13 Jan
Posted by Lee Coursey as CMS & Software, WordPress
OK, so I’ve done a couple of installs of WordPress Mu (WPMU) at this point. The most popular one thus far has to be LCHSTeachers.com, and it’s growing pretty well with my wife at the helm. There is a clear audience and a clear user base.
Today I’ll be writing about how to ensure a safe fresh install of WPMU. This assumes that you know how to configure a wordpress installation and that you’re comfortable with the creation of new databases through whatever hosting service you use. I’m going to be focusing less on technical how-to’s, and more on pointing you to the resources and configurations that work best to secure your site.
Ideally, we’re starting fresh after a clean install of WordPress Mu (currently ver 2.6.5) and ready to upload plugins and change settings.
Part 1 – Secure Registrations
Let’s face it, if you’re reading this, you’re probably not about to break virtual ground on the next edublogs.com or talkislam.com or other major blog site. You’re probably wanting to start one for a family, group of students, small corporate site, special interest group, or local school. For this reason we need to understand that our user base is a known quantity. It is a group of people – a finite number of users – if you will. This means that it will probably be within your or your fellow admin helpers ability to authorize individual blogs.
Currently, on LCHSTeachers.com, because we have someone “on the inside” and we only want those people who are known to them to be able to access it, we simply have registration disabled and comments turned off. Anyone who wants a new blog on the sites has to request one. If this is a feasible concept for your install, then I recommend it. It will save you tons of spam fighting and comment heartache.
The second best solution is to use wp-reCAPTCHA and Moderate New Blogs together. This creates an environment where you cut down as much spam registration as possible with a CAPTCHA application, and simultaneously reinforce it with a “click-to-activate” option for all new blogs created from the admin area. You’re going to (I hope) get an email every time a new blog is created anyway, now you can choose who is and is not activated by going to Site Admin -> Blogs.
Beyond that, the minimum I would use is the wp-reCAPTCHA plugin by itself.
Part 2 Will Be: New Blog Settings
2 Responses
Beginner’s Guide To A Secure Install Of Wordpress Mu (WPMU) Part 2 | leecoursey.net Dev Blog
January 13th, 2009 at 6:16 pm
1[...] If you haven’t already, then check out Part 1. [...]
NotaExpoxia
June 3rd, 2009 at 6:45 pm
2Sweet blog. I never know what I am going to come across next. I think you should do more posting as you have some pretty intelligent stuff to say.
I’ll be watching you .
RSS feed for comments on this post · TrackBack URI
Leave a reply
Donate To Hosting
Daily Reads
Identity
Personal
Resources
Tools
Tags
Archives