WordPress Security

Uploaded on


More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. SecurityConsiderations For W ordP ress Presented by Suzette Franck
  • 2. When Should You Consider Security?➔ Every Step of the Process!!!➔ Buying Domain – Keys To The Kingdom➔ Hosting➔ PCI Compliance (Credit Cards)➔ Updates and Maintenance➔ Privacy Policy➔ Sharing Of Information & Credentials
  • 3. Secure Hosting➔ Reputation: Godaddy vs. WPEngine➔ Cost: Shared Hosting, VPS, Dedicated Server, Managed Hosting➔ Support: Self-Supporting vs. Managed Hosting (Back-ups?)➔ Software: O/S, cPanel, WHM, Plesk, Apache or NginX➔ Performance: Speed, Scalability, Upgradability
  • 4. Hosting Questions➔ Are SFTP or SSH Offered?➔ Are PHP (5.2.4+) & MySQL (5.0+) at Latest Versions?➔ Do They Have 24/7 Phone Support?➔ How Have They Handled Past Security Breaches And Down Times?➔ Is There An Uptime Guarantee?➔ Do They Do Backups? How Often?
  • 5. Making WordPress More Secure➔ Update Core When Updates Available ASAP ➔ .1 Upgrades Are Security & Bug Fixes ➔ 1. Upgrades Are New Features➔ Carefully Update Plugins (Backup First!)➔ Use SFTP or SSH, not FTP➔ Use Strong Passwords
  • 6. Account B P est ractices➔ Delete Default “Admin” Account➔ Unique Accounts for Each Person➔ No Sharing Of Accounts and Passwords➔ Do Not Store Your Credentials In Clear Text (No Stickies, Excel, or Notepad)➔ Principle of Least Privilege/Role Based Access Controls➔ Always Use Strong Passwords
  • 7. WordPress Roles➔ Super Admin - Network Administration (Multi-User Sites)➔ Administrator - Access To All➔ Editor - Other Users Posts➔ Author - Own Posts Only➔ Contributor - Submit But Not Publish➔ Subscriber - Manage Their Own Profile*Members Plugin - Add and Change Roles
  • 8. Strong Passwords➔ a=4 e=3 s=5 i=1 o=0 Is Not Secure!!!!➔ Combination of Uppercase and Lowercase Letters, Numbers & Special Characters➔ Passwords Should Be Pass Phrases (8-15 characters minimum)➔ Change Passwords Often & Never Share (like a Tooth Brush!)➔ Use A Password Manager (i.e. LastPass or KeePass)
  • 9. P Data Security Standard CI➔ Follows Common Sense Best Security Practices➔ Handled Through The Payment Processor That Accepts Credit Cards (PayPal or 3 rd Party Shopping Cart)➔ Requires Credit Card and Client Information To Be Stored And Transmitted Securely (HTTPS/SSL)➔ Strong Secure Passwords Changed Often
  • 10. Privacy Policy➔ If You Are Collecting Any Information on Your Website, You Should Have One➔ Type of Collected Information, Intents➔ Shows Commitment to Data Security➔ How to Contact You & Update Information➔ Third Party Apps Such as Mailchimp, Constant Contact, PayPal Have Their Own Privacy Policies
  • 11. Ive Been Hacked!!!➔ Stay Calm, Breathe➔ Isolate the Infection – Take Site Offline➔ Change All Passwords➔ Update Clients – Phone Calls Are Best➔ Cure The Problem or Hand Off➔ Restore Service➔ Analyze Cause and Prevent Future Infections
  • 12. Security Resourceshttp://sucuri.nethttp://codex.wordpress.org/Security_FAQhttp://codex.wordpress.org/Hardening_WordPresshttps://www.pcisecuritystandards.orghttp://en.wikipedia.org/wiki/Privacy_policyhttp://blog.shareaholic.com/2012/09/wordpress-host-guide/http://www.coppa.org/http://www.hhs.gov/hipaafaq/about/190.html
  • 13. Questions and Answers Twitter: @suzettework suzette@kussner.com http://suzettefranck.com