SlideShare a Scribd company logo

Protect Your WordPress From The Inside Out

Download as PPTX, PDF
SiteGround.com
SiteGround.com

The recent spike of hack attempts on various WordPress sites has made it more urgent than ever to take actions and secure your WordPress in the best possible way. In this webinar the WebDevStudios founders show the best practices and share insightful tricks how to protect your WordPress from getting hacked: - WordPress Security Threats & Trends - WordPress Admin Security Settings - Securing Files, Folders & Databases - Bullet Proof Passwords - Vulnerable WordPress Extensions - Recommended Plugins & Services

TechnologyBusiness
1 of 46
BY BRAD WILLIAMS & BRIAN MESSENLEHNER
Brad Williams Co-Founder WebDevStudios.com Co-Author Professional WordPress & Professional WordPress Plugin Development Co-Organizer WordCamp Philly Co-Host DradCast Brian Messenlehner Co-Founder WebDevStudios.com Co-Author Building Web Apps with WordPress Co-Organizer New Jersey WordPress Meetup
• Security Stats • Example Hack • Top Security Tips • Recommended Plugins & Services • Resources
FOR WORDPRESS Security Stats
700+ million websites May 2012 (Netcraft) 300 million websites in 2011 (Pingdom) 10+ billion indexed pages (WorldWebSize) Projected: • 1 Billion websites by 2013 • 2 Billion websites by 2015 0 500 1000 1500 2000 2500 2011 2012 2013 2015 Websites Websites
WordPress Stats • 73+ Million WordPress powered websites • 18.9% of all websites are running WordPress • 22 out of every 100 new domains in the U.S. launches with WordPress • Projected 300-500 Million WordPress sites by 2015
Web Malware Stats • 403 Million unique variants of malware in 2011 (Symantec) • 140% growth since 2010 • 81% increase in malicious web-based attacks between 2010 - 2011
In Summary – Be Scared!
FOR WORDPRESS Hack Example
Link Injection Hacker bots look for known exploits (SQL Injection, folder permissions, etc) This allows them to insert spam files/links into your WordPress Themes, plugins, and core files.
Link Injection Hosting account contained two separate websites WordPress WordPress Multisite
Link Injection Hacker bot dropped a malicious file on a WP Multisite install WordPress WordPress Multisite
Link Injection WordPress Multisite starts hacking WordPress install Inserting spam links into the theme, plugins, and core files WordPress WordPress Multisite
Link Injection WP Multisite contains no spam links Acts as a carrier to spread the contamination Cleaning up the WordPress website only resulted in more spam links a few days later WordPress WordPress Multisite
Link Injection 375 spam links per page, only shown to search engines
FOR WORDPRESS Securing WordPress
FOR WORDPRESS 1 Update Update Update Keep WordPress Updated! Minor WordPress versions ( ie 3.5.x ) do NOT add new features. They contain bug fixes and security patches
FOR WORDPRESS 1 Update Update Update Update Those Plugins! The plugin Changelog tab makes it very easy to view what has changed in a new plugin version
FOR WORDPRESS 1. Update Update Update NO EXCUSES! UPDATE!
FOR WORDPRESS 2. Use Secret Keys Some secrets should remain secrets
FOR WORDPRESS 2. Use Secret Keys define('AUTH_KEY', 'put your unique phrase here'); define('SECURE_AUTH_KEY', 'put your unique phrase here'); define('LOGGED_IN_KEY', 'put your unique phrase here'); define('NONCE_KEY', 'put your unique phrase here'); define('AUTH_SALT', 'put your unique phrase here'); define('SECURE_AUTH_SALT', 'put your unique phrase here'); define('LOGGED_IN_SALT', 'put your unique phrase here'); define('NONCE_SALT', 'put your unique phrase here'); 1. Edit wp-config.php A secret key is a hashing salt which makes your site harder to hack by adding random elements to the password. 2. Visit this URL to get your secret keys: https://api.wordpress.org/secret-key/1.1/salt BEFORE define('AUTH_KEY', '*8`:Balq!`,-j.JTl~sP%&>@ON,t(}S6)IG|nG1JIfY(,y=][-3$!N6be]-af|BD'); define('SECURE_AUTH_KEY', 'q+i-|3S~d?];6$[$!ZOXbw6c]0 !k/,UxOod>fqV!sWCkvBihF2#hI=CDt_}WaH1'); define('LOGGED_IN_KEY', 'D/QoRf{=&OC=CrT/^Zq}M9MPT&49^O}G+m2L{ItpX_jh(-I&-?pkeC_SaF0nw;m+'); define('NONCE_KEY', 'oJo8C&sc+ C7Yc,W1v o5}.FR,Zk!J<]vaCa%2D9nj8otj5z8UnJ_q.Q!hgpQ*-H'); define('AUTH_SALT', 'r>O/;U|xg~I5v.u(Nq+JMfYHk.*[p8!baAsb1DKa8.0}q/@V5snU1hV2eR!|whmt'); define('SECURE_AUTH_SALT', '3s1|cIj d7y<?]Z1n# i1^FQ *L(Kax)Y%r(mp[DUX.1a3!jv(;P_H6Q7|y.!7|-'); define('LOGGED_IN_SALT', '`@>+QdZhD!|AKk09*mr~-F]/F39Sxjl31FX8uw+wxUYI;U{NWx|y|+bKJ*4`uF`*'); define('NONCE_SALT', 'O+#iqcPw#]O4TcC%Kz_DAf:mK!Zy@Zt*Kmm^C25U|T!|?ldOf/l1TZ6Tw$9y[M/6'); AFTER
FOR WORDPRESS Do you login with username admin?
FOR WORDPRESS
FOR WORDPRESS 3. Delete the Admin user account UPDATE wp_users SET user_login='hulkster' WHERE user_login='admin'; Change the admin username in MySQL: Or create a new account with administrator privileges. 1. Create a new account. Make the username very unique 2. Set account to Administrator role 3. Log out and log back in with new account 4. Delete admin account WordPress will allow you to reassign all content written by admin to an account of your choice.
FOR WORDPRESS 3. Delete the Admin user account WordPress lets you set the username during the installation process! DON'T USE ADMIN!
FOR WORDPRESS 3. Delete the Admin user account Knowing your username is half the battle. Don't make it easy on the hackers.
FOR WORDPRESS 4. File and Folder Permissions What folder permissions should you use? Good Rule of Thumb: • Files should be set to 644 • Folders should be set to 755 Start with the default settings above If your host requires 777…SWITCH HOSTS!
FOR WORDPRESS 4. File and Folder Permissions find [your path here] -type d -exec chmod 755 {} ; find [your path here] -type f -exec chmod 644 {} ; Or via SSH with the following commands
FOR WORDPRESS 5. Move wp-config.php WordPress features the ability to move the wp-config.php file one directory above your WordPress root This makes it nearly impossible for anyone to access your wp-config.php file from a browser as it now resides outside of your website’s root directory You can move your wp-config.php file to here WordPress automatically checks the parent directory if a wp-config.php file is not found in your root directory public_html/wordpress/wp-config.php If WordPress is located here: public_html/wp-config.php
FOR WORDPRESS 6. Lock Down WP Login and WP Admin
FOR WORDPRESS 6. Lock Down WP Login and WP Admin define('FORCE_SSL_LOGIN', true); Add the code below to wp-config.php to force SSL (https) on login Add the code below to wp-config.php to force SSL (https) on all admin pages define('FORCE_SSL_ADMIN', true); Using SSL (https) on all admin screens in WordPress will encrypt all data transmitted with the same encryption as online shopping
FOR WORDPRESS 6. Lock Down WP Login and WP Admin AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Access Control" AuthType Basic order deny,allow deny from all #IP address to Whitelist allow from 67.123.83.59 allow from 123.123.123.* 1. Create an .htaccess file in your wp-admin directory Only a user with the IP 67.123.83.59 or 123.123.123.* can access wp-admin 2. Add the following lines of code:
FOR WORDPRESS 7. Use Trusted Sources for Themes & Plugins WPMU.org reviewed the top 10 results for “free wordpress themes” on Google. Out of the ten sites reviewed 1. Safe: 1 2. Iffy: 1 3. Avoid: 8 Source: http://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/
FOR WORDPRESS 7. Use Trusted Sources for Themes & Plugins Source: http://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/ The only safe site reviewed was WordPress.org Most themes included base64() encoded text links to promote various servies
FOR WORDPRESS 8. Be Secure Locally Think of your local environment as if it was a medieval castle and you’re the queen or king. Your kingdom must be protected! Keep your computer up to date • Ensure you’re patching or installing updates ASAP • Automatic updates rock! Install an anti-virus solution • Ensure you’re keeping definitions current • Automatic updates aren’t a bad idea here either! Yes, personal firewalls still apply!
FOR WORDPRESS 8. Be Secure Locally It’s your information, but who’s watching & listening? You may be a network geek at home, but what happens at Starbucks? Your Internet Connection Use SSL whenever possible, especially on an unverified connection. • HTTPS is a great way to ensure your transactions & traffic are traveling with security in mind. Connecting To Your Site(s) Consider using sFTP or SSH vs. FTP •Still widely marketed, but did you know your credentials are passed unencrypted when using FTP? •If unavoidable, do not allow anonymous logins, limit connections, practice least privilege. •Don’t store your credentials in your FTP client.
FOR WORDPRESS 9. Use a Trusted Host You get what you pay for…
FOR WORDPRESS 9. Use a Trusted Host At the end of the day, hosting providers market the world. You in turn, should have opportunity to know how they’re going to protect you. Your Lovely Host • Cheap doesn’t always mean best, or safe! • How many sites on their network are blacklisted for malware reasons? • What version of software do they run and how often do they update? • How are account credentials stored & who has access?
FOR WORDPRESS 10. Use Common Sense • Use a strong password • BAD: bradisawesome • GOOD: SCrEE79joLly$ • A=@, E=3, S=$, O=0 (This is not unique, they know this) • Update passwords regularly (Monthly, make a schedule) • Know your admins, limit number of accounts (WP, FTP, Hosting, etc) • Backup, Backup, Backup (Use BackupBuddy for scheduled backups)
FOR WORDPRESS Plugins & Services
FOR WORDPRESS Login Lockdown http://wordpress.org/extend/plugins/login-lockdown/
FOR WORDPRESS Sucuri Security SiteCheck Malware Scanner http://wordpress.org/plugins/sucuri-scanner/ • Scan your site for malware, SPAM injections, errors, and more • Hardening of key WordPress directories • Verify core WordPress files have not been modified
FOR WORDPRESS Exploit Scanner http://wordpress.org/extend/plugins/exploit-scanner/ • Scans your files and database for potentially malicious code • Does not remove code, only detects it
FOR WORDPRESS http://Sucuri.net • Free Website Malware Scanner: http://sitecheck.sucuri.net/scanner/ • Website monitoring • Hack cleanup services • Sucuri Security Plugin • Free to clients • Web Application Firewall • Integrity Monitoring • Auditing • Hardening http://Sucuri.net
FOR WORDPRESS • Security Related Articles • http://codex.wordpress.org/Hardening_WordPress • http://blog.sucuri.net/2012/04/lockdown-wordpress-a-security-webinar-with-dre-armeda.html • http://blog.sucuri.net/2012/04/ask-sucuri-how-to-stop-the-hacker-and-ensure-your-site-is- locked.html • http://blog.sucuri.net/2012/04/ask-sucuri-what-should-i-know-when-engaging-a-web- malware-company.html • Clean a Hacked Site • http://codex.wordpress.org/FAQ_My_site_was_hacked • http://www.marketingtechblog.com/wordpress-hacked/ • Support Forums • Hacked: http://wordpress.org/tags/hacked • Malware: http://wordpress.org/tags/malware
Brad Williams brad@webdevstudios.com Blog: strangework.com Twitter: @williamsba http://bit.ly/prowp2 Brian Messenlehner brian@webdevstudios.com Blog: brian.messenlehner.com Twitter: @bmess http://bit.ly/prowp2

Recommended

Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanJeff Hoffman
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityBrad Williams
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Brad Williams
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013Brad Williams
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 

Recommended

Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanJeff Hoffman
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityBrad Williams
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Brad Williams
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013Brad Williams
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Brad Williams
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basicsamiable_indian
 
WordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateWordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateZero Point Development
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPressDre Armeda
 
WordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress MeetupWordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress MeetupJohn Carcutt
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009Brad Williams
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress SecurityShawn Hooper
 
WordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityWordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityBrad Williams
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security PresentationAndrew Paton
 
Secure All The Things!
Secure All The Things!Secure All The Things!
Secure All The Things!Dougal Campbell
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress SecurityDougal Campbell
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Vlad Lasky
 
Website security
Website securityWebsite security
Website securityAkhilesh Kant
 
WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010Brad Williams
 
Advanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksAdvanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksBrad Williams
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityJennifer Riehle McFarland
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best PracticesZero Point Development
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleKayleigh Thorpe
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and SecurityThink Media Inc.
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignJudy Wilson
 

More Related Content

What's hot

WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Brad Williams
 
WordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateWordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateZero Point Development
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPressDre Armeda
 
WordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress MeetupWordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress MeetupJohn Carcutt
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009Brad Williams
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress SecurityShawn Hooper
 
WordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityWordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityBrad Williams
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security PresentationAndrew Paton
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress SecurityDougal Campbell
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Vlad Lasky
 
WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010Brad Williams
 
Advanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksAdvanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksBrad Williams
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleKayleigh Thorpe
 

What's hot (20)

WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basics
 
WordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateWordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 Update
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPress
 
WordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress MeetupWordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress Meetup
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress Security
 
WordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityWordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress Security
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security Presentation
 
Secure All The Things!
Secure All The Things!Secure All The Things!
Secure All The Things!
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress Security
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011
 
Website security
Website securityWebsite security
Website security
 
WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010
 
Advanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksAdvanced Thesis Techniques and Tricks
Advanced Thesis Techniques and Tricks
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
 

Similar to Protect Your WordPress From The Inside Out

WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and SecurityThink Media Inc.
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignJudy Wilson
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014Judy Wilson
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The WildWord Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wildrebelpixel
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityNathan Platt
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Think Media Inc.
 
Wordpress Security Tips
Wordpress Security TipsWordpress Security Tips
Wordpress Security TipsLalit Nama
 
WordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The WildWordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The Wildrebelpixel
 
Word press beirut 9th meetup march
Word press beirut 9th meetup marchWord press beirut 9th meetup march
Word press beirut 9th meetup marchFadi Nicolas Zahhar
 
WordPress Security - 12 WordPress Security Fundamentals
WordPress Security - 12 WordPress Security FundamentalsWordPress Security - 12 WordPress Security Fundamentals
WordPress Security - 12 WordPress Security Fundamentalsfindingsimple
 
Your WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedYour WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedAngela Bowman
 
WordCamp RI 2015 - Beginner WordPress Workshop
WordCamp RI 2015 - Beginner WordPress Workshop WordCamp RI 2015 - Beginner WordPress Workshop
WordCamp RI 2015 - Beginner WordPress Workshop Ella J Designs
 
Wordpress security issues
Wordpress security issuesWordpress security issues
Wordpress security issuesDeepu Thomas
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
 
Securing Word Press Blog
Securing Word Press BlogSecuring Word Press Blog
Securing Word Press BlogChetan Gole
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressChelsea O'Brien
 

Similar to Protect Your WordPress From The Inside Out (20)

WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and Security
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web Design
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The WildWord Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wild
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013
 
Wordpress Security Tips
Wordpress Security TipsWordpress Security Tips
Wordpress Security Tips
 
WordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The WildWordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The Wild
 
Word press beirut 9th meetup march
Word press beirut 9th meetup marchWord press beirut 9th meetup march
Word press beirut 9th meetup march
 
WordPress Security - 12 WordPress Security Fundamentals
WordPress Security - 12 WordPress Security FundamentalsWordPress Security - 12 WordPress Security Fundamentals
WordPress Security - 12 WordPress Security Fundamentals
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
WordPress Security
WordPress Security WordPress Security
WordPress Security
 
Your WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedYour WordPress Website Is/Not Hacked
Your WordPress Website Is/Not Hacked
 
Secure wordpress
Secure wordpressSecure wordpress
Secure wordpress
 
WordCamp RI 2015 - Beginner WordPress Workshop
WordCamp RI 2015 - Beginner WordPress Workshop WordCamp RI 2015 - Beginner WordPress Workshop
WordCamp RI 2015 - Beginner WordPress Workshop
 
Wordpress security issues
Wordpress security issuesWordpress security issues
Wordpress security issues
 
WordPress security
WordPress securityWordPress security
WordPress security
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
 
Securing Word Press Blog
Securing Word Press BlogSecuring Word Press Blog
Securing Word Press Blog
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your Wordpress
 

More from SiteGround.com

Accessibilità digitale: come rendere un sito web accessibile a tutti
Accessibilità digitale: come rendere un sito web accessibile a tuttiAccessibilità digitale: come rendere un sito web accessibile a tutti
Accessibilità digitale: come rendere un sito web accessibile a tuttiSiteGround.com
 
WhatsApp Marketing: cos’è e come farlo nel modo giusto
WhatsApp Marketing: cos’è e come farlo nel modo giustoWhatsApp Marketing: cos’è e come farlo nel modo giusto
WhatsApp Marketing: cos’è e come farlo nel modo giustoSiteGround.com
 
Come usare e ottimizzare le immagini per il web
Come usare e ottimizzare le immagini per il webCome usare e ottimizzare le immagini per il web
Come usare e ottimizzare le immagini per il webSiteGround.com
 
5 cose da sapere per fare un sito responsive su WordPress
5 cose da sapere per fare un sito responsive su WordPress5 cose da sapere per fare un sito responsive su WordPress
5 cose da sapere per fare un sito responsive su WordPressSiteGround.com
 
Black Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerce
Black Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerceBlack Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerce
Black Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerceSiteGround.com
 
Attacchi informatici: cosa sono e come funzionano
Attacchi informatici: cosa sono e come funzionanoAttacchi informatici: cosa sono e come funzionano
Attacchi informatici: cosa sono e come funzionanoSiteGround.com
 
Google Analytics 4: affrontare il cambiamento senza sforzi
Google Analytics 4: affrontare il cambiamento senza sforziGoogle Analytics 4: affrontare il cambiamento senza sforzi
Google Analytics 4: affrontare il cambiamento senza sforziSiteGround.com
 
Yoast SEO: trucchi e consigli per sfruttarlo al meglio
Yoast SEO: trucchi e consigli per sfruttarlo al meglioYoast SEO: trucchi e consigli per sfruttarlo al meglio
Yoast SEO: trucchi e consigli per sfruttarlo al meglioSiteGround.com
 
Webinar SITEGROUNG VENDERE ONLINE.pdf
Webinar SITEGROUNG VENDERE ONLINE.pdfWebinar SITEGROUNG VENDERE ONLINE.pdf
Webinar SITEGROUNG VENDERE ONLINE.pdfSiteGround.com
 
Cookieless World: La Marketing Automation a supporto del business online
Cookieless World: La Marketing Automation a supporto del business onlineCookieless World: La Marketing Automation a supporto del business online
Cookieless World: La Marketing Automation a supporto del business onlineSiteGround.com
 
È meglio la SEO on-page o la SEO off-page?
È meglio la SEO on-page o la SEO off-page?È meglio la SEO on-page o la SEO off-page?
È meglio la SEO on-page o la SEO off-page?SiteGround.com
 
Analytics: Trasforma il tuo sito in uno strumento di business
Analytics: Trasforma il tuo sito in uno strumento di businessAnalytics: Trasforma il tuo sito in uno strumento di business
Analytics: Trasforma il tuo sito in uno strumento di businessSiteGround.com
 
Come e perché ottimizzare il proprio sito per i Core Web Vitals
Come e perché ottimizzare il proprio sito per i Core Web VitalsCome e perché ottimizzare il proprio sito per i Core Web Vitals
Come e perché ottimizzare il proprio sito per i Core Web VitalsSiteGround.com
 
SEM: il centravanti del tuo Marketing Online
SEM: il centravanti del tuo Marketing OnlineSEM: il centravanti del tuo Marketing Online
SEM: il centravanti del tuo Marketing OnlineSiteGround.com
 
10 plugin fondamentali per migliorare il tuo sito WooCommerce
10 plugin fondamentali per migliorare il tuo sito WooCommerce10 plugin fondamentali per migliorare il tuo sito WooCommerce
10 plugin fondamentali per migliorare il tuo sito WooCommerceSiteGround.com
 
Ottimizzazione e gestione WordPress: Azioni semplici per risultati immediati
Ottimizzazione e gestione WordPress: Azioni semplici per risultati immediatiOttimizzazione e gestione WordPress: Azioni semplici per risultati immediati
Ottimizzazione e gestione WordPress: Azioni semplici per risultati immediatiSiteGround.com
 
Crea fantastiche landing page con il nuovo editor WordPress
Crea fantastiche landing page con il nuovo editor WordPressCrea fantastiche landing page con il nuovo editor WordPress
Crea fantastiche landing page con il nuovo editor WordPressSiteGround.com
 
Personal Branding: strategie digitali per il marketing personale
Personal Branding: strategie digitali per il marketing personalePersonal Branding: strategie digitali per il marketing personale
Personal Branding: strategie digitali per il marketing personaleSiteGround.com
 
Le 10 domande più frequenti su WordPress (e le 10 risposte)
Le 10 domande più frequenti su WordPress (e le 10 risposte)Le 10 domande più frequenti su WordPress (e le 10 risposte)
Le 10 domande più frequenti su WordPress (e le 10 risposte)SiteGround.com
 
Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...
Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...
Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...SiteGround.com
 

More from SiteGround.com (20)

Accessibilità digitale: come rendere un sito web accessibile a tutti
Accessibilità digitale: come rendere un sito web accessibile a tuttiAccessibilità digitale: come rendere un sito web accessibile a tutti
Accessibilità digitale: come rendere un sito web accessibile a tutti
 
WhatsApp Marketing: cos’è e come farlo nel modo giusto
WhatsApp Marketing: cos’è e come farlo nel modo giustoWhatsApp Marketing: cos’è e come farlo nel modo giusto
WhatsApp Marketing: cos’è e come farlo nel modo giusto
 
Come usare e ottimizzare le immagini per il web
Come usare e ottimizzare le immagini per il webCome usare e ottimizzare le immagini per il web
Come usare e ottimizzare le immagini per il web
 
5 cose da sapere per fare un sito responsive su WordPress
5 cose da sapere per fare un sito responsive su WordPress5 cose da sapere per fare un sito responsive su WordPress
5 cose da sapere per fare un sito responsive su WordPress
 
Black Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerce
Black Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerceBlack Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerce
Black Friday: 10 consigli per fare promozioni e migliorare il tuo eCommerce
 
Attacchi informatici: cosa sono e come funzionano
Attacchi informatici: cosa sono e come funzionanoAttacchi informatici: cosa sono e come funzionano
Attacchi informatici: cosa sono e come funzionano
 
Google Analytics 4: affrontare il cambiamento senza sforzi
Google Analytics 4: affrontare il cambiamento senza sforziGoogle Analytics 4: affrontare il cambiamento senza sforzi
Google Analytics 4: affrontare il cambiamento senza sforzi
 
Yoast SEO: trucchi e consigli per sfruttarlo al meglio
Yoast SEO: trucchi e consigli per sfruttarlo al meglioYoast SEO: trucchi e consigli per sfruttarlo al meglio
Yoast SEO: trucchi e consigli per sfruttarlo al meglio
 
Webinar SITEGROUNG VENDERE ONLINE.pdf
Webinar SITEGROUNG VENDERE ONLINE.pdfWebinar SITEGROUNG VENDERE ONLINE.pdf
Webinar SITEGROUNG VENDERE ONLINE.pdf
 
Cookieless World: La Marketing Automation a supporto del business online
Cookieless World: La Marketing Automation a supporto del business onlineCookieless World: La Marketing Automation a supporto del business online
Cookieless World: La Marketing Automation a supporto del business online
 
È meglio la SEO on-page o la SEO off-page?
È meglio la SEO on-page o la SEO off-page?È meglio la SEO on-page o la SEO off-page?
È meglio la SEO on-page o la SEO off-page?
 
Analytics: Trasforma il tuo sito in uno strumento di business
Analytics: Trasforma il tuo sito in uno strumento di businessAnalytics: Trasforma il tuo sito in uno strumento di business
Analytics: Trasforma il tuo sito in uno strumento di business
 
Come e perché ottimizzare il proprio sito per i Core Web Vitals
Come e perché ottimizzare il proprio sito per i Core Web VitalsCome e perché ottimizzare il proprio sito per i Core Web Vitals
Come e perché ottimizzare il proprio sito per i Core Web Vitals
 
SEM: il centravanti del tuo Marketing Online
SEM: il centravanti del tuo Marketing OnlineSEM: il centravanti del tuo Marketing Online
SEM: il centravanti del tuo Marketing Online
 
10 plugin fondamentali per migliorare il tuo sito WooCommerce
10 plugin fondamentali per migliorare il tuo sito WooCommerce10 plugin fondamentali per migliorare il tuo sito WooCommerce
10 plugin fondamentali per migliorare il tuo sito WooCommerce
 
Ottimizzazione e gestione WordPress: Azioni semplici per risultati immediati
Ottimizzazione e gestione WordPress: Azioni semplici per risultati immediatiOttimizzazione e gestione WordPress: Azioni semplici per risultati immediati
Ottimizzazione e gestione WordPress: Azioni semplici per risultati immediati
 
Crea fantastiche landing page con il nuovo editor WordPress
Crea fantastiche landing page con il nuovo editor WordPressCrea fantastiche landing page con il nuovo editor WordPress
Crea fantastiche landing page con il nuovo editor WordPress
 
Personal Branding: strategie digitali per il marketing personale
Personal Branding: strategie digitali per il marketing personalePersonal Branding: strategie digitali per il marketing personale
Personal Branding: strategie digitali per il marketing personale
 
Le 10 domande più frequenti su WordPress (e le 10 risposte)
Le 10 domande più frequenti su WordPress (e le 10 risposte)Le 10 domande più frequenti su WordPress (e le 10 risposte)
Le 10 domande più frequenti su WordPress (e le 10 risposte)
 
Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...
Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...
Local marketing e Local SEO. Conoscere e utilizzare Google per aumentare le v...
 

Recently uploaded

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Recently uploaded (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

Protect Your WordPress From The Inside Out

  • 1. BY BRAD WILLIAMS & BRIAN MESSENLEHNER
  • 2. Brad Williams Co-Founder WebDevStudios.com Co-Author Professional WordPress & Professional WordPress Plugin Development Co-Organizer WordCamp Philly Co-Host DradCast Brian Messenlehner Co-Founder WebDevStudios.com Co-Author Building Web Apps with WordPress Co-Organizer New Jersey WordPress Meetup
  • 3. • Security Stats • Example Hack • Top Security Tips • Recommended Plugins & Services • Resources
  • 5. 700+ million websites May 2012 (Netcraft) 300 million websites in 2011 (Pingdom) 10+ billion indexed pages (WorldWebSize) Projected: • 1 Billion websites by 2013 • 2 Billion websites by 2015 0 500 1000 1500 2000 2500 2011 2012 2013 2015 Websites Websites
  • 6. WordPress Stats • 73+ Million WordPress powered websites • 18.9% of all websites are running WordPress • 22 out of every 100 new domains in the U.S. launches with WordPress • Projected 300-500 Million WordPress sites by 2015
  • 7. Web Malware Stats • 403 Million unique variants of malware in 2011 (Symantec) • 140% growth since 2010 • 81% increase in malicious web-based attacks between 2010 - 2011
  • 8. In Summary – Be Scared!
  • 10. Link Injection Hacker bots look for known exploits (SQL Injection, folder permissions, etc) This allows them to insert spam files/links into your WordPress Themes, plugins, and core files.
  • 11. Link Injection Hosting account contained two separate websites WordPress WordPress Multisite
  • 12. Link Injection Hacker bot dropped a malicious file on a WP Multisite install WordPress WordPress Multisite
  • 13. Link Injection WordPress Multisite starts hacking WordPress install Inserting spam links into the theme, plugins, and core files WordPress WordPress Multisite
  • 14. Link Injection WP Multisite contains no spam links Acts as a carrier to spread the contamination Cleaning up the WordPress website only resulted in more spam links a few days later WordPress WordPress Multisite
  • 15. Link Injection 375 spam links per page, only shown to search engines
  • 17. FOR WORDPRESS 1 Update Update Update Keep WordPress Updated! Minor WordPress versions ( ie 3.5.x ) do NOT add new features. They contain bug fixes and security patches
  • 18. FOR WORDPRESS 1 Update Update Update Update Those Plugins! The plugin Changelog tab makes it very easy to view what has changed in a new plugin version
  • 19. FOR WORDPRESS 1. Update Update Update NO EXCUSES! UPDATE!
  • 20. FOR WORDPRESS 2. Use Secret Keys Some secrets should remain secrets
  • 21. FOR WORDPRESS 2. Use Secret Keys define('AUTH_KEY', 'put your unique phrase here'); define('SECURE_AUTH_KEY', 'put your unique phrase here'); define('LOGGED_IN_KEY', 'put your unique phrase here'); define('NONCE_KEY', 'put your unique phrase here'); define('AUTH_SALT', 'put your unique phrase here'); define('SECURE_AUTH_SALT', 'put your unique phrase here'); define('LOGGED_IN_SALT', 'put your unique phrase here'); define('NONCE_SALT', 'put your unique phrase here'); 1. Edit wp-config.php A secret key is a hashing salt which makes your site harder to hack by adding random elements to the password. 2. Visit this URL to get your secret keys: https://api.wordpress.org/secret-key/1.1/salt BEFORE define('AUTH_KEY', '*8`:Balq!`,-j.JTl~sP%&>@ON,t(}S6)IG|nG1JIfY(,y=][-3$!N6be]-af|BD'); define('SECURE_AUTH_KEY', 'q+i-|3S~d?];6$[$!ZOXbw6c]0 !k/,UxOod>fqV!sWCkvBihF2#hI=CDt_}WaH1'); define('LOGGED_IN_KEY', 'D/QoRf{=&OC=CrT/^Zq}M9MPT&49^O}G+m2L{ItpX_jh(-I&-?pkeC_SaF0nw;m+'); define('NONCE_KEY', 'oJo8C&sc+ C7Yc,W1v o5}.FR,Zk!J<]vaCa%2D9nj8otj5z8UnJ_q.Q!hgpQ*-H'); define('AUTH_SALT', 'r>O/;U|xg~I5v.u(Nq+JMfYHk.*[p8!baAsb1DKa8.0}q/@V5snU1hV2eR!|whmt'); define('SECURE_AUTH_SALT', '3s1|cIj d7y<?]Z1n# i1^FQ *L(Kax)Y%r(mp[DUX.1a3!jv(;P_H6Q7|y.!7|-'); define('LOGGED_IN_SALT', '`@>+QdZhD!|AKk09*mr~-F]/F39Sxjl31FX8uw+wxUYI;U{NWx|y|+bKJ*4`uF`*'); define('NONCE_SALT', 'O+#iqcPw#]O4TcC%Kz_DAf:mK!Zy@Zt*Kmm^C25U|T!|?ldOf/l1TZ6Tw$9y[M/6'); AFTER
  • 22. FOR WORDPRESS Do you login with username admin?
  • 24. FOR WORDPRESS 3. Delete the Admin user account UPDATE wp_users SET user_login='hulkster' WHERE user_login='admin'; Change the admin username in MySQL: Or create a new account with administrator privileges. 1. Create a new account. Make the username very unique 2. Set account to Administrator role 3. Log out and log back in with new account 4. Delete admin account WordPress will allow you to reassign all content written by admin to an account of your choice.
  • 25. FOR WORDPRESS 3. Delete the Admin user account WordPress lets you set the username during the installation process! DON'T USE ADMIN!
  • 26. FOR WORDPRESS 3. Delete the Admin user account Knowing your username is half the battle. Don't make it easy on the hackers.
  • 27. FOR WORDPRESS 4. File and Folder Permissions What folder permissions should you use? Good Rule of Thumb: • Files should be set to 644 • Folders should be set to 755 Start with the default settings above If your host requires 777…SWITCH HOSTS!
  • 28. FOR WORDPRESS 4. File and Folder Permissions find [your path here] -type d -exec chmod 755 {} ; find [your path here] -type f -exec chmod 644 {} ; Or via SSH with the following commands
  • 29. FOR WORDPRESS 5. Move wp-config.php WordPress features the ability to move the wp-config.php file one directory above your WordPress root This makes it nearly impossible for anyone to access your wp-config.php file from a browser as it now resides outside of your website’s root directory You can move your wp-config.php file to here WordPress automatically checks the parent directory if a wp-config.php file is not found in your root directory public_html/wordpress/wp-config.php If WordPress is located here: public_html/wp-config.php
  • 30. FOR WORDPRESS 6. Lock Down WP Login and WP Admin
  • 31. FOR WORDPRESS 6. Lock Down WP Login and WP Admin define('FORCE_SSL_LOGIN', true); Add the code below to wp-config.php to force SSL (https) on login Add the code below to wp-config.php to force SSL (https) on all admin pages define('FORCE_SSL_ADMIN', true); Using SSL (https) on all admin screens in WordPress will encrypt all data transmitted with the same encryption as online shopping
  • 32. FOR WORDPRESS 6. Lock Down WP Login and WP Admin AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Access Control" AuthType Basic order deny,allow deny from all #IP address to Whitelist allow from 67.123.83.59 allow from 123.123.123.* 1. Create an .htaccess file in your wp-admin directory Only a user with the IP 67.123.83.59 or 123.123.123.* can access wp-admin 2. Add the following lines of code:
  • 33. FOR WORDPRESS 7. Use Trusted Sources for Themes & Plugins WPMU.org reviewed the top 10 results for “free wordpress themes” on Google. Out of the ten sites reviewed 1. Safe: 1 2. Iffy: 1 3. Avoid: 8 Source: http://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/
  • 34. FOR WORDPRESS 7. Use Trusted Sources for Themes & Plugins Source: http://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/ The only safe site reviewed was WordPress.org Most themes included base64() encoded text links to promote various servies
  • 35. FOR WORDPRESS 8. Be Secure Locally Think of your local environment as if it was a medieval castle and you’re the queen or king. Your kingdom must be protected! Keep your computer up to date • Ensure you’re patching or installing updates ASAP • Automatic updates rock! Install an anti-virus solution • Ensure you’re keeping definitions current • Automatic updates aren’t a bad idea here either! Yes, personal firewalls still apply!
  • 36. FOR WORDPRESS 8. Be Secure Locally It’s your information, but who’s watching & listening? You may be a network geek at home, but what happens at Starbucks? Your Internet Connection Use SSL whenever possible, especially on an unverified connection. • HTTPS is a great way to ensure your transactions & traffic are traveling with security in mind. Connecting To Your Site(s) Consider using sFTP or SSH vs. FTP •Still widely marketed, but did you know your credentials are passed unencrypted when using FTP? •If unavoidable, do not allow anonymous logins, limit connections, practice least privilege. •Don’t store your credentials in your FTP client.
  • 37. FOR WORDPRESS 9. Use a Trusted Host You get what you pay for…
  • 38. FOR WORDPRESS 9. Use a Trusted Host At the end of the day, hosting providers market the world. You in turn, should have opportunity to know how they’re going to protect you. Your Lovely Host • Cheap doesn’t always mean best, or safe! • How many sites on their network are blacklisted for malware reasons? • What version of software do they run and how often do they update? • How are account credentials stored & who has access?
  • 39. FOR WORDPRESS 10. Use Common Sense • Use a strong password • BAD: bradisawesome • GOOD: SCrEE79joLly$ • A=@, E=3, S=$, O=0 (This is not unique, they know this) • Update passwords regularly (Monthly, make a schedule) • Know your admins, limit number of accounts (WP, FTP, Hosting, etc) • Backup, Backup, Backup (Use BackupBuddy for scheduled backups)
  • 42. FOR WORDPRESS Sucuri Security SiteCheck Malware Scanner http://wordpress.org/plugins/sucuri-scanner/ • Scan your site for malware, SPAM injections, errors, and more • Hardening of key WordPress directories • Verify core WordPress files have not been modified
  • 43. FOR WORDPRESS Exploit Scanner http://wordpress.org/extend/plugins/exploit-scanner/ • Scans your files and database for potentially malicious code • Does not remove code, only detects it
  • 44. FOR WORDPRESS http://Sucuri.net • Free Website Malware Scanner: http://sitecheck.sucuri.net/scanner/ • Website monitoring • Hack cleanup services • Sucuri Security Plugin • Free to clients • Web Application Firewall • Integrity Monitoring • Auditing • Hardening http://Sucuri.net
  • 45. FOR WORDPRESS • Security Related Articles • http://codex.wordpress.org/Hardening_WordPress • http://blog.sucuri.net/2012/04/lockdown-wordpress-a-security-webinar-with-dre-armeda.html • http://blog.sucuri.net/2012/04/ask-sucuri-how-to-stop-the-hacker-and-ensure-your-site-is- locked.html • http://blog.sucuri.net/2012/04/ask-sucuri-what-should-i-know-when-engaging-a-web- malware-company.html • Clean a Hacked Site • http://codex.wordpress.org/FAQ_My_site_was_hacked • http://www.marketingtechblog.com/wordpress-hacked/ • Support Forums • Hacked: http://wordpress.org/tags/hacked • Malware: http://wordpress.org/tags/malware
  • 46. Brad Williams brad@webdevstudios.com Blog: strangework.com Twitter: @williamsba http://bit.ly/prowp2 Brian Messenlehner brian@webdevstudios.com Blog: brian.messenlehner.com Twitter: @bmess http://bit.ly/prowp2