Your SlideShare is downloading. ×
WordPress Customization and Security
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

WordPress Customization and Security


Published on

Published in: Technology, Business

1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Joe Casabona • Web Developer. Writer. Nerd*. – *Computer, Device, Star Wars • Yankee Fan • Responsive Design with WordPress – Out Dec 2013 – – Discount Code for 35% off: RWDWP site: | twitter: @jcasabona | email: slides/resources:
  • 2. Phil Erb Twitter: @philerb Systems Admin & Programmer University of Scranton Co-Founder & Director of Technology Solve the Net Lover of WordPress
  • 3. WordPress Theme Customization
  • 4. Themes: A Primer • A WordPress Theme: – Provides control over the look and presentation of the material on your website. • The Codex! – Your best friend during development –
  • 5. Important Files Tip: Don’t Modify the Core!
  • 6. style.css • Includes Theme Definition /* Theme Name: Millennium Flights Theme URI: Description: A custom theme for Millennium Flights, Inc. Version: 1.0 Author: Joe Casabona Author URI: Tags: blue, white, two-column, flexible-width */ • Keep Common Classes in mine ( • RWD Tip: Put all CSS in One File
  • 7. functions.php • Place misc PHP functions, code, and variables • Considered a “plugin” file for your theme • Remember “Separation of Concerns” – Themes should only effect display, not content or functionality • Uses: Actions, Filters, side-wide functions • RWD Tip: Use this file for server-side detection
  • 8. index.php • The backbone of WordPress themes • Everything that doesn’t have its own template file will use index.php • Used to display a list of posts or content. • DO NOT remove The Loop from this page
  • 9. header.php and footer.php • Template Files to use throughout the theme • get_header() and get_footer() • wp_head() and wp_footer()
  • 10. The WordPress Hierarchy
  • 11.
  • 12. Template Files • Sophisticated Display Controls • Only required files: style.css and index.php • Custom templates down to the single post level • Example: Custom Post Type named“classes” single-classes.php  single.php  index.php
  • 13. Page Templates • Naming Convention – page-no-sidebar.php <?php /* Template Name: No Sidebar */ ?>
  • 14. The Loop
  • 15. Defined • The Loop is used by WordPress to display each of your posts. Using the Loop, WordPress processes each of the posts to be displayed on the current page and formats them according to how they match specified criteria within the Loop tags. Any HTML or PHP code placed in the Loop will be repeated on each post
  • 16. Essentially… • The Loop has functions to: – Make sure that you have posts to display – Display those posts. <?php if (have_posts()) : ?> <?php while (have_posts()) : the_post(); ?> //print post information using template tags <?php endwhile; ?> <?php else : ?> print “No posts found.”; <?php endif; ?>
  • 17. Template Tags • Functions in WordPress designed to print information about the Current Post • Some tags include: – the_title(), the_time(), the_content(), the_excerpt(), the_category(), the_tags(), the_permalink()
  • 18. If time permits… Let’s Look at a Live Theme!
  • 19. Securing Your WordPress Site
  • 20. Source: - WordPress Core is Secure – Stop Telling People Otherwise
  • 21. Yes … but … The code may be secure, but there are always things to improve
  • 22. Backup ALL the Things My hosting provider does that, why should I?
  • 23. How do I backup WordPress? Services – ValutPress Plugins – BackupBuddy – BackWPUp The good old fashioned way mysqldump -udbuser mydb > db.sql zip -r /webfolder/ db.sql
  • 24. Backup Best Practices Create a backup schedule that makes sense for your site. Get an off-site copy Test your backups
  • 25. Secure the Server To the extent that you can
  • 26. Use strong passwords FTP, SSH, and control panels will get hackers access to your sites
  • 27. Use SFTP instead of FTP, if possible
  • 28. Understand file permissions “777” makes everything work … for other people too.
  • 29. Install an SSL certificate
  • 30. Securing Core
  • 31. Secure the login process Wait, my password is sent over the Internet in plain text???
  • 32. Don’t use “admin”
  • 33. Stronger Authentication Use strong passwords Force Strong Passwords Limit the number of bad logins Login Lockdown Use multi-factor authentication Google Authetnicator Duo Two-Factor Authentication
  • 34. Always use SSL encryption for login forms and personal info
  • 35. No SSL? Passwords are Plain Text!
  • 36. Only give users the access they need This includes YOU Don’t always run as admin
  • 37. Don’t let your database be predictable Change the database table prefix
  • 38. Plugins, Themes, and Updates
  • 39. Only use trusted sources
  • 40. DON’T Google “free WordPress themes” Only one of these is trustworthy Source: - Why You Should Never Search For Free WordPress Themes
  • 41. Keep core, plugins, and themes up to date
  • 42. Security Services, Plugins & Tools
  • 43. Security Tools Sucuri Site scanner, monitoring, and security plugin Better WP Security Wordfence
  • 44. Updates and Management ManageWP InfiniteWP WP Remote
  • 45. Use a good hosting provider!
  • 46. Keep Yourself Secure Too!
  • 47. If your computer is hacked, your site could be next! Install OS and application updates Run antivirus software Use encrypted protocols (HTTPS, SFTP) Use strong passwords for everything
  • 48. Keep your ear to the WordPress community The products and the issues are ever evolving.
  • 49. Where to get the news Sucuri’s blog WP Updates Notifier plugin Check out more on the NEPAWP Resources page
  • 50. Questions? Comments? Statements of Disgust?
  • 51. References & Links • VaultPress • BackupBuddy • BackWPUp • Codex: Administration over SSL Administration_Over_SSL
  • 52. References & Links • How to Change the WordPress Database the-wordpress-database-prefix-to-improve-security/ • Login Lockdown • Force Strong Passwords • Google Authetnicator • Duo Two-Factor Authentication
  • 53. References & Links • Why You Should Never Search For Free WordPress Themes wordpress-themes-in-google-or-anywhere-else/ • Sucuri • Better WP Security • Wordfence
  • 54. References & Links • • WP Updates Notifier • Sucuri blog