WordCampTV

Brad Williams: WordPress Security

This movie requires Adobe Flash for playback.

Description

Brad Williams talks about how to keep your WordPress-powered website secure from hackers and exploits.

Slides from the presentation are available here.

Video Production by Arthur Cormon of TV McGill.

WordCamp Location

Montreal 2009

Event

Language

Producer

Speakers

Date

July 11, 2009

Tags

Categories

WordCampTV,

7 Responses to “Brad Williams: WordPress Security”

  1. Steve Says:
    August 13, 2009 at 6:01 am

    Great Talk

    sshing and chmod-ing files right now!

    Thanks a whole heap – very useful information!

  2. ilan Says:
    August 14, 2009 at 10:14 pm

    really great talk, thank you Brad for very important information about security.

  3. Nathan Youngman Says:
    August 20, 2009 at 3:06 am

    Lots of good suggestions that I intend to look into further. Thanks Brad.

    One glaring error in the wp-config.php stuff though. The file should really be in the directory above public_html/, not in public_html/ itself. If WordPress is installed directly in public_html/ then you’re all set.

    But if, like me, you’re using a folder like wordpress/ to organize things, you need WordPress to look 2 levels up. The simple solution is to modify wp-config.php with something like this: require_once(ABSPATH . ‘../../secret.php’); just before the require for wp-settings.php. Put secret.php above your public_html folder and move all the password stuff to there.

    • mugger Says:
      August 24, 2009 at 6:46 pm

      Nathan, would you mind fleshing that out a bit with a pseudo example?
      Thanks for dealing with the case of sub folder which WP seems to have neglected.

  4. Nathan Youngman Says:
    August 25, 2009 at 5:18 am

    @mugger I’ve been meaning to do a blog post about my particular setup. Actually I’m planning to setup a new blog on WordPress coding, just need to make the time to do it. When I do, I’ll post here again.

  5. Brad Says:
    September 15, 2009 at 1:08 pm

    Thanks for the kind words everybody! Actually the wp-config.php file can exist in one of two places by default: either the root WordPress directory or one level above that directory. WordPress will look in both spots before throwing an error.

  6. Nathan Youngman Says:
    September 16, 2009 at 3:59 am

    @mugger I’m prepping a base setup that can be readily cloned… http://hg.nathany.com/wp-base/src/ It has an my wp-config as well as secret-sample as a template for creating ../secret.php (up a level).
    An accompanying blog post should be up in a few days. Right now I’m waiting for DNS for vogsphere.org.

    I’d also like to review Brad’s video and get those suggestions into my base setup.

    @Brad Maybe something is different between our configs, but for me, ABSPATH points to the /wordpress/ folder inside public_html (webroot, htdocs, you get the idea ). WordPress looks in the ABSPATH folder and one directory up, which in my case is the public_html/wordpress/ folder and the public_html/ folder. Hence, my little workaround to drop a file two levels up from ABSPATH so its not inside public_html.

    If ABSPATH is defined differently for you, as the actual public_html/ folder, I’d sure like to understand what I’m doing differently.

Comments are closed.