Word press security basics
Upcoming SlideShare
Loading in...5
×
 

Word press security basics

on

  • 2,819 views

June

June

Statistics

Views

Total Views
2,819
Views on SlideShare
2,455
Embed Views
364

Actions

Likes
2
Downloads
14
Comments
1

4 Embeds 364

http://www.wordpressasylum.com 284
http://eastbaywp.com 69
http://wordpressasylum.com 9
http://webcache.googleusercontent.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Slide 5, 'Check your file permissions', /wp-admin/ has to be 755 on my host. Makes sense, for Folders, the Execute permission is what lets you read the list of files. The files within the folder should be 644. On my server, 640 you get no CSS or Javascript; 644 get proper behavior. Remember, if you are accessing the file via HTTP, without a server login (i.e. just the WordPress login), you are accessing the files as Public. See http://codex.wordpress.org/Changing_File_Permissions
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Word press security basics Word press security basics Presentation Transcript

  • WordPress Security Basics
    East Bay WordPress Meetup 6/20/10
    Sallie Goetsch
  • Wait! Isn’t WordPress Secure?
  • Secure Host
    Dedicated Server
    VPS
    Reliable Shared Hosting (NOT Network Solutions).
    “A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.”
    Matt Mullenweg
  • Basics
    Back Up!
    Update WordPress
    Update Plugins
  • Check Your File Permissions
  • Move wp-config.php
    Up one directory (WP will look for it there automatically)
    Best when you can move wp-config.php out of the public_html (or analagous) directory
    Don’t do this with nested WP installs!
  • wp-config.php: Unique Keys
  • Username & Password
    Never use “admin” for your admin account
    Use a strong password
  • Database Table Name
    Change from wp_ to something-else_ (or just choose something else to start with)
  • Bonus: .htaccess
    (Only works for static IP addresses)
    AuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to Whitelistallow from xxx.xxx.xxx.xxx
  • Plugins
    AntiVirus for WP
    Automatic WordPress Backup
    Secure WordPress
    ServerBuddy
    Theme Authenticity Checker
    WordPress DB Backup
    WP Exploit Scanner
    WordPress File Monitor
    WordPress Firewall
    WP Security Scan
  • AntiVirus
    http://wpantivirus.com/
  • Automatic WordPress Backup
    http://www.webdesigncompany.net/automatic-wordpress-backup/
  • Secure WordPress
    http://wordpress.org/extend/plugins/secure-wordpress/
  • ServerBuddy
    http://pluginbuddy.com/free-wordpress-plugins/serverbuddy/
  • Theme Authenticity Checker
    http://builtbackwards.com/projects/tac/
  • WordPress Database Backup
    http://austinmatzko.com/wordpress-plugins/wp-db-backup/
  • WordPress Exploit Scanner
    http://ocaoimh.ie/exploit-scanner/
  • WordPress File Monitor
    http://mattwalters.net/projects/wordpress-file-monitor/
  • WordPress Firewall
    http://www.seoegghead.com/software/wordpress-firewall.seo
  • WordPress Firewall Notification
  • WordPress Security Scan
    http://semperfiwebdesign.com/plugins/wp-security-scan/
  • http://www.meetup.com/Eastbay-WordPress-Meetup/