Do you usethe same password on    multiple sites?
If you don’t follow password best      practices, your hackedWordPress account could lead to   other compromised accounts
What’s at risk?• Redirect visitors to a completely different  website• Compromise shared hosting server and infect  other ...
Things you can do• Keep your core, themes & plugins updated• Remove unused themes & plugins from  server• Remove the WP ve...
Keep up-to-date• The majority of hacked WordPress sites  are not updated!• Before ever making updates, ensure you  backup ...
Clean up your house• Remove unused themes (twentyten, etc)• Remove inactive plugins from WordPress  and the server• Don’t ...
Remove the WP version numberhttp://www.wpbeginner.com/wp-tutorials/the-right-way-to-remove-wordpre
Select a good username• Never use ‘admin’ or ‘administrator’ as  your username• Never use the sitename as your username• I...
Never write as an Admin user• In no time at all a username can be  determined• If a post is written as an admin, half the ...
Create & use a strong password     When creating a password, do NOT use:• Your birthdate,        • Only numbers or  weddin...
Create & use a strong password        When creating a password, do use:• At least 10 characters• A mix of numbers, upper a...
Create & use a strong password                          Consider a multi-word combo passwordCredit: http://xkcd.com/936/
Create & use a strong password       Consider a multi-word combo password•   More likely to be remembered•   Words must be...
Create & use a strong passwordDO NOT store your password in an obvious  place!• NOT on a sticky note on your monitor• NOT ...
Create & use a strong password  Don’t panic, password recovery is built in!
Create & use a strong passwordPassword Generator• www.StrongPasswordGenerator.com• www.random.org/passwords/Test your pass...
Secure WordPress furtherFour free plugins you can use to secure WP• Limit login attempts• Better WP security• Wordfence• W...
ResourcesSucuri.net• $89.99/year• Malware cleanup, monitoring and moreDuo Security• Free*• Add two-factor sign in for your...
Next steps?• Implement this stuff!!• Start with the basics  – A strong password  – A good username  – Writing with an edit...
WordCamp Calgary 2013• Tickets on sale April 24• $40 for two-day conference• http://2013.calgary.wordcamp.org
WordPress Security
WordPress Security
WordPress Security
Upcoming SlideShare
Loading in...5
×

WordPress Security

664

Published on

This was a 45 minute presentation given to the Calgary WordPress Meetup group on April 23, 2013 on WordPress Security along with additional tips and tricks on password best practices.

Meetup: http://www.meetup.com/The-Calgary-WordPress-Meetup-Group/
Presenter: http://rexroar.com

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
664
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
8
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

WordPress Security

  1. 1. Do you usethe same password on multiple sites?
  2. 2. If you don’t follow password best practices, your hackedWordPress account could lead to other compromised accounts
  3. 3. What’s at risk?• Redirect visitors to a completely different website• Compromise shared hosting server and infect other sites• Phish for sensitive info• Hijack links• Blacklisted by Google and other search engines• And more…
  4. 4. Things you can do• Keep your core, themes & plugins updated• Remove unused themes & plugins from server• Remove the WP version number• Select a good username• Never write as an Administrator• Create & use a strong password• Secure WordPress further
  5. 5. Keep up-to-date• The majority of hacked WordPress sites are not updated!• Before ever making updates, ensure you backup your database AND content• Use a plugin like Backup Buddy to automate the task or other free options• Update WordPress, themes & plugins
  6. 6. Clean up your house• Remove unused themes (twentyten, etc)• Remove inactive plugins from WordPress and the server• Don’t keep .sql files (or other backups) stored on your server
  7. 7. Remove the WP version numberhttp://www.wpbeginner.com/wp-tutorials/the-right-way-to-remove-wordpre
  8. 8. Select a good username• Never use ‘admin’ or ‘administrator’ as your username• Never use the sitename as your username• If you have one of these, get rid of it…now• Your personal name is OK, but your password needs to be strong
  9. 9. Never write as an Admin user• In no time at all a username can be determined• If a post is written as an admin, half the job is already done
  10. 10. Create & use a strong password When creating a password, do NOT use:• Your birthdate, • Only numbers or wedding anniversary, letters or dates of birth of • A short, easy to your children or remember password spounse • The word ‘password’• Your name, • No words found in a username, company dictionary* name, names of your children• Your SIN number
  11. 11. Create & use a strong password When creating a password, do use:• At least 10 characters• A mix of numbers, upper and lower case letters and special characters• A password you have never used before• Consider ‘salting’ your password• Have a system or mnemonic
  12. 12. Create & use a strong password Consider a multi-word combo passwordCredit: http://xkcd.com/936/
  13. 13. Create & use a strong password Consider a multi-word combo password• More likely to be remembered• Words must be random• Words must not relate• Upper & lower cases still matter• Add a number or two• Special character as well
  14. 14. Create & use a strong passwordDO NOT store your password in an obvious place!• NOT on a sticky note on your monitor• NOT in your daily plannerUse a Password Keeper• LastPass.com• AgileBits.com/OnePassword
  15. 15. Create & use a strong password Don’t panic, password recovery is built in!
  16. 16. Create & use a strong passwordPassword Generator• www.StrongPasswordGenerator.com• www.random.org/passwords/Test your password• www.PasswordMeter.com• www.grc.com/haystack.htm
  17. 17. Secure WordPress furtherFour free plugins you can use to secure WP• Limit login attempts• Better WP security• Wordfence• WP-Security scanAll are located in the WordPress plugin repository
  18. 18. ResourcesSucuri.net• $89.99/year• Malware cleanup, monitoring and moreDuo Security• Free*• Add two-factor sign in for your installation
  19. 19. Next steps?• Implement this stuff!!• Start with the basics – A strong password – A good username – Writing with an editor username
  20. 20. WordCamp Calgary 2013• Tickets on sale April 24• $40 for two-day conference• http://2013.calgary.wordcamp.org

×