Tag Archives: WordPress Database Backup

June 2010 Handout: WordPress Security Basics

Things change rapidly in the WordPress world. The content in this post is more than a year old and may no longer represent best practices.

Sources for the Presentation

Sallie’s Security Bookmarks (updated regularly)

Protecting WordPress from the Inside Out (a brilliant presentation by Syed Balkhi)

Hardening WordPress (the original Codex article)

WordPress Security Presentation by Brad Williams (from WordCamp Montreal 2009)

Top 5 WordPress Security Tips You Probably Don’t Follow (WordPress Tavern Guest Post)

Keeping Your Self-Hosted WordPress Blog Secure (by Marcelo Lewin)

How to Improve Basic Security on a Fresh WordPress Install (Weblog Tools Collection)

More Plugins for Securing Your WordPress Install (Weblog Tools Collection)

WordPress Security Monitoring and Diagnosis (Weblog Tools Collection)

Latest WordPress Hacks: It’s Your Responsibility (Mark.Watero.us)

Security Plugins

AntiVirus (An A-V program just for WordPress)

Automatic WordPress Backup (Backs your WP files and DB to Amazon S3)

Secure WordPress (Conflicts with WordPress Firewall)

ServerBuddy by PluginBuddy (Checks for security flaws and plugin compatibility)

Theme Authenticity Checker (Checks for spam links in your themes)

WordPress Database Backup (Scheduled or manual backups of your WP database)

WordPress Exploit Scanner (Checks for signs that you’ve been hacked. Results can be confusing to non-geeks)

WordPress File Monitor (E-mails you every time a file has been changed)

WordPress Firewall (Blocks suspected attacks; conflicts with Secure WordPress)

WordPress Security Scan (Scans for file permissions; lets you change WP table prefix)

June 2010 Meetup Slides: WordPress Security Basics

Things change rapidly in the WordPress world. The content in this post is more than a year old and may no longer represent best practices.

Meetup Members’ Plugin Picks (June 2009 and Feb 2010)

Things change rapidly in the WordPress world. The content in this post is more than a year old and may no longer represent best practices.

Somehow the June Meetup notes with favorite plugins never got posted. There was another request for plugin recommendations in February. Here are two lists with some plugin suggestions from the two events.

June 2009

  • Google Analyticator for inserting your Google Analytics tracking code. It knows not to count your own visits if you’re logged in as administrator. (Still compatible with 2.9.2)
  • Calendar lets you insert a calendar for appointments using a shortcode. (Compatible up to 2.8; may or may not work with 2.9)
  • Bad Behavior helps keep out the spambots (and other malicious bots). (Compatible up to 2.9.2)
  • Contact Form 7 lets you build contact forms easily and insert them into posts and pages with a shortcode. Includes Akismet integration and captcha to keep you from getting overloaded with spam forms. (Compatible up to 2.9.2)
  • FormBuilder is the plugin you want when you need forms beyond what Contact Form 7 can create. (Compatible up to 2.9.2)
  • YSlow is a plugin for Firefox, not WordPress, and it’s actually an addition to the Firebug plugin, but you’re going to want both of them if you do any site development. They’ll help you figure out why your site (or someone else’s) is running slowly, and how to fix it.
  • All in One SEO Pack is still a favorite, though our SEO expert prefers Headspace 2 (see below). (Compatible up to 2.9.2)
  • Google XML Sitemaps makes it easier for Google to index your site. (Compatible up to 2.9.2)
  • Shopp is a commercial (meaning you have to pay for it) e-commerce plugin to integrate a shopping cart and payment gateways into your WordPress installation. Many people prefer it to the free WP e-Commerce, which nevertheless has lots of features. (Both compatible up to 2.9.2)
  • WP Super Cache can help speed up your site and protect it from a sudden rush of visitors. (Compatible up to 2.9.2.)
  • WP Widget Cache does the same thing for your widgets. (Compatible up to 2.8.1)
  • WP Limit Posts Automatically gives you more control over where to use excerpts and how long they should be. (Compatible up to 2.3; I’d be surprised if it worked with 2.9, but you can always try.)
  • WordPress Mobile Edition automatically creates a mobile-friendly version of your site for smartphones. Last updated in June 2009 and largely superseded by other plugins; see my post on mobile plugins.

February 2010

  • Akismet. This goes without saying, or should, and comes installed with WordPress. Just don’t forget to activate it. (Compatible up to 2.9.2)
  • Broken Link Checker monitors your blog for broken links. (Compatible up to 3.0 alpha.)
  • Headspace2 SEO has even more features than All in One. (Officially compatible up to 2.8.1, but works with later versions.)
  • Redirection is a lifesaver when 404 errors pop up or when you have to send someone from an old blog installation to a new one. (Compatible up to 2.9.2)
  • Search Unleashed. Everyone knows the search engine is the worst feature of WordPress. This plugin helps. (Compatible up to 2.9.2)
  • WordPress Database Backup is the first backup plugin I ever used and a good, solid, reliable one. I actually made a donation to the developer. On the other hand, it only backs up the database.
  • pageMash lets you arrange your static pages easily by dragging and dropping them. You can even hide pages. The new menu system in WP 3.0 might make it obsolete. (Officially compatible up to 2.7.1, but I’ve been using it on 2.9.2 with no troubles.)
  • Display Widgets lets you create custom sidebars for each page without having to create multiple sidebar.php files and multiple page templates. Amazing! (Compatible up to 2.9.2)
  • AnyFont lets you upload fonts and use them for headers. (It converts the text to images.) Not suitable for long blocks of text, but nice for those with typographic leanings, at least until CSS 3 is widely supported. (Compatible up to 2.9.2)
  • BackupBuddy is a new commercial plugin. It doesn’t yet work on all web hosts, but when it works, it’s amazing. Read my review here. (Compatible up to 2.9.2; requires PHP5; new builds at least once a week.)

Pete Mall, a WordPress core developer, has volunteered to speak to the Meetup about plugin development. Stay tuned for details.

Postscript 3/27/10

Two things I forgot to mention. One is the new Plugin Picks series from the WordCast Network, where Dave and Kym discuss a different plugin each Monday and Wednesday. Another is the Find Replace plugin, which sounds like a candidate for the Most Valuable list, though I haven’t tried it yet.