WordPress Security & Backup

3,603
-1

Published on

WordPress is my favorite computer asset, but it's very vulnerable to attack from the bad clowns ;-) This presentation from WordCamp Atlanta 2012 is my system of handling WordPress security without getting too geeky.

Published in: Technology
2 Comments
3 Likes
Statistics
Notes
No Downloads
Views
Total Views
3,603
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
2
Likes
3
Embeds 0
No embeds

No notes for slide

WordPress Security & Backup

  1. Don’t Hack Me Bro’! Simple Backup & Security for WordPress This Presentation, more info and  links, can be found at: www.SaferPress.comRandy Barnes@rbarnesdotcomwww.rbarnes.comlinkedin.rbarnes.com
  2. I Love WordPress
  3. I Love WordPress too!
  4. WordPress is a OPEN SOURCE Content management system (CMS)   powered by PHP and MySQL !! ??
  5. PHP: Hypertext Preprocessor made more sense originally as: "Personal Home Page"• allows dynamically generated pages• server-side scripting language• embedded into an HTML document
  6. MySQL - RDBMSStructured Query Language Relational Database Management System  
  7. Apache HTTP Serverrunning ~66% of the web  over 100 Million web sites 
  8. Linux , Unix-like OperatingSystemLeading Server Operating System in the world!Runs 90% of Supercomputers!
  9. Free - Open SourceCommunity of DevelopersFREE - Huge numbers in useNot so user-friendlyFREEHackers Brier Patch
  10. Protect your investment otime oenergy omoney oreputation
  11. WordPress disaster recovery • very expensive problem • very high-level skill need for rebuilding  a hacked blog • deal with it in advance and the process  is far easier 
  12. A Real World Example
  13. Run this on yoursite in Google site:yourdomain
  14. OMG!
  15. START HERE
  16. Spam Comments -      Plugin - Akismet   need API Key - get at wordpress.com
  17. Only ~3,000 total visitsAnd 10,500+ spam comments!
  18. !!! Update UPDATE Update !!! WordPress core -> Theme update -> Plugins update-
  19. Hackers only need 2 pieces of info to take  control of your blog.  Dont give them the 1st one!
  20. B| %{ua6+M%~
  21. Tip #2: Use A Strong Password http://strongpasswordgenerator.com/  d2]8pTkYr=.x
  22. Tip #1: Change your Admin username    1. use phpMyAdmin in your host account cPanel  to edit the fields in the admin account, or..   2. make a new admin user in your WP dashboard,  and then delete the existing admin user 
  23. How to video at youtube.com/help4wp
  24. Three Strikes & Youre Out! Limit the number of login attempts with a useful plugin   
  25. congratulations     Level 1 Security achieved
  26. You want more?
  27. automated installers will put the same security keys in every blog, and all use the same table prefix "wp_"
  28. Change your locks!   replace the security keys with new code• open the wp-config.php file in a text or code  editor• copy/paste new keys generated at: https://api.wordpress.org/secret-key/1.1/salt 
  29. Next:  change the table prefixyour WordPress table prefix default is wp_ wp1_ wp2_ etc...
  30. That wp_  table prefix is rotten, and has to go. 
  31. This is minor surgery, and you  may feel some pressure ;-)  • Use phpMyAdmin from your host account  cPanel  • Text /Code Editor:   • go slow and follow a few simple steps..
  32. Hope for the best,Plan for the worst!
  33. Backup your blog
  34. •   WP-DB-Backup
  35. Get it All - Get it Right    backup your WP database   • automate it - daily: slow time of day • Get all the partsCheck your  table for new additions (some plugins or themes may add new tables that need to be selected and included in the backup] • email it  [to your gmail account]  
  36. also:  Watch Those Files    wp-File monitor: pluginhttp://wordpress.org/extend/plugins/wordpress-file-monitor/
  37. more security strategies            blank .html filescustom .htaccess fileslimit access to your IP addresssecuring the folders with addtl passwordsmore plugins
  38. Introducing...Manage your Assets Security System
  39. Introducing...Manage your Assets Security System MyASS
  40. Manage Your Assets Security System      1. Install WordPress Correctly 2. Cook your Spam 3. Kill your Admin 4. Strong Password 5. Updates as  available 6. Limit Login Attempts 7. Change Table Prefix & Keys 8. Backup Database  9. Backup File Structure10. Relax   & Blog 
  41. Happiness is a secure WordPress Blog Im a  blogger! Enjoy Atlanta!

×