• Like
  • Save
Word press security basics
Upcoming SlideShare
Loading in...5
×
 

Word press security basics

on

  • 2,732 views

June

June

Statistics

Views

Total Views
2,732
Views on SlideShare
2,368
Embed Views
364

Actions

Likes
2
Downloads
12
Comments
1

4 Embeds 364

http://www.wordpressasylum.com 284
http://eastbaywp.com 69
http://wordpressasylum.com 9
http://webcache.googleusercontent.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Slide 5, 'Check your file permissions', /wp-admin/ has to be 755 on my host. Makes sense, for Folders, the Execute permission is what lets you read the list of files. The files within the folder should be 644. On my server, 640 you get no CSS or Javascript; 644 get proper behavior. Remember, if you are accessing the file via HTTP, without a server login (i.e. just the WordPress login), you are accessing the files as Public. See http://codex.wordpress.org/Changing_File_Permissions
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Word press security basics Word press security basics Presentation Transcript

    • WordPress Security Basics
      East Bay WordPress Meetup 6/20/10
      Sallie Goetsch
    • Wait! Isn’t WordPress Secure?
    • Secure Host
      Dedicated Server
      VPS
      Reliable Shared Hosting (NOT Network Solutions).
      “A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.”
      Matt Mullenweg
    • Basics
      Back Up!
      Update WordPress
      Update Plugins
    • Check Your File Permissions
    • Move wp-config.php
      Up one directory (WP will look for it there automatically)
      Best when you can move wp-config.php out of the public_html (or analagous) directory
      Don’t do this with nested WP installs!
    • wp-config.php: Unique Keys
    • Username & Password
      Never use “admin” for your admin account
      Use a strong password
    • Database Table Name
      Change from wp_ to something-else_ (or just choose something else to start with)
    • Bonus: .htaccess
      (Only works for static IP addresses)
      AuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to Whitelistallow from xxx.xxx.xxx.xxx
    • Plugins
      AntiVirus for WP
      Automatic WordPress Backup
      Secure WordPress
      ServerBuddy
      Theme Authenticity Checker
      WordPress DB Backup
      WP Exploit Scanner
      WordPress File Monitor
      WordPress Firewall
      WP Security Scan
    • AntiVirus
      http://wpantivirus.com/
    • Automatic WordPress Backup
      http://www.webdesigncompany.net/automatic-wordpress-backup/
    • Secure WordPress
      http://wordpress.org/extend/plugins/secure-wordpress/
    • ServerBuddy
      http://pluginbuddy.com/free-wordpress-plugins/serverbuddy/
    • Theme Authenticity Checker
      http://builtbackwards.com/projects/tac/
    • WordPress Database Backup
      http://austinmatzko.com/wordpress-plugins/wp-db-backup/
    • WordPress Exploit Scanner
      http://ocaoimh.ie/exploit-scanner/
    • WordPress File Monitor
      http://mattwalters.net/projects/wordpress-file-monitor/
    • WordPress Firewall
      http://www.seoegghead.com/software/wordpress-firewall.seo
    • WordPress Firewall Notification
    • WordPress Security Scan
      http://semperfiwebdesign.com/plugins/wp-security-scan/
    • http://www.meetup.com/Eastbay-WordPress-Meetup/