Your SlideShare is downloading. ×
0
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Word press security basics
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Word press security basics

2,295

Published on

June

June

Published in: Technology, Business
1 Comment
2 Likes
Statistics
Notes
  • Slide 5, 'Check your file permissions', /wp-admin/ has to be 755 on my host. Makes sense, for Folders, the Execute permission is what lets you read the list of files. The files within the folder should be 644. On my server, 640 you get no CSS or Javascript; 644 get proper behavior. Remember, if you are accessing the file via HTTP, without a server login (i.e. just the WordPress login), you are accessing the files as Public. See http://codex.wordpress.org/Changing_File_Permissions
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
2,295
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
16
Comments
1
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. WordPress Security Basics<br />East Bay WordPress Meetup 6/20/10<br />Sallie Goetsch<br />
  • 2. Wait! Isn’t WordPress Secure?<br />
  • 3. Secure Host<br />Dedicated Server<br />VPS<br />Reliable Shared Hosting (NOT Network Solutions). <br />“A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.” <br />Matt Mullenweg<br />
  • 4. Basics<br />Back Up!<br />Update WordPress<br />Update Plugins<br />
  • 5. Check Your File Permissions<br />
  • 6. Move wp-config.php<br />Up one directory (WP will look for it there automatically)<br />Best when you can move wp-config.php out of the public_html (or analagous) directory<br />Don’t do this with nested WP installs!<br />
  • 7. wp-config.php: Unique Keys<br />
  • 8. Username & Password<br />Never use “admin” for your admin account<br />Use a strong password<br />
  • 9. Database Table Name<br />Change from wp_ to something-else_ (or just choose something else to start with)<br />
  • 10. Bonus: .htaccess<br />(Only works for static IP addresses)<br />AuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to Whitelistallow from xxx.xxx.xxx.xxx<br />
  • 11. Plugins<br />AntiVirus for WP<br />Automatic WordPress Backup<br />Secure WordPress<br />ServerBuddy<br />Theme Authenticity Checker<br />WordPress DB Backup<br />WP Exploit Scanner<br />WordPress File Monitor <br />WordPress Firewall<br />WP Security Scan<br />
  • 12. AntiVirus<br />http://wpantivirus.com/<br />
  • 13. Automatic WordPress Backup<br />http://www.webdesigncompany.net/automatic-wordpress-backup/<br />
  • 14. Secure WordPress<br />http://wordpress.org/extend/plugins/secure-wordpress/<br />
  • 15. ServerBuddy<br />http://pluginbuddy.com/free-wordpress-plugins/serverbuddy/<br />
  • 16. Theme Authenticity Checker<br />http://builtbackwards.com/projects/tac/<br />
  • 17. WordPress Database Backup<br />http://austinmatzko.com/wordpress-plugins/wp-db-backup/<br />
  • 18. WordPress Exploit Scanner<br />http://ocaoimh.ie/exploit-scanner/<br />
  • 19. WordPress File Monitor<br />http://mattwalters.net/projects/wordpress-file-monitor/<br />
  • 20. WordPress Firewall<br />http://www.seoegghead.com/software/wordpress-firewall.seo<br />
  • 21. WordPress Firewall Notification<br />
  • 22. WordPress Security Scan<br />http://semperfiwebdesign.com/plugins/wp-security-scan/<br />
  • 23. http://www.meetup.com/Eastbay-WordPress-Meetup/<br />

×