Wordpress4Dummies, wordpress blog ,SEO, Articles, Templates, Plugin, Skin, Download, pdf

We all agree that having a secure wordpress weblog should be our first priorities when keeping a successful blog. In this post we’d like you to share your knowledge and help us create the Wordpress Security guide to keep the bad guys out.

1) Nobody should be allowed to search your entire server.

• WPdesigner advices us to NOT use this search code in the search.php
  
  

  ---

  <?php echo $_SERVER ['PHP_SELF']; ?>

  ---

  Nobody should be allowed to search your entire server, or? Use this one instead:<?php bloginfo ('home'); ?>
• Block WP- folders from being indexed by search engines, the best way to block them in your robots.txt file. Add the following line to your list: Disallow: /wp-*

2) Directories should not be left open for public browsing

There is a potential problem letting people know what plugins you have, or what versions they are. If there is some known exploit that is linked to a plugin, it could be easy enough for someone to use it to their advantage. Make an empty wp-content/plugins/index.html file or just add this line in your .htaccess file in your root:

Options All -Indexes

3) Drop the version string in your Meta Tags

A large number of WordPress themes have the WordPress Meta Tag that show the version of WordPress that is running on your blog which is an easy way to get your blog prone to hackers if you didn’t upgrade to the security-enhanced file permissions on both which is pointed out by Matt Cutts. Another solution involves a plugin that sets up a secondary new version.

This tag is in the header.php file that displays your current version of wordpress.

1. <meta content=”WordPress &lt;?php bloginfo(’version’); ? /&gt;” name=”generator” />

4) Protecting your Wordpress wp-admin folder

Attackers can use bots for a brute force style of attack that simply guesses the admin password until they come up with the correct one and login. There are a couple of solutions out there, we will highlight each below.

• Limit access to wp-admin folder by IP address- This solution is to restrict which IP’s can access the wp-admin folder via .htaccess. This has one drawback is you may have to update your .htaccess folder if your internet provider assigns you a dynamic IP address, you move to another location or you have authors at other locations.
• AskApache Password Protect- The plugin is simple, it adds a 2nd layer of security to your blog by requiring a username and password to access anything in the /wp-admin/ folder. All you have to do is choose a username and password and you are done. It writes the .htaccess file, without messing it up. It also encrypts your password and creates the .htpasswd file, as well as setting the correct security-enhanced file permissions on both.
• Login Lockdown plugin- records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.

5) Stay up to date

You need to keep your on your plugin/widget, theme, and Wordpress versions updated. Also, subscribing to the plugin/widget/theme Author’s RSS feeds makes keeping up with them much easier.

6) Take regular backups of your site and Database

You always have to take regular backups of your file directories as well as the database. WordPress Database Backup plugin creates backups of your core WordPress tables as well as other tables of your choice in the same database.

7) Update your wordpress to latest version

Probably the first thing you should do! Install the Instant Upgrade Plugin or the Wordpress Automatic Upgrade Plugin. Make sure you back everything up before performing the upgrades.

8 ) Use SSH/Shell Access instead of FTP

It is one of the best tips i found here.If someone gets a hold of your FTP login information (which is usually not encrypted and easy to get), they can manipulate your files and add spam to your site without you even knowing about it! Using SSH, everything is encrypted including the transfer of files, etc.

9)Stop worrying about your wp-config.php file

Keep your database username and password Safe by adding the following to the .htaccess file at the top level of your WordPress install:

<FilesMatch ^wp-config.php$>deny from all</FilesMatch>

This will make it harder for your database username and password to fall into the wrong hands in the event of a server problem.

Protect Your Blog With a Solid Password

Creating a strong password that is also memorable is one of the easiest defenses against being hacked. There are a lot of online password strength checker that you could check.

Also you might check lorelle’s article on blogherald called Protect Your Blog With a Solid Password, offering tips and tricks to help create a strong password that is also memorable, and how to deal with all the myriad passwords we seem to accumulate online.

By http://www.noupe.com

There’s absolutely no reason for anyone not to use Google Analytics, Google’s website visitor statistic and analysis tool, on their site. Here are seven reasons why:

1. It’s Free - Who can argue with that? An amazingly powerful site tracking program at the best price on Earth.
2. Keyword tracking - It shows which keywords people used to find your site and individual pages via search engines. That allows you further optimize your pages for search engines to grab and hook visitors.
3. Site overlay - One of Google Analytics’ neatest features that overlays your site’s links with detailed information about clicks & more. It allows you to directly examine your visitor’s behavior to get a better idea of how they interact with it.
4. Visitor map - Displays a graphical world map that pinpoints your visitor’s geographic locations. This can be especially useful for eCommerce/business sites because it gives them the ability to target regional advertising campaigns.
5. Superb interface - The simple flash-based dashboard shows you important information at a glance. Widgets can be added and removed based on the data you want to see. All information from geographic location, top search engine keywords, time spent on each page, etc can be viewed in all sorts of ways from pie graphs to lists and allows for very detailed drill-downs.
6. Goals - Goals are a nifty feature that shows the percentage of users that follow a specific path on the website, for example: navigating from the home page, to the contact form, and successfully sending the form. Contact forms, newsletter subscription pages, or specific posts…the possibilities are endless.
7. IP filters - Google Analytics easily allows the administrator to add IP filters to the site to exclude a specific IP or range. One great use for this is to exclude your own IP to reduce clutter in your stats and get a better idea of user traffic.

Google Analytics is the first thing most people should add to their site. It’s vast array of features, great price, and the benefits to the webmaster make it an indispensable tool for website developers & blog writers alike.

Akismet is probably the most popular anti-spam plugin for WordPress blogs. It uses a constantly updating database of known spam posts & trackback information, and once installed, will monitor the comments from your blog. If it catches one known to be spam, it’s gone. If it misses a piece of spam, you can always mark it so, and Akismet will automatically update its database and learn from your help. Here is how to set up version 2.1 for WordPress 2.6:

1. Download Akismet from its homepage, Akismet.com and save the small file to your hard drive.
2. Unzip the file. I use WinAce for my zipping/unzipping needs, but the newer versions of Windows also have a zip program built-in.
3. Use an FTP client (FileZilla is a simple, free FTP client that I use for this site) to connect to your server and upload the Akismet folder to your WordPress plugins file. Plugins are stored in your /wp-content/plugins/ file. Make sure to upload the whole folder and not just the individual files to the main plugins folder.
4. Login to your WordPress Dashboard and click plugins in the upper right. This will list all of the plugins that are available for your blog to use.
5. Activate Akismet by clicking activate on the far right side of the plugin description.
6. Once it’s activated, you must enter your Akismet API Key, which is freely obtainable. Near the top of your dashboard, you should see a hyperlink message that reads, “Akismet is almost ready. You must enter your WordPress.com API key for it to work.“
7. Clicking the hyperlink will take you to your WordPress.com account. Your API key will be listed towards the bottom of the page. If you don’t have an account, there’s a link on the page that will allow you to create one for free.
8. Copy & Paste your API key in the Akismet Configuration screen and hit “update options.” If all goes well, you’ll get a congratulatory message and Akismet is setup.
9. Say goodbye to comment & trackback spam.

I’m eager to see how well this plugin works and would love to hear about your experiences with Akismet.

Have you ever wanted to turn your ugly, SEO-unfriendly blog URLs into URLs that make sense to humans and search engines? That was one of the first changes I made to this blog and it looks great. In this mini-tutorial, I’ll explain just that. The good part is, it takes less than two minutes!

Google parses (identifies) words in URLs separated by dashes, but not underscores or other dividing characters, thus helping it search your blog content much more accurately and efficiently. For those that might not understand what I mean, take a look at this example. Your URLs (posts, permalinks, pages, categories, etc) will go from looking like:

http://www.yourdomain.com/?p=123

to

http://www.yourdomain.com/title-of-your-post

To make this change:

1. Log-in to your WordPress Dashboard and click Settings.
2. Click Permalinks to access the permalink settings menu.
3. Under the Common Settings section, check the radio button labeled Custom.
4. Type “/%postname%” (without the quotes) in the box.
5. Voila! Pretty URLs.

This works for your posts, pages, and all content in your blog. There are MANY different ways you can stylize your permalinks and this guide is only meant to cover the basics. The WordPress Codex has a much more detailed guide on the subject and I highly reccomend you read it to.