Michele Butcher gave a presentation on WordPress security basics. She discussed why security is important, how hackers gain access to sites, and basic steps site owners can take to improve security like using strong passwords, updating software regularly, installing security plugins, and backing up sites. Butcher emphasized that while no site is completely secure, taking simple measures like these can help prevent hacking and data loss.

1. Michele Butcher
valet.io
GiveWP.com yoast.com
Passwords, Attacks, and
Security oh my!
@michele_butcher

2. Michele Butcher
• Accounts Lead at Valet.io
• Support Engineer for Yoast
• Support Guru for GiveWP
• Beginners and Intermediate
WordPress Instructor
@michele_butcher

3. Why is security important?
@michele_butcher

4. Many do not think security is
important until it is too late.
Every single day hackers find new ways to get your information.
Todays features are tomorrow’s vulnerabilities.
Stop them before they stop you
@michele_butcher

5. Why do hackers hack?
• Make bank
• build a zombie
army
• Share their nasty
code with the world
• Get your
information
• They are bored
• They want to see if
they can do it
@michele_butcher

6. But…Why are they hacking
me?
There is rarely ever a targeted hacking attack.
Typically all sites are considered targets. The
big and the small.
@michele_butcher

7. And how do they get in?
• They guess your login information
• Denial of Service Attack (DDoS)
• Through a file in a theme, plugin, or anything on your
server where they found an exploit
• Through your FTP and/or cPanel configuration
@michele_butcher

8. Here is the only scary thing I
will say in this talk
@michele_butcher

9. You are NEVER
100% secure
@michele_butcher

10. A test site or a site that might get
5 visitors a day can be hacked.
It happened to me and it can happen to you.
@michele_butcher

11. Don’t Let
Security Make
you like this guy!
@michele_butcher

12. There are some simple steps
to keep the hackers out
@michele_butcher

13. WordPress Security Basics
101
@michele_butcher

14. Never ever never use “admin” as a
username or “password” as
password. NEVER!!!!
Any questions?
Adm1n and Pa55w0rd do not count either!
@michele_butcher

15. Always use SFTP
“S” is for safe!!!
@michele_butcher

16. Only give users the access
they need
Just because they want to be an admin does not mean they should.
Guest bloggers should rarely every be anything more than a contributor.
@michele_butcher

17. If it is a temporary login, delete
the user when the job is done
If they do have posts, you can convert them to different users or make them a
subscriber with limited access.
@michele_butcher

18. Set up file detection
Many security plugins like iThemes Security and WordFence will alert you when
files have been changed
@michele_butcher

19. Only keep the theme you are using
and one backup theme on your
site.
The more themes that are on a site, the more open chances you have to a
vulnerability
@michele_butcher

20. Only keep the plugins you
have active on your site.
An uninstalled plugin is not a potential vulnerability.
Use the plugins repo favorites option to keep a list
of your favorite plugins
@michele_butcher

21. Security Plugins
• iThemes Security (Free and Pro version
• Sucuri Firewall
• WordFence Security
• Jetpack with Brute Protect and Vault Press
@michele_butcher

22. Always make backups!
• Backup Buddy, UpDraftPlus, BackWPUp
• Always save to someplace OTHER than your server
• Save them to Dropbox, AWS, email, or your local
machine
• Have them scheduled to be made daily or at least
weekly
@michele_butcher

23. Malware Scanning? Do I
need it?
• Google Webmaster Tools
• Sucuri Scanner
• VirusTotal
If you feel your site could be infected, first do
a malware scan
@michele_butcher

24. What else can I do to protect
my site?
@michele_butcher

25. Update!
Update!
Update!
Update core. Update themes update plugins!
The biggest reasons of updates is typically security or feature related.
The biggest source of nearly all hacks is due to lack of updating.
@michele_butcher

26. If you use Envato products (ThemeForest
and CodeCanyon) always check the box in
the downloads to be notified of updates.
That is the only way you will know if any of their
products need to be updated.
This is why the RevSlider infection was so widespread.
Many did not even know the plugin was built into their
theme.
@michele_butcher

27. Don't ever let your site get
too lonely.
That is when the zombies come.
Nobody wants the zombies to come
@michele_butcher

28. If the unthinkable happens and you
do get hacked, it is not the end of
the world.
It can and will be fixed.
@michele_butcher

29. Who can clean my hacked
website?
• Sucuri
• Hack Repair
• Wp Security Lock
@michele_butcher

30. Great! Are there any other
ways I can be secure?
@michele_butcher

31. Always use complex
passwords
@michele_butcher

32. Never email passwords
@michele_butcher

33. Never use the same
password twice
@michele_butcher

34. Use a Password Keeper
• Last Pass
• One Password
• KeePass
@michele_butcher

35. If a login has a Two-Factor
Authentication, USE IT!
@michele_butcher

36. Anti-virus!
Use it on all the things.
Yes, even a Mac!
http://mlb.pw/secure @michele_butcher

37. Be conscious when using
public WiFi
@michele_butcher

38. Use a VPN if you use Public
WiFi
• Torguard
• Cloak (Mac only)
• Site Social
• Hide My Ass
@michele_butcher

39. Update!
Update!
Update!
@michele_butcher

40. Back everything up and back
it up often!
No one wants to lose their information
stored on their computer.
• Bitcasa
• Caronbinte
• External Harddrives
@michele_butcher

41. Questions?
@michele_butcher

42. Thank you!!!
Michele Butcher
@michele_butcher
Slides can be found at