On the Developer Tutorials Blog today, there's a new post aimed at WordPress users to help them on the path to becoming "power users" with five tips.

If you're a wordpress power user, you'll inevitably have some questions about how you can improve your blog or add new features. Here are five tips that will make life easier for people wanting to maximize their use of Wordpress.

The list is:

• Quickly Find Page/Post ID
• Custom Front Page
• Password Protect Wordpress
• Protect from the 'Digg Efect' with HTML
• Stop Hackers

Each of them with their own explanations (and links to other resources detailing how they're done).

Ed Finkler, not normally a big fan of the WordPress PHP-based blogging system, has pointed out some positive steps that were made in the latest release in the security arena.

Anyone who gets me liquored up knows that I'm not a fan of Wordpress. I think it's great from a user (that is, the person writing the content) standpoint, but it has lagged behind severely in terms of security, and I don't believe its popularity is the sole reason WP has been the subject of dozens of vulnerability reports every year. That being said, the WP 2.5 release appears to offer significant improvements in a couple areas: password hashes and cookie data encryption.

He mentions two things in particular - their addition of salted passwords and secure cookies.

Jonathan Snook has posted a helpful trick for CakePHP users out there looking to secure sections of their site away from "normal users" and keep it only in the hands of the admins.

I just wanted to document this for easy future reference but if you don't want to hook up a complex user adminstration with authorization components, you can simply specify that the admin path be password protected in either your .htaccess file or in your httpd.conf.

This method is actually one of the built-in methods Apache has for restricting access (http authentication) that he's placed on his "/admin" directory. Call htpasswd to create the password file and you're all set to go.

DevShed is continuing their series on PHP security with this new tutorial focusing on the security surrounding user authentication.

So far we have covered security vulnerabilities that involve form data, databases and file systems. In this article we are going to look at authentication and the security issues around it. We will also look at some of the most common attacks in this field.

They start things off by describing two of the usual authentication methods - via a login form and through HTTP authentication. They start poking a few holes by looking at some of the common attacks for these approaches including two popular ones - brute force attacks and password sniffing.