the fundamentals. View All Basix Tutorials
Other Plus Sites ...
aetuts+ audiotuts+ vectortuts+ tuts+ phototuts+ cgtuts+ nettuts+ psdtuts+ activetuts+ mobiletuts+Create a Tutorial, Get Paid!
Have something to teach the world? Want to earn money doing it? Tutorials, screencasts, and articles published here on Nettuts+ are largely contributed by readers just like you! We'll pay you great money for good content. Find Out More
Jeffrey , i was really looking for this kind if tutorial about wordpress security for my ongoing Project.
Thanks. it’s really useful
of *
Will must be a great tutorial. Thanks.
Its just a matter of time before i sign up to net plus
Thank you1
Not to put the guide down but there’s plenty free info on this subject online already so I can’t see why it’s paid for content.
Don’t get me wrong, there’s plenty of reasons to sign up, just not for this piece.
And after all is done, you’re toast if there is a SQL-Injection vulnerability in any plugin or in WP itself.
Thank you, i was looking for this for some time for my customers
I know WordPress is really popular and all that but would there be any chance of keeping that for the normal stuff, and having tutorials based on a language or framework, not everyone is able to use WordPress tutorials, but everyone can benefit from some PHP or javascript stuff.
wordpress is a PHP Frameword of sorts. I think that wordpres rocks and you should go check this out if yo dont alreay understand how wordpress works there are hundreds of great tuts on here and other great sites like css-tricks.com. go check them out.
It isn’t a framework, it’s a CMS. I just don’t like paying money for something I’m likely not to use. I tried wordpress, didn’t like it. I prefer building my own, I know some of you will go on about not reinventing the wheel and all that but I feel I gave more control over something I build myself.
I don’t think the wordpress tuts should be stopped, just not part of the plus tutorials.
Sorry for any spelling errors here, I’m doing this from my iPod.
Yeah I agree, I run loads of WP sites and have had no security problems what so ever. Why not some decent PHP security rules?
I agree.
So far I haven’t come across any security issue with wordpress but I suppose it only comes in to affect if your site is extremely popular and you gain haters.
Actually, that’s one reason why so many people get hacked, because they think no one would care to hack their site.
Think of it like home invasions. Using your reasoning you’d think really nice poor people wouldn’t have to worry about people breaking into their house and stealing things, after all, a few miles down the road there are plenty of houses with a lot more “goodies” and no alarms. But guess what? Robbers don’t care. They’ll still break into the poor guy’s house.
Same with your blog. Don’t think your site is not a target just because your site isn’t popular. It happens every day to all sorts of sites. In fact, many hackers use bots to scan sites which could be easy targets. A bot doesn’t care what you blog about and if you have any haters or not.
Many of these guys just want to use your site to create backlinks to their sites. But then when Google finds you have a bunch of hidden links on your blog guess what Googlebot does?
Removes your site from their index because you’ve been flagged as a spam site.
If anyone has an unsecured blog, there is no reason to leave it that way. Securing your blog should be top priority …. just trust me on this (from an experienced WordPress blogger) …. just do it. Don’t think, just do it.
just what I needed, I about to install wordpress on a client server and this really help me in securing it thanks
Very good!
twitter.com/sonergonul
friendfeed.com/sonergonul
wow, thanks for that insightful, spam filled post!
Obviously tutsplus hasn’t used this tutorial and doesn’t use wordpress, because from the screenshots I see a spam blocking plugin
Great info. I’ll be sure to click on those!
Another incentive to sign up and part with my money…
I’m still somewhat new to this site. I find it very useful, however I was a bit confused when I read the title but didn’t learn anything.
I assume I need to sign up to read this article?
This is great and I have installed a number of the plugins mentioned.
One issue I have though, with the antivirus plugin, is that when you buy a theme from a site like theme forest and the like, they use different ways to achive fancy effects.
When the antivirus is run, it pulls up an issue with a file related to get_cach_file and the word file is highlighted/
as a buyer of themes, how am I meant to know if that is a real issue or not? I presume that files from theme forest are not sent out with viruses? So do I just ignore this red alert?
Thanks
Hi I have my personal site and i get almost 20-30 spam comments each day. Now after reading this tutorial I have a solution for my problem
great post. ty!
Hi John,
I have seen your screencast tutorial on Change-WP-Default-Table-Prefix.
After i change the WP default table prefix and the config.php, i can’t login to my admin panel. Whats wrong?
It show this message “You do not have sufficient permissions to access this page.”
What should i do??