WordPress security

Uploaded on

An introduction to WordPress Security

An introduction to WordPress Security

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. blogVAULThttp://blogvault.net
  • 2. WordPress Security Akshat Choudhary Founder, blogVault blogVAULT
  • 3. Why?Sites get Hacked! blogVAULT
  • 4. Why will some one hack a Site? Fun and Profit blogVAULT
  • 5. Fun: Because they can blogVAULT
  • 6. Profit: To make moneySEOAffiliate ScamRedirect to a different sitePolitical defacementUse host for hacks blogVAULT
  • 7. How?Vulnerabilities! blogVAULT
  • 8. Where?Wordpress Core Plugins Themes blogVAULT
  • 9. How do I know if I have been hacked? blogVAULT
  • 10. Browser warning blogVAULT
  • 11. Google Search Warning blogVAULT
  • 12. Sucuri SiteCheck - Free Tool blogVAULT
  • 13. Inspect FileshtaccessJavascript FilesUnknown PHP filesExisting PHP files blogVAULT
  • 14. What to do when my site gets hacked? blogVAULT
  • 15. Recover from Backup Most reliable method blogVAULT
  • 16. Use SucuriNot foolproof, costs money blogVAULT
  • 17. Talk to an expertDifficult Job. Dont take lightly. blogVAULT
  • 18. Change Password blogVAULT
  • 19. Change Authentication keys Removes existing sessions. blogVAULT
  • 20. Prevention is better than Cure blogVAULT
  • 21. Update Wordpress / Plugins / Themes blogVAULT
  • 22. Change Database Prefix Prevent SQL Injection attacks blogVAULT
  • 23. Disable File Editordefine(DISALLOW_FILE_EDIT, true); blogVAULT
  • 24. Make Folders / Files Readonly blogVAULT
  • 25. Prevent File ExecutionAddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi blogVAULT
  • 26. Use SSL / Google Authenticator blogVAULT
  • 27. Set Authentication Keysdefine(AUTH_KEY, put your unique phrase here);define(SECURE_AUTH_KEY, put your unique phrase here);define(LOGGED_IN_KEY, put your unique phrase here);define(NONCE_KEY, put your unique phrase here);define(AUTH_SALT, put your unique phrase here);define(SECURE_AUTH_SALT, put your unique phrase here);define(LOGGED_IN_SALT, put your unique phrase here);define(NONCE_SALT, put your unique phrase here); blogVAULT
  • 28. Security by Obscurityremove admin user / hide wordpress version / ... blogVAULT
  • 29. Automatic Backups e.g. use blogVAULT blogVAULT
  • 30. What makes a good backup solution?Complete - Database + FilesOffsite - Local backup is as good as noneRegular BackupHistory of backupTest the RestoreSecure Backup blogVAULT
  • 31. Thank you blogVAULT http://blogvault.net We are Hiring!