Lessons: 15Length: 1.5 hours

Next lesson playing in 5 seconds

  • Overview
  • Transcript

2.1 WordPress Security Primer

Of paramount importance during the setup of a WordPress site is security. As we go through the steps of setting up a WordPress site, you’ll be putting a number of security measures in place. In order to best understand these measures, let’s first learn some of the ways sites can be vulnerable in this WordPress security primer.

2.1 WordPress Security Primer

Hey, I'm Kezz Bracey for Tuts+, welcome to the WordPress Secure Setup Guide. Now before we get stuck in, I just wanna run you through some of the basics of considering security with WordPress, and we're not gonna get into too many of the specifics. Because the exact way that hackers and the spammers might attack your site can get pretty technical. So all we're trying to do here is just look at the essentials of how WordPress works, so you can sort of visualize the potential points of vulnerability in the system. Then, as we're going through and putting security measures in place, you'll understand a bit more about why we're doing what we're doing and how it's helping to protect your site. To start with, you need to have kind of a basic understanding of the parts that make up WordPress, so very broadly there's two key areas that you have. You've got the database, which holds all of the data related to your site, and then you've got all of the files that make up the same. Through the files that make up WordPress, changes are made to the database. You'll set up a database as part of your installation process, but after that you won't directly change it yourself. All of the changes to your database are done through the files that make up WordPress. Let's drill down into a little bit more detail on what those files are. Once again, very broadly the files that make up a WordPress Installation are organized into two key areas. You have your content, which is essentially everything that can be changed and customized by you, and then you have WordPress Core. These core files are never changed by you, these are the files that drive your site and make everything run. Now let's take a closer look at the kind of files that can make up the content of WordPress. Broadly speaking, your content files will be made up of themes, which are used to control the presentation of your site, plugins, which you use to extend the functionality of your site, and uploads, which are files that you upload, typically images that are used to illustrate your posts and pages. Then, what about the kind of files that make up your Wordpress Core? Well, the answer is there are a lot of files that make up Wordpress Core, and they do a huge number of different things to keep your site running. But from your perspective the most important part of Wordpress Core Is the admin area, because through the admin area, you'll interact more with other WordPress core files which will in turn convey your changes to the database. And what you're looking at now, is pretty much a map of how WordPress functions. But we're also looking, at is a rough map of the points that hackers and spammers try to attack in order to compromise your site. So they might try to directly attack the database and get straight at the data that's stored in there. They might try to get into your admin area, give themselves full privileges and make changes that you obviously don't want made to your site. They might attack WordPress core files themselves or they might attack theme and plug in files. And as far as theme and plug in files go, attackers might try to directly modify the files of an existing theme or plugin or use holes in the existing themes or plugins to get at your site or they might actually card their own theme and plugins. Or modify themes and plugins so that exploits are built into them. So even though you can get into a lot of technical detail when you're looking at the different ways that attackers can take shots at your site. These are the key things to think about securing That's important to understand that there is no such thing as 100% security. What you try to do is reduce the risk to your site to the greatest degree possible. You can compare this to the fact that there's no way to have a car that's impossible to steal. But you still make sure that you lucky doors so as we move through the early stages of set up we're going to be going through had to lock the doors of your Word Press site. So coming up next we're going to start the installation process and we'll be beginning with getting all of what presses files up on to your web host so see you in the next lesson.

Back to the top