Basics for Securing WordPress – WordCamp Victoria 2011 Talk

This past weekend John and I took the ferry over to Victoria to participate in WordCamp Victoria. I was slated to speak as a part of a blogger panel with Lorraine Murphy and Mike Vardy, as well as give a talk about securing WordPress (for beginners, just the basics). While no voice-over commentary is included, you can view my slides here:

During my session there was a question from Twitter about plugins and that since they are third party applications, they should not be trusted.

My response was that you can’t fear all plugins, but you can look out for the most effective and least damaging. Look for the version number and the date it was last edited. If a plugin was submitted yesterday and has no feedback, it may not be the best idea to install it. You want trusted plugins that have been updated, reviewed, and that work with your version of WordPress. Also, always install plugins from the WordPress directory and not third party websites.

As you can see form Lloyd’s response (he works with Automattic), plugins added to the official directory are vetted for malicious code. I would also add that the community is pretty good at policing plugins as well. If something’s not working, you’ll hear about it in the feedback, comments, and probably even on Twitter.

Should you have any questions about the basics of securing WordPress, please feel free to drop a note in the comments.

Finally, having organized WordCamp Whistler and WordCamp Vancouver before, we can appreciate all of the time and effort organizers put into these events and I must say, WordCamp Victoria was pretty stellar. Over 175 people showed up to participate, present, ask questions, and have stimulating discussions in the coffee room. Lunch was provided and Twitter was abuzz with backchannel chatter. Kudos to Paul Holmes and his team on another successful event.

Posted in Tips, WordCamp, wordpress and tagged , , , , , .