WordPress Security

  • 263 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
263
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
1
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. SecurityConsiderations For W ordP ress Presented by Suzette Franck
  • 2. When Should You Consider Security?➔ Every Step of the Process!!!➔ Buying Domain – Keys To The Kingdom➔ Hosting➔ PCI Compliance (Credit Cards)➔ Updates and Maintenance➔ Privacy Policy➔ Sharing Of Information & Credentials
  • 3. Secure Hosting➔ Reputation: Godaddy vs. WPEngine➔ Cost: Shared Hosting, VPS, Dedicated Server, Managed Hosting➔ Support: Self-Supporting vs. Managed Hosting (Back-ups?)➔ Software: O/S, cPanel, WHM, Plesk, Apache or NginX➔ Performance: Speed, Scalability, Upgradability
  • 4. Hosting Questions➔ Are SFTP or SSH Offered?➔ Are PHP (5.2.4+) & MySQL (5.0+) at Latest Versions?➔ Do They Have 24/7 Phone Support?➔ How Have They Handled Past Security Breaches And Down Times?➔ Is There An Uptime Guarantee?➔ Do They Do Backups? How Often?
  • 5. Making WordPress More Secure➔ Update Core When Updates Available ASAP ➔ .1 Upgrades Are Security & Bug Fixes ➔ 1. Upgrades Are New Features➔ Carefully Update Plugins (Backup First!)➔ Use SFTP or SSH, not FTP➔ Use Strong Passwords
  • 6. Account B P est ractices➔ Delete Default “Admin” Account➔ Unique Accounts for Each Person➔ No Sharing Of Accounts and Passwords➔ Do Not Store Your Credentials In Clear Text (No Stickies, Excel, or Notepad)➔ Principle of Least Privilege/Role Based Access Controls➔ Always Use Strong Passwords
  • 7. WordPress Roles➔ Super Admin - Network Administration (Multi-User Sites)➔ Administrator - Access To All➔ Editor - Other Users Posts➔ Author - Own Posts Only➔ Contributor - Submit But Not Publish➔ Subscriber - Manage Their Own Profile*Members Plugin - Add and Change Roles
  • 8. Strong Passwords➔ a=4 e=3 s=5 i=1 o=0 Is Not Secure!!!!➔ Combination of Uppercase and Lowercase Letters, Numbers & Special Characters➔ Passwords Should Be Pass Phrases (8-15 characters minimum)➔ Change Passwords Often & Never Share (like a Tooth Brush!)➔ Use A Password Manager (i.e. LastPass or KeePass)
  • 9. P Data Security Standard CI➔ Follows Common Sense Best Security Practices➔ Handled Through The Payment Processor That Accepts Credit Cards (PayPal or 3 rd Party Shopping Cart)➔ Requires Credit Card and Client Information To Be Stored And Transmitted Securely (HTTPS/SSL)➔ Strong Secure Passwords Changed Often
  • 10. Privacy Policy➔ If You Are Collecting Any Information on Your Website, You Should Have One➔ Type of Collected Information, Intents➔ Shows Commitment to Data Security➔ How to Contact You & Update Information➔ Third Party Apps Such as Mailchimp, Constant Contact, PayPal Have Their Own Privacy Policies
  • 11. Ive Been Hacked!!!➔ Stay Calm, Breathe➔ Isolate the Infection – Take Site Offline➔ Change All Passwords➔ Update Clients – Phone Calls Are Best➔ Cure The Problem or Hand Off➔ Restore Service➔ Analyze Cause and Prevent Future Infections
  • 12. Security Resourceshttp://sucuri.nethttp://codex.wordpress.org/Security_FAQhttp://codex.wordpress.org/Hardening_WordPresshttps://www.pcisecuritystandards.orghttp://en.wikipedia.org/wiki/Privacy_policyhttp://blog.shareaholic.com/2012/09/wordpress-host-guide/http://www.coppa.org/http://www.hhs.gov/hipaafaq/about/190.html
  • 13. Questions and Answers Twitter: @suzettework suzette@kussner.com http://suzettefranck.com