Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WordPress Security Best Practices

573 views

Published on

A short presentation on some best practices you should be using to improve your WordPress site's security.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

WordPress Security Best Practices

  1. 1. BEST PRACTICES FOR WORDPRESS SECURITYJason Yingling (@jason_yingling)
  2. 2. COMMON ATTACKS Cross Site Scripting (XSS) Attackers can inject malicious scripts into a page that can be used to steal data from users. Common Cause(s) Bad / outdated plugins Non-sanitized code
 Not validating input data
  3. 3. COMMON ATTACKS Brute-force Attacks Attackers run scripts to try to crack logins by trying known user and password combos. Common Cause(s) Weak passwords Unlimited login attempts Tip
 https://haveibeenpwned.com/
  4. 4. COMMON ATTACKS SQL Injections Attackers inject SQL into the site’s database, typically through plugin vulnerabilities, allowing them access to the database to do as they please. Common Cause(s) Bad / outdated plugins Non-sanitized code
 Not validating input data
  5. 5. COMMON ATTACKS DDOS Multiple systems are used to target a single site causing it to overload and go down Common Cause(s) Lack of firewalls
  6. 6. PROTECT YOUR LOGIN Don’t use admin username Use strong passwords Hide the login page Two Factor Authentication Limit Login Attempts Plugins iThemes Security WordFence Limit Login Attempts reloaded Pro Tip Use site specific emails: example+domain@gmail.com
  7. 7. KEEP THINGS UP TO DATE Keep WordPress core updated Keep plugins and themes updated Use the latest version of PHP Pro-tip Used managed WordPress hosting
  8. 8. PICK GOOD PLUGINS Trusted sources Recent updates Active installs Check the support forums More Picking Good WordPress Plugins
  9. 9. TAKE FREQUENT BACKUPS Database and file system backups Test backups from time to time Store the backups off server
  10. 10. USE A FIREWALL Protect against known attacks Helps with DDoS mitigation Services Cloudflare Sucuri
  11. 11. USEFUL PLUGINS iThemes Security WordFence Limit Login Attempts Reloaded
  12. 12. SECURITY RESOURCES Kinsta WordPress Security Guide Wordfence - How to Prevent Cross Site Scripting Attacks wpbeginner - The Ultimate WordPress Security Guide WordPress Security: An Introduction to Hardening WordPress
  13. 13. SECURITY QUESTIONS QUESTIONS Twitter: @jason_yingling Email: jason@jasonyingling.me

×