WordPress Security: Get it or Lose It - DaytonWP January 2013 MeetUp

  • 65 views
Uploaded on

Nathan Driver will be breaking down WordPress security. …

Nathan Driver will be breaking down WordPress security.

In the presentation Nathan will be discussing everything from protecting file uploads to much needed plugins such as. Some of the topics will be:

- Stop the "wp_" database madness!
- Stop showing your version!
- Stop multiple attempts of logins!
- Back UP...ALWAYS!

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
65
On Slideshare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Nathan Driver WordPress Security
  • 2. Who Am I Media – Marketing - Geek @natedriver linkedin.com/in/ndriver nathandriver.com
  • 3. WP Security: 3 Sections Basic Settings PLUGINS Advanced Settings …and everything in between
  • 4. Basic Settings: Noob Starting with the basics
  • 5. WP Security: Basic Settings Stop using ADMIN Do not make easy for hackers to ‘guess’ your username Change the table prefix It Is NOT that difficult
  • 6. WP Security: Basic Settings DON’T MAKE IT EASY
  • 7. WP Security: Basic Settings
  • 8. WP Security: Basic Settings • • • • • • • • • • • • • • A strong password: has at least 15 characters; has uppercase letters; has lowercase letters; has numbers; has symbols, such as ` ! " ? $ ? % ^ & * ( ) _ - + = { [ } ] : ; @ ' ~ # | < , > . ? / is not like your previous passwords; is not your name; is not your login; is not your friend’s name; is not your family member’s name; is not a dictionary word; is not a common name; is not a keyboard pattern, such as qwerty, asdfghjkl, or 12345678.
  • 9. WP Security: Basic Settings UPDATE – UPDATE - UPDATE You see it – do something about it!
  • 10. Plugins: Help Yourself They’re there to help make your life easier
  • 11. WP Security: Plugins BACKUP – BACKUP - BACKUP VaultPress http://vaultpress.com
  • 12. WP Security: Plugins Brute Force Limit Login Attempts: http://wordpress.org/extend/plugins/li mit-login-attempts/
  • 13. WP Security: Plugins WP Security Scan: 1. Passwords 2. File Permissions 3. Database security 4. Version hiding 5. WordPress admin protection/security 6. Removes WP Generator META tag from core code
  • 14. WP Security: Plugins Better WP Security • • • • • • • • • • • • Remove the meta “Generator” tag Change the urls for WordPress dashboard including login, admin, and more Completely turn off the ability to login for a given time period (away mode) Remove theme, plugin, and core update notifications from users who do not have permission to update them Remove Windows Live Write header information Remove RSD header information Rename “admin” account Change the ID on the user with ID 1 Change the WordPress database table prefix Change wp-content path Removes login error messages Display a random version number to non administrative users anywhere version is used
  • 15. Advanced: Watch Yourself Behind the scenes
  • 16. WP Security: Advanced Settings phpMyAdmin -> Database -> …users
  • 17. WP Security: Advanced Settings Alternative steps: •Create a new user •Give them admin rights •Log out •Log in under new user •Delete “admin” account
  • 18. WP Security: Advanced Settings Folder Permissions • All directories should be 755 or 750. • All files should be 644 or 640. Exception: wpconfig.php should be 600 to prevent other users on the server from reading it. • No directories should ever be given 777, even upload directories. Since the php process is running as the owner of the files, it gets the owners permissions and can write to even a 755 directory.
  • 19. WP Security: Advanced Settings Get rid of WordPress version This can be found • Header.php {header meta} • Readme.html file Fix by placing either one in the functions of your theme •remove_action(‘wp_head’,’wp_generator’); •function remove_wp_version() { return ‘’; }
  • 20. Get It or Lose It Nathan Driver Media – Marketing – Geek @natedriver www.nathandriver.com WordPress Security: