Securing WordPress Against Those Nasty Hackers

Posted: July 5, 2010 in Uncategorized

I’m reading the most excellent book on WordPress called Smashing WordPress: Beyond the Blog (aff)

In it, there is a recommendation for
Securing Your WordPress Site

I figured this little trick was quick and easy and important to share. So here goes.

Taken from the book almost word for word:

In wp-config-sample.php, find the part about Secret Keys. This part will start with a commented information text titled “Authentication Unique Keys” followed by four lines (as of writing) where you’ll enter the Secret Keys.

This is a security function to help make your install more secure and less prone to hacking

You’ll only need to add these keys once, and while they can be entered manually and be whatever you like, there is an online generator (http://api.wordpress.org/secret-key/1.1/ ) courtesy of wordpress.org that gives you random strings with each load. 

Just copy the link (api.wordpress.org/secret-key/1.1/) to the generator from your wp-config-sample.php file and open it in your favorite Web browser. You’ll get a page containing code looking something like this:

defi ne(‘AUTH_KEY’, ‘PSmO59sFXB*XDwQ!<uj)h=vv#Kle’)dBE0M:0oBzj’V(qd0.nP2|BT~T$a(;6-&!’);
defi ne(‘SECURE_AUTH_KEY’, ‘o>p3K{TD.tJoM74.Oy5?B@=dF_lcmlB6jm6D|gXnlJ#Z4K,M>E;[ +,22O?Lnarb’);
defi ne(‘LOGGED_IN_KEY’, ‘c}gR{389F*IG@/V+hg1 45J*H+9i_^HaF;$q(S[5Er[:DVOUjmS@(20E~t0-C*II’);
defi ne(‘NONCE_KEY’, ‘gz2D:n52|5wRvh)es:8OO|O ufZL@C|G.-w/H-E*}K:ygp4wI*.QHO-mUV_PR|6M’);

Copy the contents from the generator page and replace the code shown below in wp-confi g-sample.php with them:

defi ne(‘AUTH_KEY’, ”);
defi ne(‘SECURE_AUTH_KEY’, ”);
defi ne(‘LOGGED_IN_KEY’, ”);
defi ne(‘NONCE_KEY’, ”);

By replacing the code above with the one from the generated page, you’ve made your install a little bit more secure from those nasty hackers

I thought this was a great titbit and perhaps I will share more from Smashing WordPress: Beyond the Blog (aff) but so far I would say it’s definitely worth the price.

 

Be the first to comment and share

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s