WordPress Setup and Security - Updated
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


WordPress Setup and Security - Updated



Since WordPress enjoys the position of being one of the most widely used web platforms, it is also one of the most attacked. This has become particularly clear with the DNS and dictionary attack over ...

Since WordPress enjoys the position of being one of the most widely used web platforms, it is also one of the most attacked. This has become particularly clear with the DNS and dictionary attack over the last month. From installation to operation there are some fairly easy, yet must-do, steps to make sure your site is as secure as possible.

In this session, we will look at the basics of WP security touching on everything from file permissions and user accounts to preventing script injection and backup procedures to protect your blog from hacking or downtime. We will cover techniques that apply to both ORG and COM installations, and highlight what can and cannot be done on both.

Michael Carnell (http://www.MichaelCarnell.com) is a systems programmer for the Medical University of South Carolina. He is also data director for DesignTechWeb (http://www.DesignTechWeb.com), a partnership which produces sophisticated and secure website solutions for locally owned businesses and not-for-profits. He is both Microsoft and Apple Certified, and often teaches classes and speaks on PC, Macintosh and Web technologies. Oh, and he loves trains and British cars.



Total Views
Views on SlideShare
Embed Views



1 Embed 12

https://twitter.com 12



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • The            setup            in            the            video            no            longer            works.           
    And            all            other            links            in            comment            are            fake            too.           
    But            luckily,            we            found            a            working            one            here (copy paste link in browser) :            www.goo.gl/yT1SNP
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

WordPress Setup and Security - Updated Presentation Transcript

  • 1. WordPress Setupand SecurityMichael Carnell - @carnellmhttp://www.DesignTechWeb.comThese slides are available at"http://www.MichaelCarnell.com/presentations"or http://slideshare.net/carnellm
  • 2. Wait! Before We Start•  Your Domain Name!•  Domain Name Registrar!•  Need not be the same as your host (should not?)!•  Needs to be in YOUR name!•  Privacy? Depends on type of site and you!•  My preferred registrar these days is Hover.com!
  • 3. Let s Talk Hosting
  • 4. The Not So Good" GoDaddy - common back end database thatisn t secured well and suffers fromperformance overload, poor support!" Brinkster - has been hacked numerous times!" FreeHostia - slow, free account is very limited,always pushing the upsell!"   Doing it yourself …!
  • 5. For the Good Times" DreamHost - Not always the cheapest, butgood and good support. But watch CPU usageas they will cut off processes.!" MediaTemple - Again, not cheap, but verystable and secure. Monitors scripts.!" BlueHost!" HostGator!
  • 6. The Basic Rules"   Do your research - "http://www.DesignTechWeb.com/hosting!"   Check their own support forums!"   Is there a free trial or money back guarantee?!"   If you are a high traffic site (really), you need adedicated server!"   None of this really applies to WordPress.com!
  • 7. The Dirty Details"for WordPress
  • 8. Install Correctly"   While installing (most will use OneClick) . . .!"   Consider your directory? Do you use the standard?Root?!"   Consider altering the database name if your installallows!"   Make database username and password long andcryptic. Store them away not to be used!"   Don t user redundant info - admin name same asusername, same as blog name, etc...!
  • 9. Double Check the Install"   File level tasks to be done via FTP . . .!"   Delete ..wp-admininstall.php!"   In wp-config.php, add the optional security keys - "http://api.wordpress.org/secret-key/1.1/!"   Add index.php, a blank file to all plugin and themedirectories if it isn t already there!"   Check the file directory privileges (if you arecomfortable)!
  • 10. Post Install Setup"   Create new admin user with strong password!"   Change Admin password and make a subscriber"Why not delete??!"   Make your main admin s display name differentfrom login name !"   Change setting to allow editing by outside packagesif wanted - but know what you are doing!"   Change permalink structure (thank you WP 3.3!)!"   Demo Time Again....!
  • 11. As You Build•  Themes and Plug-ins : be safe!•  Consider the source!•  Always be suspicious!•  Again, do you research and ask around!•  Consider Search Engine Visibility (under Settings / Reading)!•  Put up a Coming Soon or Down for Maintenance screen!•  Understand your Discussion Settings!
  • 12. Discussion Settings
  • 13. Discussion Settings, part 2
  • 14. Security Plugins You Need"   Some more plugins that you should have:!" Askimet - AntiSpam, comes with the install, you will just need key!" Block Bad Queries - blocks code injection through queries!" Search Meter - What are your visitors looking for, but also showsextraneous search injections!" SecureWordPress - basically a security audit!" AntiVirus or another such!" Limit Login Attempts – Helps protect against dictionary attacks!"   Demo Time Again!!
  • 15. Simple Backup for WP"   Your content is your responsibility, not your host’s!"   Great a GMail account or use your current one withcustom address such as yourname+backups@gmail.com !"   Make a filter that auto files away all email coming into that address!"   Database - WP-DB-Backup!"   Images & Themes - WordPress Backup !"   Doesn’t hurt to occasionally backup manually too!
  • 16. Stay Up-To-Date" WordPress 3.5.1 is Out – 3.6 coming soon! !"   You will need to update your base software – unlessyour host does it for you or you are WordPress.com!"   You will also need to update both your plug-ins andthemes.!"   Test your plug-ins so you can rollback if they don’twork!"   Be careful of what theme updates will do to anycustomizations you have made!"   As always, backup first!
  • 17. Michael Carnell!http://www.MichaelCarnell.com!@carnellm on Twitter!Slides available on"http://slideshare.net/carnellm"and further info available on...!Sophisticated Secure Websites!http://www.DesignTechWeb.com!
  • 18. Q & A