Nathan Driver

WordPress Security
Who Am I
Media – Marketing - Geek

@natedriver
linkedin.com/in/ndriver
nathandriver.com
WP Security: 3 Sections

Basic
Settings

PLUGINS

Advanced
Settings

…and everything in between
Basic Settings:
Noob

Starting with the basics
WP Security: Basic Settings
Stop using ADMIN
Do not make easy for hackers to
‘guess’ your username

Change the table prefi...
WP Security: Basic Settings
DON’T
MAKE
IT
EASY
WP Security: Basic Settings
WP Security: Basic Settings
•
•
•
•
•
•
•
•
•
•
•
•
•
•

A strong password:
has at least 15 characters;
has uppercase lett...
WP Security: Basic Settings

UPDATE – UPDATE - UPDATE

You see it – do something about it!
Plugins: Help Yourself

They’re there to help make your life easier
WP Security: Plugins

BACKUP – BACKUP - BACKUP
VaultPress

http://vaultpress.com
WP Security: Plugins

Brute Force
Limit Login Attempts:
http://wordpress.org/extend/plugins/li
mit-login-attempts/
WP Security: Plugins

WP Security Scan:
1. Passwords
2. File Permissions
3. Database security
4. Version hiding
5. WordPre...
WP Security: Plugins

Better WP Security
•
•
•
•
•
•
•
•
•
•
•
•

Remove the meta “Generator” tag
Change the urls for Word...
Advanced: Watch Yourself

Behind the scenes
WP Security: Advanced Settings

phpMyAdmin -> Database -> …users
WP Security: Advanced Settings

Alternative steps:
•Create a new user
•Give them admin rights
•Log out
•Log in under new u...
WP Security: Advanced Settings

Folder Permissions
• All directories should be 755 or 750.
• All files should be 644 or 64...
WP Security: Advanced Settings
Get rid of WordPress version

This can be found
• Header.php {header meta}
• Readme.html fi...
Get It or Lose It
Nathan Driver
Media – Marketing – Geek
@natedriver
www.nathandriver.com

WordPress Security:
Upcoming SlideShare
Loading in …5
×

WordPress Security: Get it or Lose It - DaytonWP January 2013 MeetUp

817
-1

Published on

Nathan Driver will be breaking down WordPress security.

In the presentation Nathan will be discussing everything from protecting file uploads to much needed plugins such as. Some of the topics will be:

- Stop the "wp_" database madness!
- Stop showing your version!
- Stop multiple attempts of logins!
- Back UP...ALWAYS!

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
817
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

WordPress Security: Get it or Lose It - DaytonWP January 2013 MeetUp

  1. 1. Nathan Driver WordPress Security
  2. 2. Who Am I Media – Marketing - Geek @natedriver linkedin.com/in/ndriver nathandriver.com
  3. 3. WP Security: 3 Sections Basic Settings PLUGINS Advanced Settings …and everything in between
  4. 4. Basic Settings: Noob Starting with the basics
  5. 5. WP Security: Basic Settings Stop using ADMIN Do not make easy for hackers to ‘guess’ your username Change the table prefix It Is NOT that difficult
  6. 6. WP Security: Basic Settings DON’T MAKE IT EASY
  7. 7. WP Security: Basic Settings
  8. 8. WP Security: Basic Settings • • • • • • • • • • • • • • A strong password: has at least 15 characters; has uppercase letters; has lowercase letters; has numbers; has symbols, such as ` ! " ? $ ? % ^ & * ( ) _ - + = { [ } ] : ; @ ' ~ # | < , > . ? / is not like your previous passwords; is not your name; is not your login; is not your friend’s name; is not your family member’s name; is not a dictionary word; is not a common name; is not a keyboard pattern, such as qwerty, asdfghjkl, or 12345678.
  9. 9. WP Security: Basic Settings UPDATE – UPDATE - UPDATE You see it – do something about it!
  10. 10. Plugins: Help Yourself They’re there to help make your life easier
  11. 11. WP Security: Plugins BACKUP – BACKUP - BACKUP VaultPress http://vaultpress.com
  12. 12. WP Security: Plugins Brute Force Limit Login Attempts: http://wordpress.org/extend/plugins/li mit-login-attempts/
  13. 13. WP Security: Plugins WP Security Scan: 1. Passwords 2. File Permissions 3. Database security 4. Version hiding 5. WordPress admin protection/security 6. Removes WP Generator META tag from core code
  14. 14. WP Security: Plugins Better WP Security • • • • • • • • • • • • Remove the meta “Generator” tag Change the urls for WordPress dashboard including login, admin, and more Completely turn off the ability to login for a given time period (away mode) Remove theme, plugin, and core update notifications from users who do not have permission to update them Remove Windows Live Write header information Remove RSD header information Rename “admin” account Change the ID on the user with ID 1 Change the WordPress database table prefix Change wp-content path Removes login error messages Display a random version number to non administrative users anywhere version is used
  15. 15. Advanced: Watch Yourself Behind the scenes
  16. 16. WP Security: Advanced Settings phpMyAdmin -> Database -> …users
  17. 17. WP Security: Advanced Settings Alternative steps: •Create a new user •Give them admin rights •Log out •Log in under new user •Delete “admin” account
  18. 18. WP Security: Advanced Settings Folder Permissions • All directories should be 755 or 750. • All files should be 644 or 640. Exception: wpconfig.php should be 600 to prevent other users on the server from reading it. • No directories should ever be given 777, even upload directories. Since the php process is running as the owner of the files, it gets the owners permissions and can write to even a 755 directory.
  19. 19. WP Security: Advanced Settings Get rid of WordPress version This can be found • Header.php {header meta} • Readme.html file Fix by placing either one in the functions of your theme •remove_action(‘wp_head’,’wp_generator’); •function remove_wp_version() { return ‘’; }
  20. 20. Get It or Lose It Nathan Driver Media – Marketing – Geek @natedriver www.nathandriver.com WordPress Security:
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×