Your SlideShare is downloading. ×
WordPress Security Presentation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

WordPress Security Presentation

1,238

Published on

Presentation slides used for Arizona WordPress Group meetup about WordPress security.

Presentation slides used for Arizona WordPress Group meetup about WordPress security.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,238
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. WordPress Security
    Understand and prevent security issues on your WP install.
  • 2. WordPress Security Meetup Topics
    Why do hackers do what they do?
    What are the effects of a hack?
    How can a hack affect you?
    Hacks are confusing events.
    Securing WordPress: Prevent your install from being hacked.
  • 3. Why Do Hackers Do What They Do?
    Money from affiliate links they inject into site
    Push link juice to their own sites
    Challenge / conquest
    Because they can….
    To send spam email from server
  • 4. What Are the Effects of a Hack?
    Insertion of links into pages and posts.
    Links are often hidden so you do not see them or cloaked so that only search engine spiders / googlebots see them.
    Redirection of posts and pages
    Example: Latest Media Temple Update: http://weblog.mediatemple.net/weblog/2010/07/16/1404-wordpress-redirect-exploit-2/
  • 5. How Can a Hack Affect You?
    Loss of rankings, ban by search engines
    Destruction of your online presence > Loss of credibility
    Loss of revenue from online sales
    Financial and time cost of fixing hack
  • 6. Hacks Are Confusing Events
    Since there are many factors involved in how a hacker or exploit can gain entry, there is often confusion / misinformation about how hacks occur.
    It is not uncommon for hosts to blame WordPress when in fact the host is to blame for a security issue
    Pharma hack: Only search bots are served hacked pages, so hacked pages are cloaked, so you will not see your pages showing any signs of issues. Only after you notice a loss of rankings will the issue be brought to the surface, weeks or months after the initial hack.
  • 7. Securing WordPress: Prevention
    1) Keep install, plugins, themes and scripts up to date
    New 3.0 Update Feature makes updating easier than ever
    2) Use caution when choosing plugins to use: Mo plugins, mo problems!
    Poorly written plugins can pose security risks
    Old Plugins may not be updated regularly, check to make sure that plugin is updated on a regular basis
  • 8. Securing WordPress: Prevention
    3) Maintain regular backups of root folder
    Via FTP: Free FTP client http://filezilla-project.org/
    Create cron jobs to automate backing up folders:
    You can choose backup schedule, what to backup and where to bakcup
    http://wpmu.org/new-years-resolution-automate-wordpress-wpmu-backups-check/
  • 9. Securing WordPress: Prevention
    4) Maintain regular backups of database
    WP-DBManager: http://wordpress.org/extend/plugins/wp-dbmanager/
    Enables you to automate backups and optimizations and restore directly from dashboard, bypassing PHPMyAdmin
    5) Use correct file permissions
    Use FTP client or cpanel file manager
    WordPress defaults to 644 for files and 755 permissions for folders
  • 10. Securing WordPress: Prevention
    6) Choose the right host
    Godaddy and other large hosts are bigger targets for hackers and don’t have the best record of being pro-active when they have been compromised
    7) Use strong passwords and change regularly
    8) Remove unused plugins and themes
    9) Use file monitor to be notified of file changes: http://wordpress.org/extend/plugins/wordpress-file-monitor/
  • 11. Typical Hack Repair Steps: (PharmaHack example)
    Locate and remove hacked 404.php file
    Locate and remove hacked content from database
    Replace entire set of salt keys
    Upload new WordPress files
    Restore previous versions of other files
    Restore database to previous version
  • 12. Source Articles / Add. Resources
    WordPress Security Resources
    My site was hacked: WordPress Codex
    WordPress Security Lockdown
    Learn about backdoors
    Monitor files changes 
    How to Fix Hacked Install / Remove Malware
    Removing Malware From a WordPress Blog
    Doncha's guide to dealing with a hacked website
    How To Clean a Hacked Install

×