WordPress Security For Beginners


Published on

Your online business is important. Learn the basic of securing your WordPress website and use the tips and tricks from this presentation.
Part of the WP Meetup Presentation 10/10/2012

Published in: Education
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Online Business is very important.Most of us in the room use WordPress in some way for our online businessJust like a Bricks and mortar store – keep it locked up.Security is usually left out or skipped by beginners30,000ft view – not an exhaustive list of security measures
  • No Site is ever 100% secure - No magic silver bulletStay informed and updatedSet up a good routine – learn and practiceResult is that you gain trust, credibility and a reputation with customers
  • Three most common statementsI’m just starting outI don’t get much trafficThere’s nothing on my site worth pinching.
  • At this stage you are likely to have low traffic, low content and low listDon’t think security affects youThere is a lot to learn as a beginner - Anthony Hortin’s Book – linkIt’s easy to ignore security as irrelevant
  • Not a lot of beginner informationMost information are bad practices – creates a vicious circleBeginners aren’t shown what attacks look like or fix itConstant vulnerable source.
  • What kind of attacks are there?Opportunistic attack – common variables and vulnerabilitiesBlanket attack.Not based on a site’s popularity
  • Attacks are automated – there is no popularity criteriaEstablished and popular websites already have security deterrentsCopyblogger 250 log in fails a day – more secure than most sites.
  • Your Traffic and potential traffic is worth pinchingHacker’s are after traffic more than your informationThe do it to make money
  • Redirect from Google and search enginesPaid traffic clicks.Insert code into websiteIncrease rankings due to embedded links and redirects
  • Here’s “The Situation”– not Mike Sorrentino.I have a site on SEO Tactics for beginnersGood, valuable informationDirect you to my websiteHere’s what you see…..
  • What would you think of me – click away?I might have great info, but I’m about to infect you with MalwareWhat would your customer think of you?What do you think the losses are going to be?
  • How Can we minimize the risks?Local Environment - computerUpdate software and antivirus – Avira for Mac linkFTP – sftp and credentialswp-config.php
  • WordPress pre-population on installationObscure database name and table prefixDon’t use ‘admin’Combination password – numbers, letter, caps and symbols‘password’ and 12345 most used passwords
  • Get rid of ‘admin’ profileChange to a nicknameReduce brute-force attack
  • Update regularlyCore updates – WordPress versionBreaks my site?????Set up subdomainUpdate subdomain Maintenance routine
  • Choose themes wiselyDon’t modify core filesUse Child ThemeThesis and GenesisBest code practices, reputable developers, respected, passionate about their product, big network and community
  • Choose plugins wiselyChoose from repositoryLook for good descriptionsUpdatesChange LogSupport Tab
  • Delete unused plugins!Files still exist even though not active
  • Login lockdownMax login attemptsLockout timeLockout invalid username attempts
  • Always have a backup!Set schedulesSet separate foldersSend to email, Dropbox, Amazon S3 or Rackspace
  • SucuriScans for any malicious threat, redirects, spa, etcOnly highlights problemsSucuri website for services
  • Website DefenderSuggests corrective measuresChange database name and table prefixProvides links to info
  • Managed WordPress HostingPaid Service – a bit more expensive.Maintenance, security, updates, scans, performance
  • Can do more technical stuff such as htaccess filesProtect wordpress files, block and redirect IP addressedMore technical if you get further advanced.Research on your own
  • WordPress Security For Beginners

    1. 1. WordPress Security For BeginnersAmelia Smith - @MissAmeliaSmith #wpmelb
    2. 2. Your Online Business Is ImportantJust like any “Bricksand Mortar”store.......Keep your onlinebusiness locked upat night! Amelia Smith - @MissAmeliaSmith #wpmelb
    3. 3. There is no magic silver bullet Set up a good maintenance routine…… People will return if you provide a safe environmentAmelia Smith - @MissAmeliaSmith #wpmelb
    4. 4. Three Familiar Comments “I’m just starting out” “I don’t get much traffic yet” “My content isn’t worth stealing”Amelia Smith - @MissAmeliaSmith #wpmelb
    5. 5. “I’m Just Starting Out” Hackers don’t give you a grace period! Easy WP Guide http://thstuts.com/OlmjwyAmelia Smith - @MissAmeliaSmith #wpmelb
    6. 6. “I’m Just Starting Out”Are you learningBAD PRACTICES? Amelia Smith - @MissAmeliaSmith #wpmelb
    7. 7. “I Don’t Get Much Traffic” Opportunistic Attacks... when a hacker takes a bet on causing trouble without knowing the outcome.Amelia Smith - @MissAmeliaSmith #wpmelb
    8. 8. “I Don’t Get Much Traffic” It’s automatic, It’s systomatic, It’s hyyyyyyydromatic…Amelia Smith - @MissAmeliaSmith #wpmelb
    9. 9. “I Have Nothing Worth Stealing.” Don’t take it personally… …it’s all about the MONIES!Amelia Smith - @MissAmeliaSmith #wpmelb
    10. 10. “I Have Nothing Worth Pinching” What happens in Vegas…. ….actually gets redirected from your site!Amelia Smith - @MissAmeliaSmith #wpmelb
    11. 11. Put yourself into the visitors shoes. This is “The Situation” Amelia Smith - @MissAmeliaSmith #wpmelb
    12. 12. What would you think??Amelia Smith - @MissAmeliaSmith #wpmelb
    13. 13. Local Environment Keep your local environment updatedand connect securely… http://thstuts.com/Trnc93 Amelia Smith - @MissAmeliaSmith #wpmelb
    14. 14. WordPress Installation Change the prepopulated WordPress defaults when installing…Amelia Smith - @MissAmeliaSmith #wpmelb
    15. 15. WordPress ConfigurationAmelia Smith - @MissAmeliaSmith #wpmelb
    16. 16. Always Be Updating “78% of malware cases are attributed to outdated core application, plugins, modules or software”. (http://sucuri.net/)Amelia Smith - @MissAmeliaSmith #wpmelb
    17. 17. Recommended Themes (Thesis & Genesis)Amelia Smith - @MissAmeliaSmith #wpmelb
    18. 18. Choose Plugins Wisely Research your plugins and choose wisely..Amelia Smith - @MissAmeliaSmith #wpmelb
    19. 19. Unused Plugins Delete Unused PluginsAmelia Smith - @MissAmeliaSmith #wpmelb
    20. 20. Recommended Plugins Log In LockdownAmelia Smith - @MissAmeliaSmith #wpmelb
    21. 21. Recommended Plugins BackWPupAmelia Smith - @MissAmeliaSmith #wpmelb
    22. 22. Recommended Plugins Sucuri Sitecheck Malware ScannerAmelia Smith - @MissAmeliaSmith #wpmelb
    23. 23. Recommended PluginsWebsite Defender Amelia Smith - @MissAmeliaSmith #wpmelb
    24. 24. Managed WordPress HostingAmelia Smith - @MissAmeliaSmith #wpmelb
    25. 25. Bonus RoundSomething for the Geeks….Amelia Smith - @MissAmeliaSmith #wpmelb
    26. 26. Thank You……Amelia Smith - @MissAmeliaSmith #wpmelb