Comments on: Brad Williams: WordPress Security http://wordpress.tv/2009/07/11/brad-williams-security-montreal09/ Engage Yourself with WordPress.tv Sat, 01 Oct 2011 10:49:27 +0000 hourly 1 http://wordpress.com/ By: Nathan Youngman http://wordpress.tv/2009/07/11/brad-williams-security-montreal09/#comment-5158 Wed, 16 Sep 2009 03:59:02 +0000 http://wordpress.tv/?p=2236#comment-5158 @mugger I’m prepping a base setup that can be readily cloned… http://hg.nathany.com/wp-base/src/ It has an my wp-config as well as secret-sample as a template for creating ../secret.php (up a level).
An accompanying blog post should be up in a few days. Right now I’m waiting for DNS for vogsphere.org.

I’d also like to review Brad’s video and get those suggestions into my base setup.

@Brad Maybe something is different between our configs, but for me, ABSPATH points to the /wordpress/ folder inside public_html (webroot, htdocs, you get the idea ). WordPress looks in the ABSPATH folder and one directory up, which in my case is the public_html/wordpress/ folder and the public_html/ folder. Hence, my little workaround to drop a file two levels up from ABSPATH so its not inside public_html.

If ABSPATH is defined differently for you, as the actual public_html/ folder, I’d sure like to understand what I’m doing differently.

]]> By: Brad http://wordpress.tv/2009/07/11/brad-williams-security-montreal09/#comment-5143 Tue, 15 Sep 2009 13:08:21 +0000 http://wordpress.tv/?p=2236#comment-5143 Thanks for the kind words everybody! Actually the wp-config.php file can exist in one of two places by default: either the root WordPress directory or one level above that directory. WordPress will look in both spots before throwing an error.

]]> By: Nathan Youngman http://wordpress.tv/2009/07/11/brad-williams-security-montreal09/#comment-4692 Tue, 25 Aug 2009 05:18:29 +0000 http://wordpress.tv/?p=2236#comment-4692 @mugger I’ve been meaning to do a blog post about my particular setup. Actually I’m planning to setup a new blog on WordPress coding, just need to make the time to do it. When I do, I’ll post here again.

]]> By: mugger http://wordpress.tv/2009/07/11/brad-williams-security-montreal09/#comment-4684 Mon, 24 Aug 2009 18:46:38 +0000 http://wordpress.tv/?p=2236#comment-4684 Nathan, would you mind fleshing that out a bit with a pseudo example?
Thanks for dealing with the case of sub folder which WP seems to have neglected.

]]> By: Nathan Youngman http://wordpress.tv/2009/07/11/brad-williams-security-montreal09/#comment-4571 Thu, 20 Aug 2009 03:06:31 +0000 http://wordpress.tv/?p=2236#comment-4571 Lots of good suggestions that I intend to look into further. Thanks Brad.

One glaring error in the wp-config.php stuff though. The file should really be in the directory above public_html/, not in public_html/ itself. If WordPress is installed directly in public_html/ then you’re all set.

But if, like me, you’re using a folder like wordpress/ to organize things, you need WordPress to look 2 levels up. The simple solution is to modify wp-config.php with something like this: require_once(ABSPATH . ‘../../secret.php’); just before the require for wp-settings.php. Put secret.php above your public_html folder and move all the password stuff to there.

]]> By: ilan http://wordpress.tv/2009/07/11/brad-williams-security-montreal09/#comment-4371 Fri, 14 Aug 2009 22:14:47 +0000 http://wordpress.tv/?p=2236#comment-4371 really great talk, thank you Brad for very important information about security.

]]> By: Steve http://wordpress.tv/2009/07/11/brad-williams-security-montreal09/#comment-4326 Thu, 13 Aug 2009 06:01:19 +0000 http://wordpress.tv/?p=2236#comment-4326 Great Talk

sshing and chmod-ing files right now!

Thanks a whole heap – very useful information!

]]>