Brad Williams who is the author of the book, Professional WordPress talked about initial sales and the type of feedback he’s received thus far. We also discussed what is going on with the WebDevStudios Crew including information regarding their iPhone application called IPFreely which is a location based application that plots where you pee. Don’t ask me, that’s just what the application does.
WPWeekly Episode 89 – Interview With Brad Williams
This was like having two episodes in one. During the first 20 minutes of the show, Hal Stern and Brad Williams gave me the 411 on their upcoming WordPress book, Professional WordPress. This book was written to take people directly into the core code of WordPress to figure out how it works and to explain how the internals of WordPress such as filters, hooks, and functions come together. The second part of the show featured an interview with Brad Williams of WebDevStudios.com where we discussed his consulting business built around an open source project. We also talked about some of the key differences in Joomla and Drupal compared to WordPress. Last but not least, we talked about their recently released plugin, CollabPress which may be one of the first plugins to really bring functioning task management into WordPress.
Ad Copy:
Get the most out of your search engine optimization with the All In one SEO Pro plugin. This version removes donation and advertisement sections, ideal for developers and firms using the plugin on client sites. A support forum is also available for the Pro version. Visit wpplugins.com today and check out All in One SEO Pro. Limited time New Year sale of 40% off
Stories Discussed:
WordPress 3.0 Release Bumped Back By Two Weeks
Woo Nav Menus Now In WordPress 3.0 Alpha
WPWeekly Meta:
Next Episode: SATURDAY, MARCH 6th 2P.M. EST
Subscribe To WPWeekly Via Itunes: Click here to subscribe
Length Of Episode: 1 Hour 30 Minutes
Download The Show: WordPressWeeklyEpisode89.mp3
Listen To Episode #89:
Top 5 WordPress Security Tips You Most Likely Don’t Follow
This is a guest blog post written by Brad Williams, author of the blog, Strangework.com. He’s also a developer for WebDevStudios.comI recently gave a presentation at WordCamp Montreal on WordPress Security. While doing research for my presentation I came across a bunch of great WordPress Security tips that all WordPress users should use. Surprisingly, a good majority of these tips are not usually followed. Below is a list of the top 5 tips that most WordPress administrators do not do, but should:
1. Don’t use the admin account – The default user account that is created with every installation of WordPress is the admin account. Unfortunately the entire world knows this, including hackers, and can easily launch a dictionary attack on your website to try and guess your password. If a hacker already knows your username that’s half the battle. It’s highly recommended to delete or change the admin account username.
2. Move your wp-config.php file – Did you know since WordPress 2.6 you can move your wp-config.php file outside of your root WordPress directory? Most users don’t know this and the ones that do don’t do it. To do this simply move your wp-config.php file up one directory from your WordPress root. WordPress will automatically look for your config file there if it can’t find it in your root directory.
3. Change the WordPress table prefix – The WordPress table prefix is wp_ by default. You can change this prior to installing WordPress by changing the $table_prefix value in your wp-config.php file. If a hacker is able to exploit your website using SQL Injection, this will make it harder for them to guess your table names and quite possibly keep them from doing SQL Injection at all. If you want to change the table prefix after you have installed WordPress you can use the WP Security Scan plugin to do so. Make sure you take a good backup before doing this though.
4. Use Secret Keys – This is probably the most followed security tip on the list, but still I’m amazed at how many people don’t do this. A secret key is a hashing salt that is used against your password to make it even stronger. Secret keys are set in your wp-config.php file. Simply visit https://api.wordpress.org/secret-key/1.1 to have a set of randomly generated secret keys created for you. Copy the 4 secret keys to your wp-config.php file and save. You can add/change these keys at any time, the only thing that will happen is all current WordPress cookies will be invalidated and your users will have to log in again.
5. htaccess lockdown – This is actually my favorite tip from my presentation. Using a .htaccess file you can lockdown your wp-admin directory by IP address. This means only IP addresses you specify can access your admin dashboard URLs. This makes it impossible for anyone else to try and hack your WordPress backend. To do this simply create a file called .htaccess and add the following code to your file, replacing xxx.xxx.xxx.xxx with your IP address:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
#IP address to Whitelist
allow from xxx.xxx.xxx.xxx
You can add multiple “allow from” lines so make sure to add any IP addresses you plan on accessing your site from (ie Home, Office, etc). Remember most ISP use dynamic IPs so your IP address might change on occasion. If you get locked out just update your .htaccess file or delete it all together. This obviously is not a good tip if you allow open registrations as you need to allow your users access to wp-admin.
So, how many of these tips do you follow regularly?
You can view my full WordPress Security Presentation from WordCamp Montreal below and view my slides (Canadian flags and all!) here: