Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Word press security 101 2018


Published on

The basics you should know for your WordPress website.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Word press security 101 2018

  1. 1. WordPress Security 101 A guide by Laura Hartwig
  2. 2. Laura Hartwig I’ve been a WordPress Developer since 2011 and find it important to keep my clients sites secure. It’s much easier to prevent your site from getting hacked rather than try to recover your site after it’s been hacked.
  3. 3. Am I a Target?
  4. 4. YES
  5. 5. Why? ➔ WordPress Powers nearly 30% off all websites. This is good and bad. ➔ Server Space Hackers want to store files on your server and connect it into a botnet. ➔ Because they can Many hackers like to hack sites just to see if they can. It’s a thrill similar to hunting or leveling up on a computer game.
  6. 6. First Law of Website Security ➔ Nothing is unhackable
  7. 7. Chart credit: WordFence
  8. 8. Chart credit: WordFence
  9. 9. Level of Security ➔ Your level of security will depend on resources vs. value The reality is that you are not going to spend a lot of time and money on a website that you don’t value. Adding security measures is a pain, like locking your doors, so you will need to decide what level of protection is worth it.
  10. 10. What can you do?
  11. 11. 1. Choose a Good Host ➔ Latest PHP Version ➔ Use HTTPS ➔ SFTP (Not FTP) ➔ Private Server At least don’t host multiple sites on your server ➔ Use a CDN Like Cloudflare (free)
  12. 12. 2. Keep Your Site Updated ➔ Update Core, Plugins & Themes Be wary of themes plugins that haven’t been tested. (Esp Free) ➔ Remove unused themes & plugins ➔ Use services like ManageWP if you have a lot of sites. But be wary of updates breaking your site. ➔ Don’t leave old files on your site Esp not old sites
  13. 13. 3. Use Strong Usernames & Passwords ➔ Don’t use “admin” ➔ At least 14 characters ➔ !@#$%^ ➔ That means everyone!
  14. 14. 4. Remove Unwanted Users ➔ Everyone should not be Admin ➔ What is the default user role? ➔ People who no longer work for you ➔ Use Adminimize to control access ➔ Use unique usernames Remember that nicknames can be different.
  15. 15. 5. Use Security Plugins ➔ Change Login URL Don’t use /wp-admin ➔ Limit Login Attempts And notes about if it’s wrong username or password. ➔ Two Factor Authentication It’s a pain, but it works ➔ Captcha Prevents brute force attacks
  16. 16. 6. Backups ➔ Hosting Backups Good hosts will do them automatically ➔ Backup Plugin Updraft or Backup Buddy ➔ Schedule Backups Backups are no good if not done. How often you need to backup depends on how often you update your site. ➔ Send them somewhere Download to your computer or file hosting service.
  17. 17. 7. Get Notified ➔ Google Console Will let you know if your site has been hacked. This is actually too late, but a good idea if you rarely check into your site. Once Google knows, your site will be blacklisted. This will hurt your visitors and your ranking. ➔ Use a Malware Scanner Sucuri or WordFence
  18. 18. 8. Your Own Security ➔ Strong password for your email ➔ Don’t email passwords WordPress will automatically email passwords or use a service like ➔ Don’t keep passwords on your computer or in your browser Except LastPass ➔ Use Virus protection on your computer and update your browsers ➔ Turn off your computer at night
  19. 19. 9. If You Get Hacked ➔ Use your backup But make sure it has not been compromised. ➔ Fixing hacked sites is what they do and they can get your site up fairly quickly, but it will cost you. ➔ Read their blog if you are really interested in security
  20. 20. Good luck! I hope you will make some changes right away to make your site more secure. Presentation: Contact me: