Many do not think security is
important until it is too late.
Every single day hackers ﬁnd new ways to get your information.
Todays features are tomorrow’s vulnerabilities.
Stop them before they stop you
Why do hackers hack?
• Make bank
• build a zombie
• Share their nasty
code with the world
• Get your
• They are bored
• They want to see if
they can do it
But…Why are they hacking
There is rarely ever a targeted hacking attack.
Typically all sites are considered targets. The
big and the small.
And how do they get in?
• They guess your login information
• Denial of Service Attack (DDoS)
• Through a ﬁle in a theme, plugin, or anything on your
server where they found an exploit
• Through your FTP and/or cPanel conﬁguration
Here is the only scary thing I
will say in this talk
Never ever never use “admin” as a
username or “password” as
Adm1n and Pa55w0rd do not count either!
Always use SFTP
“S” is for safe!!!
Only give users the access
Just because they want to be an admin does not mean they should.
Guest bloggers should rarely every be anything more than a contributor.
If it is a temporary login, delete
the user when the job is done
If they do have posts, you can convert them to different users or make them a
subscriber with limited access.
Set up ﬁle detection
Many security plugins like iThemes Security and WordFence will alert you when
ﬁles have been changed
Only keep the theme you are using
and one backup theme on your
The more themes that are on a site, the more open chances you have to a
Only keep the plugins you
have active on your site.
An uninstalled plugin is not a potential vulnerability.
Use the plugins repo favorites option to keep a list
of your favorite plugins
• iThemes Security (Free and Pro version
• Sucuri Firewall
• WordFence Security
• Jetpack with Brute Protect and Vault Press
Always make backups!
• Backup Buddy, UpDraftPlus, BackWPUp
• Always save to someplace OTHER than your server
• Save them to Dropbox, AWS, email, or your local
• Have them scheduled to be made daily or at least
Malware Scanning? Do I
• Google Webmaster Tools
• Sucuri Scanner
If you feel your site could be infected, ﬁrst do
a malware scan
What else can I do to protect
Update core. Update themes update plugins!
The biggest reasons of updates is typically security or feature related.
The biggest source of nearly all hacks is due to lack of updating.
If you use Envato products (ThemeForest
and CodeCanyon) always check the box in
the downloads to be notiﬁed of updates.
That is the only way you will know if any of their
products need to be updated.
This is why the RevSlider infection was so widespread.
Many did not even know the plugin was built into their
Don't ever let your site get
That is when the zombies come.
Nobody wants the zombies to come
If the unthinkable happens and you
do get hacked, it is not the end of
It can and will be ﬁxed.
Who can clean my hacked
• Hack Repair
• Wp Security Lock
Great! Are there any other
ways I can be secure?