WordPress Security Presentation
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

WordPress Security Presentation

on

  • 1,635 views

Presentation slides used for Arizona WordPress Group meetup about WordPress security.

Presentation slides used for Arizona WordPress Group meetup about WordPress security.

Statistics

Views

Total Views
1,635
Views on SlideShare
1,628
Embed Views
7

Actions

Likes
0
Downloads
12
Comments
0

1 Embed 7

http://azwpgroup.com 7

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

WordPress Security Presentation Presentation Transcript

  • 1. WordPress Security
    Understand and prevent security issues on your WP install.
  • 2. WordPress Security Meetup Topics
    Why do hackers do what they do?
    What are the effects of a hack?
    How can a hack affect you?
    Hacks are confusing events.
    Securing WordPress: Prevent your install from being hacked.
  • 3. Why Do Hackers Do What They Do?
    Money from affiliate links they inject into site
    Push link juice to their own sites
    Challenge / conquest
    Because they can….
    To send spam email from server
  • 4. What Are the Effects of a Hack?
    Insertion of links into pages and posts.
    Links are often hidden so you do not see them or cloaked so that only search engine spiders / googlebots see them.
    Redirection of posts and pages
    Example: Latest Media Temple Update: http://weblog.mediatemple.net/weblog/2010/07/16/1404-wordpress-redirect-exploit-2/
  • 5. How Can a Hack Affect You?
    Loss of rankings, ban by search engines
    Destruction of your online presence > Loss of credibility
    Loss of revenue from online sales
    Financial and time cost of fixing hack
  • 6. Hacks Are Confusing Events
    Since there are many factors involved in how a hacker or exploit can gain entry, there is often confusion / misinformation about how hacks occur.
    It is not uncommon for hosts to blame WordPress when in fact the host is to blame for a security issue
    Pharma hack: Only search bots are served hacked pages, so hacked pages are cloaked, so you will not see your pages showing any signs of issues. Only after you notice a loss of rankings will the issue be brought to the surface, weeks or months after the initial hack.
  • 7. Securing WordPress: Prevention
    1) Keep install, plugins, themes and scripts up to date
    New 3.0 Update Feature makes updating easier than ever
    2) Use caution when choosing plugins to use: Mo plugins, mo problems!
    Poorly written plugins can pose security risks
    Old Plugins may not be updated regularly, check to make sure that plugin is updated on a regular basis
  • 8. Securing WordPress: Prevention
    3) Maintain regular backups of root folder
    Via FTP: Free FTP client http://filezilla-project.org/
    Create cron jobs to automate backing up folders:
    You can choose backup schedule, what to backup and where to bakcup
    http://wpmu.org/new-years-resolution-automate-wordpress-wpmu-backups-check/
  • 9. Securing WordPress: Prevention
    4) Maintain regular backups of database
    WP-DBManager: http://wordpress.org/extend/plugins/wp-dbmanager/
    Enables you to automate backups and optimizations and restore directly from dashboard, bypassing PHPMyAdmin
    5) Use correct file permissions
    Use FTP client or cpanel file manager
    WordPress defaults to 644 for files and 755 permissions for folders
  • 10. Securing WordPress: Prevention
    6) Choose the right host
    Godaddy and other large hosts are bigger targets for hackers and don’t have the best record of being pro-active when they have been compromised
    7) Use strong passwords and change regularly
    8) Remove unused plugins and themes
    9) Use file monitor to be notified of file changes: http://wordpress.org/extend/plugins/wordpress-file-monitor/
  • 11. Typical Hack Repair Steps: (PharmaHack example)
    Locate and remove hacked 404.php file
    Locate and remove hacked content from database
    Replace entire set of salt keys
    Upload new WordPress files
    Restore previous versions of other files
    Restore database to previous version
  • 12. Source Articles / Add. Resources
    WordPress Security Resources
    My site was hacked: WordPress Codex
    WordPress Security Lockdown
    Learn about backdoors
    Monitor files changes 
    How to Fix Hacked Install / Remove Malware
    Removing Malware From a WordPress Blog
    Doncha's guide to dealing with a hacked website
    How To Clean a Hacked Install