• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
10 Ways to Secure WordPress

10 Ways to Secure WordPress



Learn 10 easy ways to make your WordPress site secure.

Learn 10 easy ways to make your WordPress site secure.



Total Views
Views on SlideShare
Embed Views



2 Embeds 60

http://www.endocreative.com 57
http://localhost 3



Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n

10 Ways to Secure WordPress 10 Ways to Secure WordPress Presentation Transcript

  • Fort Collins WordPress MeetupOctober 30, 2012
  • Jeremy GreenWordPress Developer at Endo CreativeOrganizer of the Fort CollinsWordPress Meetup@greenhornet79endocreative.com
  • 10 Ways toSecure WordPress
  • What is a hack?Taking advantage of aknown weakness
  • Why?• link spam• spam• spread malware/virus• criminal activity
  • Is WordPress secure?• No such thing as 100% secure• Updated regularly to address security issues• Do your part
  • Websites are a Responsibility• Easy, but complicated• You control how secure your site is• Ongoing attention and upkeep is a minimal requirement
  • 1. Use Strong Passwords• Use password generators• Keep track using 1Password or LastPass• This includes site, database, FTP, etc.• strongpasswordgenerator.com
  • 2. Update, Update, Update!• Keep WordPress up to date• Keep plugins up to date• Easy to do from the Dashboard
  • 3. Solid Backup Plan• Backup before updating• Restore from backup if hacked• WPB2D, Backup Buddy, VaultPress
  • 4. Don’t use “admin”• Gives hackers a leg up• Use a different username• Delete if it exists
  • 5. Delete unused files• Delete unused themes• Delete unused plugins• Can be a security risk, even if deactivated
  • 6. Limit permissions• Give users minimal required access• set file permissions at 644 and folders at 755• http://codex.wordpress.org/Changing_File_Permissions
  • 7. Choose quality hosting• Don’t use cheap, shared hosting• Bluehost, DreamHost, Laughing Squid• WPEngine, ZippyKid• http://wordpress.org/hosting/
  • 8. Change Table Prefix• Default is wp_• Use something unique
  • 9. Access site through SFTP• FTP doesn’t encrypt data• Ask your host to setup SFTP• Hackers can’t sniff credentials
  • 10. Check plugin stats• Number of downloads• When was it last updated• Plugin rating
  • Resources• http://codex.wordpress.org/Hardening_WordPress• http://codex.wordpress.org/Changing_File_Permissions• http://blog.sucuri.net/• http://codex.wordpress.org/FAQ_My_site_was_hacked
  • Resources• Sucuri.net• VaultPress• Backup Buddy• WordPress Backup to Dropbox• WPEngine• 1Password• LastPass• LoginLockdown
  • Questions?