Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Backing up WordPress & Basic Security presented at WordCamp Atlanta, 2013.

1,162 views

Published on

Backing up WordPress & Basic Security presented at WordCamp Atlanta, 2013. Security myths, 3 ways to backup WordPress, and numerous security tips, including some plugins.

Published in: Technology
  • Be the first to comment

Backing up WordPress & Basic Security presented at WordCamp Atlanta, 2013.

  1. 1. BACKING UP WORDPRESS & BASIC SECURITY Carel Bekker - @ClickHOST & @carelbekkerSaturday, March 16, 13
  2. 2. Who is this guy? • From South Africa • In US since 1998 • 25+ years in technology • Owner of ClickHOST.com • Loves my wife, 3 children, technology, reading, travel and occasional round of golf. • linkedin.com/in/cbekker Carel Bekker - @ClickHOST 2Saturday, March 16, 13
  3. 3. If only... Carel Bekker - @ClickHOST 3Saturday, March 16, 13
  4. 4. What will we cover? “I’m going to show your where the windows and doors are on your WordPress house and how to lock them!” • Basics needed to protect your WordPress website or blog • Very little technical skills are needed • Some definitions • Resource list • Security Myths •3 ways to Backup WordPress •3 security tips that will safe your life, ok, at least your website Carel Bekker - @ClickHOST 4Saturday, March 16, 13
  5. 5. What is malware? • Malware = malicious software. • Anything loaded onto your website (or computer) that you didn’t authorize. • Malware, short for malicious (or malevolent) software, is software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. Malware is a general term used to refer to a variety of forms of hostile or intrusive software. - wikipedia.org Carel Bekker - @ClickHOST 5Saturday, March 16, 13
  6. 6. Other definitions • SQL Injections: Entering SQL statements into form fields. • Cross-site contamination: WordPress sites infecting sites in the same hosting account. • Phishing or Spoofing: Email or website that looks like the real thing • Social engineering, e.g., Wired reporter story Carel Bekker - @ClickHOST 6Saturday, March 16, 13
  7. 7. Security Myths • #1: Who would want to hack my website • #2: I will see when my website is hacked • #3: My website is 100% secure • #4: My hosting provider will have a backup for me • #5: I use strong passwords -- I’m ok Carel Bekker - @ClickHOST 7Saturday, March 16, 13
  8. 8. Backing up WordPress Carel Bekker - @ClickHOST 8Saturday, March 16, 13
  9. 9. Backup Basics • What is a backup? • Reliable recent copy of your website. • Should be easy to restore from your backup. • Why should I backup? • Bad things happen, especially in the WWW = wild, wild west. • How often & when should I backup? • Before any major updates to your website • Before updating WordPress, plugins or themes • Daily, Weekly, Monthly. • 1-2 different backup copies. Carel Bekker - @ClickHOST 9Saturday, March 16, 13
  10. 10. Use a WordPress plugin • Installa plugin to backup your WordPress website. • Most offer option to backup to: hosting account, cloud, local or email the backup. • Numerous FREE WordPress backup plugins: • One-click installers like Softaculous • BackWPup (free and pro versions) • WordPress Backup to Dropbox • or Paid plugins: • BackupBuddy ($$$) • VaultPress ($$) Carel Bekker - @ClickHOST 10Saturday, March 16, 13
  11. 11. DIY Backups • Use tools provided by hosting company • cPanel most common control panel • Select the Database to download. • Only backup the database. • Backup will be downloaded to your local directory. • You can then upload the database to restore your WordPress website. • Paid services: CodeGuard, SiteAutoBackup, Carel Bekker - @ClickHOST 11Saturday, March 16, 13
  12. 12. Ask your hosting provider • This is not specific to WordPress. • Some hosting providers provide automatic backups • Full account backups • Some offer free restore services • Others charge a fee to restore a from a backup • Ask your hosting provider to setup a backup schedule • Don’t keep too many backups in your hosting account • Download to your local machine Carel Bekker - @ClickHOST 12Saturday, March 16, 13
  13. 13. Top Tips to Secure WordPress Carel Bekker - @ClickHOST 13Saturday, March 16, 13
  14. 14. Don’t use ADMIN • Don’t use admin as your username. • This is the default when installing • Almost as bad as using password for your password :) • How to fix this! • Create a new administrator user. • Log out, then log in as the new admin user. • Delete the old “admin” user. Carel Bekker - @ClickHOST 14Saturday, March 16, 13
  15. 15. Update! Update! • New versions/updates include security fixes and new functionality. • Always keep your WordPress installation current! • Keep your plugins updated. • Try to keep your theme current too, however be careful and only upgrade if you are sure that a child theme was used. • Make a backup BEFORE you update WordPress, plugins or themes. Carel Bekker - @ClickHOST 15Saturday, March 16, 13
  16. 16. Passwords • Use strong passwords, not 123456 or Password • Use Pass-phrases, correcthorsebatterystaple • Better yet, use a password manager: • Generate very strong passwords • No need to remember 100’s of password • Easy to use with browser addons. • LastPass.com, 1password.com, RoboForm. Carel Bekker - @ClickHOST 16Saturday, March 16, 13
  17. 17. Anti-spam techniques • How do I prevent comment spam? Unwanted comments in my blog posts. • Don’t allow comments. • Also to moderate all comments. • Use a comment system plugin: • Disqus • Livefyre • Use Facebook Comment system. • Comment spam control plugins: • Akismet ($5/month) • Growmap Anti Spambot (free) Carel Bekker - @ClickHOST 17Saturday, March 16, 13
  18. 18. Security plugins • Most include: • One-click hardening • File monitoring • Personal Firewall (IP blocking) • Security plugins: • Sucuri (w/ membership) • WordFence (free and paid) • IPVenger (beta) • Login LockDown Carel Bekker - @ClickHOST 18Saturday, March 16, 13
  19. 19. Random security tips • Make sure you have anti-virus installed on your computer • Even on a Mac (Sophos) • Email spam filtering • Only download themes, and plugins from trusted sources. • WordPress and reputable theme/plugin sources • Delete unused themes, and plugins! (not just de-activate) • Delete unused WordPress installations. Carel Bekker - @ClickHOST 19Saturday, March 16, 13
  20. 20. Questions?? Carel Bekker - @ClickHOST 20Saturday, March 16, 13
  21. 21. Resources • More great WordCamp presentations: • WordPress End-User Security, Dre Armeda • Building secure WordPress sites, Sakin Shrestha • or goto wordpress.tv and search for security • WordPress Codex: http://codex.wordpress.org/WordPress_Backups • WordPress Backup options: http://www.clickhost.com/wordpress-backup/ • Search clickhost.com/blog for WordPress • How to make your WordPress installation Secure • WordPress Security: 5 Steps To Reduce Your Risk • Three sure fire ways to prevent being hacked! Carel Bekker - @ClickHOST 21Saturday, March 16, 13
  22. 22. Carel Bekker President&Owner carel@clickhost.com Twitter: @clickhost, @carelbekker Tel: 404.220.8110 Friends don’t let friends host on Go Daddy! Carel Bekker - @ClickHOST 22Saturday, March 16, 13

×