• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Nile Flores Media

Helping You Rock Out Your Website Like A Rockstar

  • Home
  • About
  • Blog
  • Portfolio
  • Hire Me
  • Resources
  • Contact
  • Blogging
  • WordPress
  • Social Media
  • SEO
  • Web Design
  • News
  • Podcast
You are here: Home » SEO » On WordPress Security Straight From Matt

On WordPress Security Straight From Matt

By Nile Flores 6 Comments


A couple months ago at WordCamp Chicago 2009, Matt Mullenweg had been asked by Dan Schulz on how to make WordPress more secure. Finally what he has said has been written in more detail at WordPress.org in the article How to Keep WordPress Secure.

From the getgo, I had known that the primary way was to keep your WordPress version up-to-date. As a small webhost with Host Solutions, I had seen time and time again hacked versions of WordPress and normal installations. I found that more hacked versions were easily being infiltrated by spammers and the resources used were much higher.

Of course, you could always adjust your .htacess file and “harden” your WordPress installation, but having an up-to-date version allows you to replace any bugs that were found in previous versions right away. I have also found that some users who have hacked their WordPress version so badly have a bit of a hard time tweaking their WordPress to try to upgrade their version.

I did this when I started out using b2. When I went to switchover to WordPress, I had a rough time and had to rely on a fresh Fantastico install of it instead. My version was not only so badly altered, but I was doing more harm to my server.

Like Matt Mullenweg said:

“Upgrading is a known quantity of work, and one that the WordPress community has tried its darndest to make as easy as possible with one-click upgrades. Fixing a hacked blog, on the other hand, is quite hard. Upgrading is taking your vitamins; fixing a hack is open heart surgery. (This is true of cost, as well.)”

If you use a hacked version, carefully follow the upgrade notations made to make sure you do not miss any important areas that could leave your website exposed. A lot of the upgrade notations can be found in the developer documents section of the WordPress Codex or even more specifically the WordPress Trac.

Is your WordPress up-to-date on its version? Do you have a manual install or an automatic install like Fantastico? If you have a hacked version of WordPress, have you ran into any problems?


Filed Under: SEO Tagged With: wordpress

About Nile Flores

Nile is a 43-year old female from the greater St. Louis (Southern Illinois side) area. Nile is a mother of 1 son. She is also a web designer and developer, a graphic designer, and a public speaker, who exclusively designs and develops using WordPress. She also blogs at GoDaddy's Blog, Verpex Hosting's blog and her very personal sites, Pixelled and Nail Polish Happy.




Related posts:

No related posts.

Reader Interactions

Comments

  1. Dan Schulz says

    September 11, 2009 at 4:58 am

    Hi Nile,

    My question wasn’t so much as to how people can make WordPress more secure as it was what the developers were going to do to improve the Web application’s security.

    The main problem I have with WordPress is the fact that there are so many files making calls to each other (Whiskey Tango Foxtrot? What’s the deal? Does EVERY file that’s seemingly more than 10 lines longer need to call another file? Over?) that they’re just ASKING to be bent over the table and given the Hitler Special in the movie “Little Nicky”.

    Let’s think about this for a second. ANY script you can get to execute within WordPress can instantly create its own database login separate from the mechanism/library that WordPress uses since the system declares its connection information as DEFINES. Using a secure method and not having so many files calling each other via includes and various needless function calls can eliminate this. Using PDO (PHP Data Objects) can prevent this — and should be used instead of the nonsense that’s infested the WP core like the cancer it really is.

    I mean come on, there’s a REASON why WordPress won last year’s Pwnie for Mass 0wnage: http://pwnie-awards.org/2008/awards.html#mass0wnage — the underlying PHP code is so fundamentally flawed that they NEED to throw it out and start all over again from scratch. Otherwise WordPress will remain the Firefox of open source publishing systems — and I don’t mean that as a compliment.

    This is a Web app that managed to beat phpBB as the most insecure Web script on the Internet — and that took a LOT of work. Don’t get me wrong. I love WordPress. I use it – a lot. Not just on my own sites but also my clients’ sites as well. But the WordPress developers need to really brush up on their security skills, throw out the current vomited train wreck of PHP code that makes up WordPress, and start over from scratch. The developers of phpBB did it, why can’t we?

    (And please, don’t give me any of the “well it’s open source” nonsense — so is phpBB3. Didn’t stop them.)

    Reply
    • Nile says

      September 11, 2009 at 12:46 pm

      I do not even touch phpBB products… it is like asking me to design for someone using Greymatter or CuteNews. That is not happening at all. Still not impressed and have seen some pretty hair raising infiltrations from the backend side of my server.

      There will be flaws in any platform out there. However, yes WordPress is open source and my suggestion is to keep pressing any fixes to the code to Automattic to look over. It is great that you want to see the product improved, and I always do myself. The outcome could be the next WordPress if everything is done well.

      I would not mind seeing that project and would find a way to beta that baby on one of my websites (I have too many…lol)

      Even if WordPress is put back on the revamp table and redone from top to bottom, you will still eventually run into security issues. I do agree first there should be some coding revamp for this so we do not have to run into a lot of security based patches. How many have we run into for 2009 – 2 or 3 between the official version releases?

      Reply
  2. Stu says

    September 14, 2009 at 7:41 pm

    Does anyone know what the process is to ensure that any new plugins or modules are free from vulnerabilities? Is this something that WordPress would check? You would think, how about plugins developed outside of WordPress?

    Reply
  3. Atikur Rahman says

    July 17, 2014 at 6:32 pm

    WordPress Security Straight From Matt is very emprotent
    Well, i think donation is a good idea, in that case earning is depend on your work, if you work hard then you earn best….

    Reply

Trackbacks

  1. Nile Flores (blondishnet) 's status on Wednesday, 09-Sep-09 09:51:36 UTC - Identi.ca says:
    September 9, 2009 at 3:51 am

    […] On WordPress Security Straight From Matt http://blondish.net/on-wordpress-security-straight-from-matt/ […]

    Reply
  2. blondishnet (Nile Flores) says:
    September 9, 2009 at 4:16 am

    FriendFeed Comment


    On WordPress Security Straight From Matt – [link to post] http://friendfeed.com/e/b1b07817-65b9-4ee1-be7b-2b7360797cc4

    – Posted using Chat Catcher

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Follow Me On:

  • Facebook
  • Instagram
  • LinkedIn
  • Twitter
  • YouTube

Get The Latest WordPress & Blogging Tips

Sign up for my newsletter, and also get my free ebook on 10 Reasons Why Your Website Isn't Converting, and How to Fix it!




Try to be More Positive on Social Media

Note: You can click on image and view the video in a larger lightbox window.

Footer

The Blog

Lots of free information, tutorials, and more to help you bring your best foot forward with your website.

  • Blogging
  • WordPress
  • Social Media
  • SEO
  • Web Design

Get The Latest WordPress & Blogging Tips

Sign up for my newsletter, and also get my free ebook on 10 Reasons Why Your Website Isn't Converting, and How to Fix it!

Copyright © 2025 · · WordPress