Wordpress Security

487 views

Published on

Wordpress security and backups are often overlooked, but you need to have them in place before your site gets compromised. The steps to secure and backup a site are simple, so make sure you don't lose all your hard work.

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
487
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
16
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Wordpress Security

  1. 1. Wordpress Security Claire Jordan - Spearmint Digital
  2. 2. Why Wordpress Security ● Wordpress is open source ● So is Apache and Linux ● Open source = free, but everyone can see the code ● Hackers don’t specifically attack your site - look for vulnerable sites on the internet
  3. 3. Your Server ● Home of your site, security starts here ● VPS vs Shared Hosting ● Use SSH or SFTP to connect
  4. 4. Install Wordpress Correctly ● Don’t use fantastico ● wordpress.org and do a manual install
  5. 5. Replace Security Keys ● It’s like changing your locks ● Setup authentication keys and salts ● Generate new keys at: http://api.wordpress.org/secret-key/1.1/salt ● Copy and paste into wp-config.php ● Can do on existing site, will just make users login again.
  6. 6. Replace Security Keys
  7. 7. Change the Table Prefix ● Change table prefixes ● default uses wp_ wp1_ wp2_ ● If a new website, do this in wp-config.php ● If existing website it’s harder ● Good tutorial at: http://wpbeginner.com/wp-tutorials/how-to-change-the- wordpress-database-prefix-to-improve-security ● Can also do with a plugin
  8. 8. Get Rid of Comment Spam ● Install Akismet ● Shows your site is well managed ● No more spam!
  9. 9. Use Quality Themes and Plugins ● Bad theme or plugin = dangerous code ● Good themes - eg. studiopress, woothemes ● Good plugins - look at reviews ● Limit number of plugins ● Delete anything not in use
  10. 10. Update Everything ● Update wordpress core, plugins and theme ● Updates patch known vulnerabilities ● Check your site often
  11. 11. Good Username and Password ● Hackers only need 2 pieces of info, don’t give them the first one ● Unique username and password
  12. 12. Good Username and Password ● If you need to change username http://youtu.be/1R0X-zrtF1k ● Get a good password www.strongpasswordgenerator.com ● Use a non-admin user for posting, show author's real name
  13. 13. Limit Login Attempts ● Don’t want hackers to be able to try guess the password
  14. 14. Backup Your Site ● A few good plugins: ○ Vaultpress - backups immediately $15/month ○ Backupbuddy - easy to use, good support, $80 for a license ○ BackWPup - free plugin, can choose where to backup to
  15. 15. Suggested Backup Routine ● Using BackWPup ● Backup to dropbox ● Backup everything (theme, files, database, plugin list) ● Have 3 jobs, 1 for daily, 1 for weekly and 1 for monthly ● Runs each day at 3am
  16. 16. More Security ● Lots more things you can do ● A few examples: ○ blank .html files ○ custom .htaccess files ○ limit access to your IP address ○ secure files with passwords ● Security can always be taken to the next level
  17. 17. Security Plugin ● Install Better WP Security ● Backup your blog ● Needs to change core files ● Use one click protection ● Go through the system status
  18. 18. Security Plugin ● Good tutorial: http://www.wpbrix.com/wordpress/how-to-secure- wordpress-with-better-wp-security
  19. 19. Questions? Feel free to contact me at: Claire Jordan www.spearmintdigital.com.au claire@spearmintdigital.com.au

×