Word press security basics

WordPress Security Basics
East Bay WordPress Meetup 6/20/10
Sallie Goetsch

Wait! Isn’t WordPress Secure?

Secure Host
Dedicated Server
VPS
Reliable Shared Hosting (NOT Network Solutions).
“A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.”
Matt Mullenweg

Basics
Back Up!
Update WordPress
Update Plugins

Check Your File Permissions

Move wp-config.php
Up one directory (WP will look for it there automatically)
Best when you can move wp-config.php out of the public_html (or analagous) directory
Don’t do this with nested WP installs!

wp-config.php: Unique Keys

Username & Password
Never use “admin” for your admin account
Use a strong password

Database Table Name
Change from wp_ to something-else_ (or just choose something else to start with)

Bonus: .htaccess
(Only works for static IP addresses)
AuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to Whitelistallow from xxx.xxx.xxx.xxx

Plugins
AntiVirus for WP
Automatic WordPress Backup
Secure WordPress
ServerBuddy
Theme Authenticity Checker
WordPress DB Backup
WP Exploit Scanner
WordPress File Monitor
WordPress Firewall
WP Security Scan

AntiVirus
http://wpantivirus.com/

Automatic WordPress Backup
http://www.webdesigncompany.net/automatic-wordpress-backup/

Secure WordPress
http://wordpress.org/extend/plugins/secure-wordpress/

ServerBuddy
http://pluginbuddy.com/free-wordpress-plugins/serverbuddy/

Theme Authenticity Checker
http://builtbackwards.com/projects/tac/

WordPress Database Backup
http://austinmatzko.com/wordpress-plugins/wp-db-backup/

WordPress Exploit Scanner
http://ocaoimh.ie/exploit-scanner/

WordPress File Monitor
http://mattwalters.net/projects/wordpress-file-monitor/

WordPress Firewall
http://www.seoegghead.com/software/wordpress-firewall.seo

WordPress Firewall Notification

WordPress Security Scan
http://semperfiwebdesign.com/plugins/wp-security-scan/

http://www.meetup.com/Eastbay-WordPress-Meetup/

http://www.wordpressasylum.com	216
http://eastbaywp.com	47
http://wordpressasylum.com	6
http://webcache.googleusercontent.com	2

Word press security basics

by East Bay WordPress Meetup on Jul 12, 2010

Accessibility

Categories

Tags

Upload Details

Usage Rights

4 Embeds 271

Statistics

Word press security basics — Presentation Transcript