WordPress, Security

No Comments »

Security is a huge buzz word on the internet because of the many threats to privacy that exist in the online world. Here are a few things you can do to protect your privacy when you use WordPress. This list is by no means complete or exhaustive, just a few basic ideas. If you need serious privacy protection….well, you probably shouldn’t be building any website, much less a blog.

• Change your admin password frequently. Make it something unique and hard to guess.
• If you create an email address for posting, make it very unique and very long, containing no actual dictionary words, and an ugly combination of numerals and letters. You don’t have to remember it — just make an entry in your email address book for it.
• IMMEDIATELY upon installation, disable the Ping-O-Matic option in Options -> Privacy or Options -> Writing -> Update Services. There is an option during installation to disallow search engines from your site. This disables the ping function. Say yes! You can always change it later when and if you want to use Ping-O-Matic or other update services.
• Make changes to your theme, .htaccess and plugin files on your local computer, and upload them via FTP. Don’t allow WordPress to make changes for you. This isn’t really security against external attacks, but rather protection against user error. There is no “undo” button in WordPress after you hit the Update button.
• If you don’t have any authors or users on your blog besides yourself, go to Options -> General and disable the Membership settings (uncheck both boxes).
• If you permit comments on your site, visit Options -> Discussion and decide what security options you wish to enable.
• Enable the Akismet plugin. It’s well worth getting a free WordPress API key (takes a minute or two to sign up) for the spam protection you will receive.

This is just a quick overview of some very basic security measures. Comments and additional suggestions are welcome.

WordPress, How Tos, Security

No Comments »

During setup in the newer versions of WordPress, you are asked whether you want to let search engines see your blog, or just regular users. This is, IMHO, a very misleading question.

You might indeed want search engines to find your blog — after you get it set up completely. But not knowing the real meaning of this option, you say “yes” to search engines, and unbeknownst to you, WordPress is now going to notify Ping-O-Matic every single time you make a post to your blog! Yes, even your test posts and that silly “Hello World!” post (if you edit or update it).

Personally, my first assumption would be that the question about search engines would insert or leave out robots.txt tags, create or modify the robots.txt file, or something of that nature — since the robots.txt file and tags are directly related to search engines, and keeping them out or letting them in.

As a new blogger, or even moreso as someone setting up a content management system, the concept behind Ping-O-Matic (and update services in general) may be completely unknown. And furthermore, it has nothing to do (at least not directly) with search engines. So asking this question, in this manner, at set up is misleading to say the least.

This question should read “Do you want to automatically inform Ping-O-Matic of new posts to your blog? (If you choose YES, your site may be indexed immediately, even your test posts. You can change this option later in Options –> Privacy.)” since that is exactly what your answer to the question will determine. It should also tell you (or present a link to find out more) about pinging, and the actual results of setting this option to YES.

If you don’t want your new blog (and any test posts you make) immediately crawled by Yahoo! and other search engines, then say NO to this option during set up, or turn it off as soon as you get into Admin for the first time, before you blog about anything…or even update (edit) the Hello World! test post.