WordPress

Notes‎ > ‎

Security

Mehrdad recommended

Main search

http://www.reddit.com/search?q=wordpress+security

Best practices

http://www.reddit.com/r/Wordpress/comments/pfc81/can_we_compile_a_best_practices_list_of_wp/

Website with the list of insecure plugins:

http://wpsecure.net

Download

http://wordpress.org/download/

Live Writer

Get Live Writer, the best free WYSIWIG WordPress editor (Windows only).

wp-config.php

// Uncomment to enable MultiSite, then Admin > Tools > Network

//define('WP_ALLOW_MULTISITE', true);

define('WP_HOME','http://your-website.com');

define('WP_SITEURL','http://your-website.com');

define('DB_NAME', 'wordpress');

define('DB_USER', 'root');

define('DB_PASSWORD', 'password');

define('DB_HOST', 'localhost');

WP-Cron

http://wordpress.org/support/topic/wordpress-and-crontab

For single Wordpress, create this daily Cron job

wget http://yourdomain.com/wp-cron.php?doing_wp_cron

Add to wp-config.php

define('DISABLE_WP_CRON', true);

Full article

http://blog.dreamdevil.com/index.php/2010/01/29/run-wordpress-tasks-from-real-cron-job/2/

Enable remote editing

Admin > Settings > Writing

Enable "Atom Publishing Protocol"
Enable "XML-RPC"
Click "Save Changes"

Use clean urls

Admin > Settings > Permalinks

Choose "Custom Structure"
/%postname%/
Click "Save Changes"

User permissions

Don't make everyone administrator.

Set appropriate permissions for every user

Administrator - Somebody who has access to all the administration features
Editor - Somebody who can publish and manage posts and pages as well as manage other users' posts, etc.
Author - Somebody who can publish and manage their own posts
Contributor - Somebody who can write and manage their posts but not publish them
Subscriber - Somebody who can only manage their profile

See

codex.wordpress.org/Roles_and_Capabilities

Scaling WordPress

Multiple slaves to load-balance database reads

http://weblogtoolscollection.com/archives/2010/03/27/scaling-wordpress-part-1-using-mysql-replication-and-hyperdb/

Comments