0
WordPress Security Basics<br />East Bay WordPress Meetup 6/20/10<br />Sallie Goetsch<br />
Wait! Isn’t WordPress Secure?<br />
Secure Host<br />Dedicated Server<br />VPS<br />Reliable Shared Hosting (NOT Network Solutions). <br />“A properly configu...
Basics<br />Back Up!<br />Update WordPress<br />Update Plugins<br />
Check Your File Permissions<br />
Move wp-config.php<br />Up one directory (WP will look for it there automatically)<br />Best when you can move wp-config.p...
wp-config.php: Unique Keys<br />
Username & Password<br />Never use “admin” for your admin account<br />Use a strong password<br />
Database Table Name<br />Change from wp_ to something-else_ (or just choose something else to start with)<br />
Bonus: .htaccess<br />(Only works for static IP addresses)<br />AuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Acc...
Plugins<br />AntiVirus for WP<br />Automatic WordPress Backup<br />Secure WordPress<br />ServerBuddy<br />Theme  Authentic...
AntiVirus<br />http://wpantivirus.com/<br />
Automatic WordPress Backup<br />http://www.webdesigncompany.net/automatic-wordpress-backup/<br />
Secure WordPress<br />http://wordpress.org/extend/plugins/secure-wordpress/<br />
ServerBuddy<br />http://pluginbuddy.com/free-wordpress-plugins/serverbuddy/<br />
Theme Authenticity Checker<br />http://builtbackwards.com/projects/tac/<br />
WordPress Database Backup<br />http://austinmatzko.com/wordpress-plugins/wp-db-backup/<br />
WordPress Exploit Scanner<br />http://ocaoimh.ie/exploit-scanner/<br />
WordPress File Monitor<br />http://mattwalters.net/projects/wordpress-file-monitor/<br />
WordPress Firewall<br />http://www.seoegghead.com/software/wordpress-firewall.seo<br />
WordPress Firewall Notification<br />
WordPress Security Scan<br />http://semperfiwebdesign.com/plugins/wp-security-scan/<br />
http://www.meetup.com/Eastbay-WordPress-Meetup/<br />
Upcoming SlideShare
Loading in...5
×

Word press security basics

2,304

Published on

June

Published in: Technology, Business
1 Comment
2 Likes
Statistics
Notes
  • Slide 5, 'Check your file permissions', /wp-admin/ has to be 755 on my host. Makes sense, for Folders, the Execute permission is what lets you read the list of files. The files within the folder should be 644. On my server, 640 you get no CSS or Javascript; 644 get proper behavior. Remember, if you are accessing the file via HTTP, without a server login (i.e. just the WordPress login), you are accessing the files as Public. See http://codex.wordpress.org/Changing_File_Permissions
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
2,304
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
16
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Word press security basics"

  1. 1. WordPress Security Basics<br />East Bay WordPress Meetup 6/20/10<br />Sallie Goetsch<br />
  2. 2. Wait! Isn’t WordPress Secure?<br />
  3. 3. Secure Host<br />Dedicated Server<br />VPS<br />Reliable Shared Hosting (NOT Network Solutions). <br />“A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.” <br />Matt Mullenweg<br />
  4. 4. Basics<br />Back Up!<br />Update WordPress<br />Update Plugins<br />
  5. 5. Check Your File Permissions<br />
  6. 6. Move wp-config.php<br />Up one directory (WP will look for it there automatically)<br />Best when you can move wp-config.php out of the public_html (or analagous) directory<br />Don’t do this with nested WP installs!<br />
  7. 7. wp-config.php: Unique Keys<br />
  8. 8. Username & Password<br />Never use “admin” for your admin account<br />Use a strong password<br />
  9. 9. Database Table Name<br />Change from wp_ to something-else_ (or just choose something else to start with)<br />
  10. 10. Bonus: .htaccess<br />(Only works for static IP addresses)<br />AuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to Whitelistallow from xxx.xxx.xxx.xxx<br />
  11. 11. Plugins<br />AntiVirus for WP<br />Automatic WordPress Backup<br />Secure WordPress<br />ServerBuddy<br />Theme Authenticity Checker<br />WordPress DB Backup<br />WP Exploit Scanner<br />WordPress File Monitor <br />WordPress Firewall<br />WP Security Scan<br />
  12. 12. AntiVirus<br />http://wpantivirus.com/<br />
  13. 13. Automatic WordPress Backup<br />http://www.webdesigncompany.net/automatic-wordpress-backup/<br />
  14. 14. Secure WordPress<br />http://wordpress.org/extend/plugins/secure-wordpress/<br />
  15. 15. ServerBuddy<br />http://pluginbuddy.com/free-wordpress-plugins/serverbuddy/<br />
  16. 16. Theme Authenticity Checker<br />http://builtbackwards.com/projects/tac/<br />
  17. 17. WordPress Database Backup<br />http://austinmatzko.com/wordpress-plugins/wp-db-backup/<br />
  18. 18. WordPress Exploit Scanner<br />http://ocaoimh.ie/exploit-scanner/<br />
  19. 19. WordPress File Monitor<br />http://mattwalters.net/projects/wordpress-file-monitor/<br />
  20. 20. WordPress Firewall<br />http://www.seoegghead.com/software/wordpress-firewall.seo<br />
  21. 21. WordPress Firewall Notification<br />
  22. 22. WordPress Security Scan<br />http://semperfiwebdesign.com/plugins/wp-security-scan/<br />
  23. 23. http://www.meetup.com/Eastbay-WordPress-Meetup/<br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×