In discussing security, one topic always comes back to passwords – those problematic keys to your digital ‘houses’.

Key to security (sorry, couldn’t resist), passwords are a paradox – the best, most secure passwords are random and hard to remember, but then they make it hard to remember for the owner, too. In the end, a hard to guess password is TOO hard, and they have to be stored somewhere or written down (which makes them perfect for ‘social engineering’, otherwise known as snooping or dumpster diving). Once a scrap …

My earlier post on the generator metatag problem (which shows the WordPress version on the Internet) includes a simple solution – one line of code in your theme.

However, it’s not always the best solution:

If you move between themes a lot, keeping track of which ones are ‘leaking’ security info can be annoying.

Editing each of theme can add up as well.

If you don’t want to edit a theme (for instance, you are using ABTheme), then another solution would be better.

That other solution of course is to …

I’m going to let you in on a secret – if you are editing and reediting posts on your blog, you’re keeping revision copies of EVERY change you make!

For example, I often save a psot, then edit it later, and save again. Sometimes, I’ll make a change or two just because of spelling, and then save it.

I like saving – a lot – but every time I press that ‘Save’ button, I get a new copy of my article (to see them, go to the bottom of the …

I had a member ask about security, and a particular WordPress Security product…

For some time, members have had access to a free tool a WordPress security product – WordPress Secure, in the downloads section.

It works by locking the /wp-admin/ directory, and only allowing access for a single IP address. To first log in, you log into the monitoring program, which then remembers your IP for subsequent visits. And by protecting the Admin section, you’re protecting the area where most of the potential for trouble resides.

However, it …

Another feature of WordPress 2.6 is that the XML-RPC is turned OFF by default. Now, you have to turn XML-RPC or Atom ON for it to work (in WordPress 2.6, go to Admin’s Settings; Writing; Remote Publishing and check the protocols for ‘Atom’, ‘XML-RPC’, or both).

I’m of a mixed mind of this. On the one hand, a default ‘off’ is a great way to reduce abuses – most people don’t need it, so leaving it off prevents attacks.

XML-RPC (which stands for eXtensible Markup Language Remote Procedure …