Online Business is very important.Most of us in the room use WordPress in some way for our online businessJust like a Bricks and mortar store – keep it locked up.Security is usually left out or skipped by beginners30,000ft view – not an exhaustive list of security measures
No Site is ever 100% secure - No magic silver bulletStay informed and updatedSet up a good routine – learn and practiceResult is that you gain trust, credibility and a reputation with customers
Three most common statementsI’m just starting outI don’t get much trafficThere’s nothing on my site worth pinching.
At this stage you are likely to have low traffic, low content and low listDon’t think security affects youThere is a lot to learn as a beginner - Anthony Hortin’s Book – linkIt’s easy to ignore security as irrelevant
Not a lot of beginner informationMost information are bad practices – creates a vicious circleBeginners aren’t shown what attacks look like or fix itConstant vulnerable source.
What kind of attacks are there?Opportunistic attack – common variables and vulnerabilitiesBlanket attack.Not based on a site’s popularity
Attacks are automated – there is no popularity criteriaEstablished and popular websites already have security deterrentsCopyblogger 250 log in fails a day – more secure than most sites.
Your Traffic and potential traffic is worth pinchingHacker’s are after traffic more than your informationThe do it to make money
Redirect from Google and search enginesPaid traffic clicks.Insert code into websiteIncrease rankings due to embedded links and redirects
Here’s “The Situation”– not Mike Sorrentino.I have a site on SEO Tactics for beginnersGood, valuable informationDirect you to my websiteHere’s what you see…..
What would you think of me – click away?I might have great info, but I’m about to infect you with MalwareWhat would your customer think of you?What do you think the losses are going to be?
How Can we minimize the risks?Local Environment - computerUpdate software and antivirus – Avira for Mac linkFTP – sftp and credentialswp-config.php
WordPress pre-population on installationObscure database name and table prefixDon’t use ‘admin’Combination password – numbers, letter, caps and symbols‘password’ and 12345 most used passwords
Get rid of ‘admin’ profileChange to a nicknameReduce brute-force attack
Update regularlyCore updates – WordPress versionBreaks my site?????Set up subdomainUpdate subdomain Maintenance routine
Choose themes wiselyDon’t modify core filesUse Child ThemeThesis and GenesisBest code practices, reputable developers, respected, passionate about their product, big network and community
Choose plugins wiselyChoose from repositoryLook for good descriptionsUpdatesChange LogSupport Tab
Delete unused plugins!Files still exist even though not active