The Definitive Guide to Securing WordPress: New Plus Tutorial
plus

The Definitive Guide to Securing WordPress: New Premium Tutorial

on Jul 30th 2009 with 28 comments
Download Source Files

In this Premium tutorial and screencast, you’ll learn how to protect your website from hackers, spammers, automated software, and bots that run rampant online. WordPress is by far the most popular self-hosted blogging solution, and for that very reason, it’s also one of the most targeted for vulnerabilities. You may be surprised how easy it is to take preventative measures to protect your site. Sign up today!


Example

Example

Example

Join Tuts Plus

NETTUTS+ Screencasts and Bonus Tutorials

For those unfamiliar, the family of TUTS sites runs a premium membership service called “Premium”. For $19 per month, you gain access to exclusive premium tutorials, screencasts, and freebies at nettuts+, psdtuts+, and vectortuts+! For the price of a pizza, you’ll learn from some of the best minds in the business. Join today!

  • Subscribe to the NETTUTS RSS Feed for more daily web development tuts and articles.


 
Enjoyed this Post?

Subscribe to our RSS Feed, Follow us on Twitter or simply recommend us to friends and colleagues!

By

Rollover to read this author's bio or click through to see a full list of posts by this author.

This author has yet to write their bio.  

Plus Premium
 
 
Note: Want to add some source code? Type <pre><code> before it and </code></pre> after it. Find out more
  • http://www.imblog.info Muhammad Adnan

    Jeffrey , i was really looking for this kind if tutorial about wordpress security for my ongoing Project.

    Thanks. it’s really useful

    • http://www.imblog.info Muhammad Adnan

      of *

  • http://labs.dariux.com Dario Gutierrez

    Will must be a great tutorial. Thanks.

  • http://www.stephen-ainsworth.co.uk Stephen Ainsworth

    Its just a matter of time before i sign up to net plus

  • http://www.dataviking.com Angel

    Thank you1

  • http://z6.co.uk Baloney

    Not to put the guide down but there’s plenty free info on this subject online already so I can’t see why it’s paid for content.

    Don’t get me wrong, there’s plenty of reasons to sign up, just not for this piece.

  • Erich

    And after all is done, you’re toast if there is a SQL-Injection vulnerability in any plugin or in WP itself.

  • http://www.aguaesolutions.com Aguaesolutions

    Thank you, i was looking for this for some time for my customers

  • Johnathan

    I know WordPress is really popular and all that but would there be any chance of keeping that for the normal stuff, and having tutorials based on a language or framework, not everyone is able to use WordPress tutorials, but everyone can benefit from some PHP or javascript stuff.

    • John

      wordpress is a PHP Frameword of sorts. I think that wordpres rocks and you should go check this out if yo dont alreay understand how wordpress works there are hundreds of great tuts on here and other great sites like css-tricks.com. go check them out.

      • http://pussymeetsdick.com Johnathan

        It isn’t a framework, it’s a CMS. I just don’t like paying money for something I’m likely not to use. I tried wordpress, didn’t like it. I prefer building my own, I know some of you will go on about not reinventing the wheel and all that but I feel I gave more control over something I build myself.
        I don’t think the wordpress tuts should be stopped, just not part of the plus tutorials.
        Sorry for any spelling errors here, I’m doing this from my iPod.

    • http://www.nouveller.com/ Benjamin Reid

      Yeah I agree, I run loads of WP sites and have had no security problems what so ever. Why not some decent PHP security rules?

  • Jedrek

    I agree.

  • http://www.crearedesign.co.uk Martyn Web

    So far I haven’t come across any security issue with wordpress but I suppose it only comes in to affect if your site is extremely popular and you gain haters.

    • http://wpbloghost.com John Hoff – WpBlogHost

      Actually, that’s one reason why so many people get hacked, because they think no one would care to hack their site.

      Think of it like home invasions. Using your reasoning you’d think really nice poor people wouldn’t have to worry about people breaking into their house and stealing things, after all, a few miles down the road there are plenty of houses with a lot more “goodies” and no alarms. But guess what? Robbers don’t care. They’ll still break into the poor guy’s house.

      Same with your blog. Don’t think your site is not a target just because your site isn’t popular. It happens every day to all sorts of sites. In fact, many hackers use bots to scan sites which could be easy targets. A bot doesn’t care what you blog about and if you have any haters or not.

      Many of these guys just want to use your site to create backlinks to their sites. But then when Google finds you have a bunch of hidden links on your blog guess what Googlebot does?

      Removes your site from their index because you’ve been flagged as a spam site.

      If anyone has an unsecured blog, there is no reason to leave it that way. Securing your blog should be top priority …. just trust me on this (from an experienced WordPress blogger) …. just do it. Don’t think, just do it.

  • Jermaine Hercules

    just what I needed, I about to install wordpress on a client server and this really help me in securing it thanks

  • http://www.sonergonul.com/blog/ Soner Gönül

    Very good!

    twitter.com/sonergonul
    friendfeed.com/sonergonul

    • bill

      wow, thanks for that insightful, spam filled post!

      • http://beijers.eu Teun

        Obviously tutsplus hasn’t used this tutorial and doesn’t use wordpress, because from the screenshots I see a spam blocking plugin ;)

    • http://wpbloghost.com John Hoff – WpBlogHost

      Great info. I’ll be sure to click on those!

  • http://hiddencss.com Daniel Groves [HiddenCSS]

    Another incentive to sign up and part with my money…

  • http://wpbloghost.com John Hoff – WpBlogHost

    I’m still somewhat new to this site. I find it very useful, however I was a bit confused when I read the title but didn’t learn anything.

    I assume I need to sign up to read this article?

  • Gavin Steele

    This is great and I have installed a number of the plugins mentioned.

    One issue I have though, with the antivirus plugin, is that when you buy a theme from a site like theme forest and the like, they use different ways to achive fancy effects.

    When the antivirus is run, it pulls up an issue with a file related to get_cach_file and the word file is highlighted/

    as a buyer of themes, how am I meant to know if that is a real issue or not? I presume that files from theme forest are not sent out with viruses? So do I just ignore this red alert?

    Thanks

  • http://www.snilesh.com/ Neel

    Hi I have my personal site and i get almost 20-30 spam comments each day. Now after reading this tutorial I have a solution for my problem :)

  • http://www.daddydesign.com daddy design

    great post. ty!

  • Mampranx

    Hi John,
    I have seen your screencast tutorial on Change-WP-Default-Table-Prefix.
    After i change the WP default table prefix and the config.php, i can’t login to my admin panel. Whats wrong?

    • Mampranx

      It show this message “You do not have sufficient permissions to access this page.”

      What should i do??

  • http://toppageoptimization.com/ Mae Russell

    This is awesome! I am using wordpress for my sites and blogs and this is very helpful.