• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
WordPress Security For Beginners
 

WordPress Security For Beginners

on

  • 629 views

Your online business is important. Learn the basic of securing your WordPress website and use the tips and tricks from this presentation.

Your online business is important. Learn the basic of securing your WordPress website and use the tips and tricks from this presentation.
Part of the WP Meetup Presentation 10/10/2012

Statistics

Views

Total Views
629
Views on SlideShare
625
Embed Views
4

Actions

Likes
2
Downloads
2
Comments
0

2 Embeds 4

https://si0.twimg.com 2
http://pinterest.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Online Business is very important.Most of us in the room use WordPress in some way for our online businessJust like a Bricks and mortar store – keep it locked up.Security is usually left out or skipped by beginners30,000ft view – not an exhaustive list of security measures
  • No Site is ever 100% secure - No magic silver bulletStay informed and updatedSet up a good routine – learn and practiceResult is that you gain trust, credibility and a reputation with customers
  • Three most common statementsI’m just starting outI don’t get much trafficThere’s nothing on my site worth pinching.
  • At this stage you are likely to have low traffic, low content and low listDon’t think security affects youThere is a lot to learn as a beginner - Anthony Hortin’s Book – linkIt’s easy to ignore security as irrelevant
  • Not a lot of beginner informationMost information are bad practices – creates a vicious circleBeginners aren’t shown what attacks look like or fix itConstant vulnerable source.
  • What kind of attacks are there?Opportunistic attack – common variables and vulnerabilitiesBlanket attack.Not based on a site’s popularity
  • Attacks are automated – there is no popularity criteriaEstablished and popular websites already have security deterrentsCopyblogger 250 log in fails a day – more secure than most sites.
  • Your Traffic and potential traffic is worth pinchingHacker’s are after traffic more than your informationThe do it to make money
  • Redirect from Google and search enginesPaid traffic clicks.Insert code into websiteIncrease rankings due to embedded links and redirects
  • Here’s “The Situation”– not Mike Sorrentino.I have a site on SEO Tactics for beginnersGood, valuable informationDirect you to my websiteHere’s what you see…..
  • What would you think of me – click away?I might have great info, but I’m about to infect you with MalwareWhat would your customer think of you?What do you think the losses are going to be?
  • How Can we minimize the risks?Local Environment - computerUpdate software and antivirus – Avira for Mac linkFTP – sftp and credentialswp-config.php
  • WordPress pre-population on installationObscure database name and table prefixDon’t use ‘admin’Combination password – numbers, letter, caps and symbols‘password’ and 12345 most used passwords
  • Get rid of ‘admin’ profileChange to a nicknameReduce brute-force attack
  • Update regularlyCore updates – WordPress versionBreaks my site?????Set up subdomainUpdate subdomain Maintenance routine
  • Choose themes wiselyDon’t modify core filesUse Child ThemeThesis and GenesisBest code practices, reputable developers, respected, passionate about their product, big network and community
  • Choose plugins wiselyChoose from repositoryLook for good descriptionsUpdatesChange LogSupport Tab
  • Delete unused plugins!Files still exist even though not active
  • Login lockdownMax login attemptsLockout timeLockout invalid username attempts
  • Always have a backup!Set schedulesSet separate foldersSend to email, Dropbox, Amazon S3 or Rackspace
  • SucuriScans for any malicious threat, redirects, spa, etcOnly highlights problemsSucuri website for services
  • Website DefenderSuggests corrective measuresChange database name and table prefixProvides links to info
  • Managed WordPress HostingPaid Service – a bit more expensive.Maintenance, security, updates, scans, performance
  • Can do more technical stuff such as htaccess filesProtect wordpress files, block and redirect IP addressedMore technical if you get further advanced.Research on your own

WordPress Security For Beginners WordPress Security For Beginners Presentation Transcript

  • WordPress Security For BeginnersAmelia Smith - @MissAmeliaSmith #wpmelb
  • Your Online Business Is ImportantJust like any “Bricksand Mortar”store.......Keep your onlinebusiness locked upat night! Amelia Smith - @MissAmeliaSmith #wpmelb
  • There is no magic silver bullet Set up a good maintenance routine…… People will return if you provide a safe environmentAmelia Smith - @MissAmeliaSmith #wpmelb
  • Three Familiar Comments “I’m just starting out” “I don’t get much traffic yet” “My content isn’t worth stealing”Amelia Smith - @MissAmeliaSmith #wpmelb
  • “I’m Just Starting Out” Hackers don’t give you a grace period! Easy WP Guide http://thstuts.com/OlmjwyAmelia Smith - @MissAmeliaSmith #wpmelb
  • “I’m Just Starting Out”Are you learningBAD PRACTICES? Amelia Smith - @MissAmeliaSmith #wpmelb
  • “I Don’t Get Much Traffic” Opportunistic Attacks... when a hacker takes a bet on causing trouble without knowing the outcome.Amelia Smith - @MissAmeliaSmith #wpmelb
  • “I Don’t Get Much Traffic” It’s automatic, It’s systomatic, It’s hyyyyyyydromatic…Amelia Smith - @MissAmeliaSmith #wpmelb
  • “I Have Nothing Worth Stealing.” Don’t take it personally… …it’s all about the MONIES!Amelia Smith - @MissAmeliaSmith #wpmelb
  • “I Have Nothing Worth Pinching” What happens in Vegas…. ….actually gets redirected from your site!Amelia Smith - @MissAmeliaSmith #wpmelb
  • Put yourself into the visitors shoes. This is “The Situation” Amelia Smith - @MissAmeliaSmith #wpmelb
  • What would you think??Amelia Smith - @MissAmeliaSmith #wpmelb
  • Local Environment Keep your local environment updatedand connect securely… http://thstuts.com/Trnc93 Amelia Smith - @MissAmeliaSmith #wpmelb
  • WordPress Installation Change the prepopulated WordPress defaults when installing…Amelia Smith - @MissAmeliaSmith #wpmelb
  • WordPress ConfigurationAmelia Smith - @MissAmeliaSmith #wpmelb
  • Always Be Updating “78% of malware cases are attributed to outdated core application, plugins, modules or software”. (http://sucuri.net/)Amelia Smith - @MissAmeliaSmith #wpmelb
  • Recommended Themes (Thesis & Genesis)Amelia Smith - @MissAmeliaSmith #wpmelb
  • Choose Plugins Wisely Research your plugins and choose wisely..Amelia Smith - @MissAmeliaSmith #wpmelb
  • Unused Plugins Delete Unused PluginsAmelia Smith - @MissAmeliaSmith #wpmelb
  • Recommended Plugins Log In LockdownAmelia Smith - @MissAmeliaSmith #wpmelb
  • Recommended Plugins BackWPupAmelia Smith - @MissAmeliaSmith #wpmelb
  • Recommended Plugins Sucuri Sitecheck Malware ScannerAmelia Smith - @MissAmeliaSmith #wpmelb
  • Recommended PluginsWebsite Defender Amelia Smith - @MissAmeliaSmith #wpmelb
  • Managed WordPress HostingAmelia Smith - @MissAmeliaSmith #wpmelb
  • Bonus RoundSomething for the Geeks….Amelia Smith - @MissAmeliaSmith #wpmelb
  • Thank You……Amelia Smith - @MissAmeliaSmith #wpmelb