Your SlideShare is downloading. ×
Word press security basics
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Word press security basics

2,233
views

Published on

June

June

Published in: Technology, Business

1 Comment
2 Likes
Statistics
Notes
  • Slide 5, 'Check your file permissions', /wp-admin/ has to be 755 on my host. Makes sense, for Folders, the Execute permission is what lets you read the list of files. The files within the folder should be 644. On my server, 640 you get no CSS or Javascript; 644 get proper behavior. Remember, if you are accessing the file via HTTP, without a server login (i.e. just the WordPress login), you are accessing the files as Public. See http://codex.wordpress.org/Changing_File_Permissions
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
2,233
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
16
Comments
1
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. WordPress Security Basics
    East Bay WordPress Meetup 6/20/10
    Sallie Goetsch
  • 2. Wait! Isn’t WordPress Secure?
  • 3. Secure Host
    Dedicated Server
    VPS
    Reliable Shared Hosting (NOT Network Solutions).
    “A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.”
    Matt Mullenweg
  • 4. Basics
    Back Up!
    Update WordPress
    Update Plugins
  • 5. Check Your File Permissions
  • 6. Move wp-config.php
    Up one directory (WP will look for it there automatically)
    Best when you can move wp-config.php out of the public_html (or analagous) directory
    Don’t do this with nested WP installs!
  • 7. wp-config.php: Unique Keys
  • 8. Username & Password
    Never use “admin” for your admin account
    Use a strong password
  • 9. Database Table Name
    Change from wp_ to something-else_ (or just choose something else to start with)
  • 10. Bonus: .htaccess
    (Only works for static IP addresses)
    AuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to Whitelistallow from xxx.xxx.xxx.xxx
  • 11. Plugins
    AntiVirus for WP
    Automatic WordPress Backup
    Secure WordPress
    ServerBuddy
    Theme Authenticity Checker
    WordPress DB Backup
    WP Exploit Scanner
    WordPress File Monitor
    WordPress Firewall
    WP Security Scan
  • 12. AntiVirus
    http://wpantivirus.com/
  • 13. Automatic WordPress Backup
    http://www.webdesigncompany.net/automatic-wordpress-backup/
  • 14. Secure WordPress
    http://wordpress.org/extend/plugins/secure-wordpress/
  • 15. ServerBuddy
    http://pluginbuddy.com/free-wordpress-plugins/serverbuddy/
  • 16. Theme Authenticity Checker
    http://builtbackwards.com/projects/tac/
  • 17. WordPress Database Backup
    http://austinmatzko.com/wordpress-plugins/wp-db-backup/
  • 18. WordPress Exploit Scanner
    http://ocaoimh.ie/exploit-scanner/
  • 19. WordPress File Monitor
    http://mattwalters.net/projects/wordpress-file-monitor/
  • 20. WordPress Firewall
    http://www.seoegghead.com/software/wordpress-firewall.seo
  • 21. WordPress Firewall Notification
  • 22. WordPress Security Scan
    http://semperfiwebdesign.com/plugins/wp-security-scan/
  • 23. http://www.meetup.com/Eastbay-WordPress-Meetup/