Wordcampcolumbus 2009


Published on

WordCamp Columbus Presentation: Internet Security for Bloggers and Podcasters

May 16, 2009

Brian Lockrey


Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Wordcampcolumbus 2009

  1. 1. Internet Security for Bloggers and Podcasters Brian Lockrey http://AssistCoach.com
  2. 2. Overview Blog Security WordPress Social Networking Micro-Blogging Podcasts Advertising Best Practices
  3. 3. Blog Security: WordPress WordPress Security: Google 11,800,000 Very Popular Platform Prime Target for Hackers SEO: Search Engine Optimization Traffic Redirection Links to Pharmacy / Adult sites Graphics Replacement Ad / Affiliate Redirection Many others…
  4. 4. Blog Security: WordPress You are on their hit list! Game… Like you play Guitar Hero… Always run the latest versions Backdoor entry points Passwords for users are downloaded Open Source Software Backups are essential Frequent updates are essential Many others…
  5. 5. Blog Security: WordPress Monitor log files Block probers if you can Delete meta tag that displays WP version “Powered by WordPress” Private site or hosted? WordPress.com What is your Time worth? What is your Blog worth?
  6. 6. Blog Security: WordPress Turn off Open Registration WP 2.5+ has better password encryption Use a Strong admin password! Limit Search on your server Protect Directories from public browsing Drop the version string in Meta Tags
  7. 7. Blog Security: WordPress Limitwp-admin access by IP address Protect using .htaccess Protect your MySQL database Use SSH/Shell access, not FTP Use SFTP uploads if you can Use VPN if you can Never use Telnet!
  8. 8. Hosting Platform? Use Linux / Apache if you can Do NOT use Microsoft Windows Automattic PollDaddy migration PollDaddy .NET / SQL to PHP/MySQL Automattic has 1,200 servers in use Per Matt’s Blog - Stable and Scalable
  9. 9. WordPress: Internals PHP MySQL Known Database Schema Known Class and Function Names Known File Names Known Folder Names
  10. 10. WordPress: Internals PHP – Must be kept updated MySQL – Must be kept updated OpenSource Software more secure Security Through Transparency Millions of people looking at it Often fixed quickly
  11. 11. WordPress: Look For? The Obvious PlugIns that you did not install header.php changes Search Engine redirection (hard to detect) Spammers may hide text View HTML Source Code Google records your “bad” content
  12. 12. WordPress: Look For More? New Directories Your RSS feeds Search Engines Google = link:twittgroups.com Digg, StumbleUpon Many others…
  13. 13. If You Get Hacked? Justa matter of time Change ALL passwords Backup databases Update software quickly Shut down site. Maybe… Email to security@wordpress.com
  14. 14. WordPress: Plugins / Widgets Only use what you can trust Watch for suspicious activity WP Security Scan File Permissions Database Security XSS vulnerabilities Many others…
  15. 15. Comment Boxes / Widgets Comment Spam Login Required reCHAPTCHA codes Google Friend Connect OpenID Twitter OAuth Many others…
  16. 16. Advertising On Your Blog Google AdWords / AdSense Others ??? Affiliate Programs Be Careful… WordPress Plugins $5000 per Week? Slim Chance Should you $$$ to Advertise?
  17. 17. Podcasts Reliable Hosting Service Your XML feeds Search Engines Password Protect the Content Folders Will keep out the Google Spiders
  18. 18. Best Practices Software Up To Date! Backup Databases Directory Protection Codes File Protection Codes Remove Install Files Remove Version # Layered Software Do NOT use Microsoft Windows!
  19. 19. Summary Overwhelmed? StartSimple Best Practices Stay Updated Follow the Experts Network with others Collaborate with others
  20. 20. Questions? @AssistCoach