Your SlideShare is downloading. ×
0
Fort Collins WordPress MeetupOctober 30, 2012
Jeremy GreenWordPress Developer at Endo CreativeOrganizer of the Fort CollinsWordPress Meetup@greenhornet79endocreative.com
10 Ways toSecure WordPress
What is a hack?Taking advantage of aknown weakness
Why?• link spam• spam• spread malware/virus• criminal activity
Is WordPress secure?• No such thing as 100% secure• Updated regularly to address security issues• Do your part
Websites are a Responsibility• Easy, but complicated• You control how secure your  site is• Ongoing attention and upkeep  ...
1. Use Strong Passwords• Use password generators• Keep track using 1Password or LastPass• This includes site, database, FT...
2. Update, Update, Update!• Keep WordPress up to date• Keep plugins up to date• Easy to do from the Dashboard
3. Solid Backup Plan• Backup before updating• Restore from backup if hacked• WPB2D, Backup Buddy, VaultPress
4. Don’t use “admin”• Gives hackers a leg up• Use a different username• Delete if it exists
5. Delete unused files• Delete unused themes• Delete unused plugins• Can be a security risk, even if  deactivated
6. Limit permissions• Give users minimal required access• set file permissions at 644 and folders at 755• http://codex.word...
7. Choose quality hosting• Don’t use cheap, shared hosting• Bluehost, DreamHost, Laughing Squid• WPEngine, ZippyKid• http:...
8. Change Table Prefix• Default is wp_• Use something unique
9. Access site through SFTP• FTP doesn’t encrypt data• Ask your host to setup SFTP• Hackers can’t sniff credentials
10. Check plugin stats• Number of downloads• When was it last updated• Plugin rating
Resources• http://codex.wordpress.org/Hardening_WordPress• http://codex.wordpress.org/Changing_File_Permissions• http://bl...
Resources• Sucuri.net• VaultPress• Backup Buddy• WordPress Backup to Dropbox• WPEngine• 1Password• LastPass• LoginLockdown
Questions?
Upcoming SlideShare
Loading in...5
×

10 Ways to Secure WordPress

943

Published on

Learn 10 easy ways to make your WordPress site secure.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
943
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Transcript of "10 Ways to Secure WordPress"

    1. 1. Fort Collins WordPress MeetupOctober 30, 2012
    2. 2. Jeremy GreenWordPress Developer at Endo CreativeOrganizer of the Fort CollinsWordPress Meetup@greenhornet79endocreative.com
    3. 3. 10 Ways toSecure WordPress
    4. 4. What is a hack?Taking advantage of aknown weakness
    5. 5. Why?• link spam• spam• spread malware/virus• criminal activity
    6. 6. Is WordPress secure?• No such thing as 100% secure• Updated regularly to address security issues• Do your part
    7. 7. Websites are a Responsibility• Easy, but complicated• You control how secure your site is• Ongoing attention and upkeep is a minimal requirement
    8. 8. 1. Use Strong Passwords• Use password generators• Keep track using 1Password or LastPass• This includes site, database, FTP, etc.• strongpasswordgenerator.com
    9. 9. 2. Update, Update, Update!• Keep WordPress up to date• Keep plugins up to date• Easy to do from the Dashboard
    10. 10. 3. Solid Backup Plan• Backup before updating• Restore from backup if hacked• WPB2D, Backup Buddy, VaultPress
    11. 11. 4. Don’t use “admin”• Gives hackers a leg up• Use a different username• Delete if it exists
    12. 12. 5. Delete unused files• Delete unused themes• Delete unused plugins• Can be a security risk, even if deactivated
    13. 13. 6. Limit permissions• Give users minimal required access• set file permissions at 644 and folders at 755• http://codex.wordpress.org/Changing_File_Permissions
    14. 14. 7. Choose quality hosting• Don’t use cheap, shared hosting• Bluehost, DreamHost, Laughing Squid• WPEngine, ZippyKid• http://wordpress.org/hosting/
    15. 15. 8. Change Table Prefix• Default is wp_• Use something unique
    16. 16. 9. Access site through SFTP• FTP doesn’t encrypt data• Ask your host to setup SFTP• Hackers can’t sniff credentials
    17. 17. 10. Check plugin stats• Number of downloads• When was it last updated• Plugin rating
    18. 18. Resources• http://codex.wordpress.org/Hardening_WordPress• http://codex.wordpress.org/Changing_File_Permissions• http://blog.sucuri.net/• http://codex.wordpress.org/FAQ_My_site_was_hacked
    19. 19. Resources• Sucuri.net• VaultPress• Backup Buddy• WordPress Backup to Dropbox• WPEngine• 1Password• LastPass• LoginLockdown
    20. 20. Questions?
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×