WCBham Beginner WordPress Security


Published on

Beginner tips to secure your WordPress site.

Published in: Internet
1 Like
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

WCBham Beginner WordPress Security

  1. 1. Beginner WordPress Security Tips to Help Secure Your WordPress Site WordCamp Birmingham, 2016 #wcbham
  2. 2. Gerroald Barron gerroald@ithemes.com - @gerroald https://profiles.wordpress.org/gerroald https://ithemes.com/security/ https://wordpress.org/plugins/better-wp-security/
  3. 3. Why Would Someone Want to Hack My Site? Twitter - @gerroald http://www.slideshare.net/GerroaldBarron
  4. 4. There are currently over 1 Billion websites on the web. https://sucuri.net/website-security/website-hacked-report WordPress powers about 26% of them. Twitter - @gerroald http://www.slideshare.net/GerroaldBarron
  5. 5. You’re likely not the target, WordPress is. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  6. 6. It’s not about if you get attacked, but rather how to prevent it from being successful. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  7. 7. If you know your passwords, they’re likely too weak. Strong Passwords
  8. 8. Password Managers https://www.dashlane.com/passwordmanager https://1password.com/ https://lastpass.com/ Twitter - @gerroald www.slideshare.net/GerroaldBarron
  9. 9. Two-Factor Authentication Two-Factor Authentication is not a mere nuisance, it’s Real Security. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  10. 10. Two Factor Plugins WordPress Two-Factor Plugins https://ithemes.com/security/ Twitter - @gerroald www.slideshare.net/GerroaldBarron
  11. 11. Two-Factor Mobile Apps Google Authenticator Android Authy for iOS and Android Google Authenticator iOS Twitter - @gerroald www.slideshare.net/GerroaldBarron
  12. 12. Changing the Salts Salted Keys further protect your login credentials stored in your cookies. https://api.wordpress.org/secret-key/1.1/salt/ *tutorial*
  13. 13. Plugins to Change Your Salts https://wordpress.org/plugins/better-wp-security/ https://wordpress.org/plugins/wp-config-file-editor/ Twitter - @gerroald www.slideshare.net/GerroaldBarron
  14. 14. Secure File Permissions How secure is your site if anyone can view or write to your server files? It’s not. Secure file permissions are a must. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  15. 15. Using sFTP Encryption vs FTP The SFTP and FTP protocols both transfer data, that’s where their similarities end.
  16. 16. FTP stands for File Transfer Protocol sFTP stands for (SSH) File Transfer Protocol FTP transfers data between two remote connections, in plain text. sFTP ensures that data is securely transferred privately with use of the SSH2 protocol. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  17. 17. SSL (Secure Sockets Layer) What is it? Why should I use it? Twitter - @gerroald www.slideshare.net/GerroaldBarron
  18. 18. SSL creates an encrypted connection between your web server and your visitors' web browser. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  19. 19. HTTP stands for Hyper Text Protocol HTTPS stands for Hyper Text Protocol Secure When using HTTP to transfer information it’s relatively easy for a knowledgable person to intercept, and view it. When using HTTPS if anyone is able to intercept it, they still won’t be able to decipher it because it’s encrypted. SSL Secure Socket Layers is the security during the transfer while using HTTPS. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  20. 20. Free SSL Certificates https://letsencrypt.org/ https://ssl.comodo.com/free-ssl-certificate.php Twitter - @gerroald www.slideshare.net/GerroaldBarron
  21. 21. Maintenance Keep WordPress Core up to date. Keep your plugins and themes up to date Regularly update your passwords Remove plugins, themes and users that aren't being used. ALWAYS have a recent backup. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  22. 22. Summary Use a strong password with the help of a password manager Two-Factor for ALL THE THINGS Regularly change your Salts Use secure file permissions Use sFTP when ever possible Use SSL on all of your sites Please keep your site and everything on it up to date