WordPress Security Briefing
Upcoming SlideShare
Loading in...5

WordPress Security Briefing






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds


Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

WordPress Security Briefing WordPress Security Briefing Presentation Transcript

  • WordPress Security Briefing How To Keep Your WordPress Site Secure WP Apprentice Presented by
  • Who is this guy? Founder WPApprentice.com Web Developer 16 years CMS specialist Using WP since v. 0.9 Manage 30 + WP sites
  • Overview of todays session The current state of web & WordPress security Hacking risks How sites get hacked How to tell if your site has been hacked Security best practices Recommended plugins & security services
  • WordPress in the news
  • It’s not just WordPress
  • the web is becoming a very bad neighborhood
  • Is WordPress secure?
  • Linux - Operating System Apache - Web Server MySQL - Database Server PHP - Scripting language Built on layers of technology
  • WordPress itself has layers WordPress Core WordPress Themes WordPress Plugins
  • What are the risks?
  • What’s the worst that can happen? Site defaced Content modified Content injection (spam) Site deleted Backdoor installed - hackers your your site to attack others Malware distribution from your website
  • What’s the worst that can happen? Damage to your reputation Damage to your visitors computers Damage to your relationship with your customers Site removed from Google and other search engines Possible legal liabilities depending on information exposed or lost
  • Why would anyone hack MY website?
  • “I just installed WordPress on a new domain. I have zero traffic, in fact I’m still setting up my website” What are the chances?
  • This isn’t about you or your website - most attacks are automated Don’t take hacking personally - hackers don’t They see your server as an asset for future hacking activity The hacker perspective
  • How websites get hacked
  • How websites get hacked Weak password Outdated software Use of insecure FTP Shared web host / bad file permissions Security weakness in plugin Security weakness in theme Security weakness in WP (these are patched very quickly)
  • How to tell if your site has been hacked
  • Google: site:yourdomainname.com
  • http://www.google.com/safebrowsing/diagnostic?site=yourdomain.com
  • http://www.google.com/webmasters/
  • http://sucuri.net
  • http://sucuri.net
  • WordPress Security Best Practices
  • Backups are the only sure way to protect your website Schedule database backups daily Schedule full site backups weekly Be sure to backup your /wp-content/uploads folder Move backup files off your server http://wpapprentice.com/blog/preparing-for-a-wordpress-disaster/ Backup Regularly
  • http://ithemes.com/backupbuddy/
  • http://vaultpress.com
  • Never name an account “Admin” or any variation Don’t post from an account with admin privileges Create an account specifically for posting - assign Editor role WordPress user setup
  • Use a strong password (and don’t re-use passwords)
  • http://agilebits.com/onepassword
  • Check file and folder permissions on your server
  • Update WordPress, Plugins, and Themes asap
  • http://managewp.com
  • http://infinitewp.com
  • Delete what you don’t use (plugins and themes)
  • Avoid free plugins and themes from sketchy sources
  • Don’t install outdated plugins
  • Plugins & Security Services
  • http://cloudflare.com
  • How to fix a hacked site
  • How to fix your hacked site Reinstall fresh copy of WordPress Rebuild site from a clean backup Or, hire a professional (Sucuri does this)
  • Getting off the blacklist Google Webmaster Tools Sucuri will do this as part of cleanup service
  • This is too much work!
  • Use WordPress.com and don’t worry
  • http://wordpress.com
  • Q & A
  • Thank You