WordCamp St. Louis 2011 WordPress Security Presentation

849 views

Published on

The slides from the presentation I gave at WordCamp Fayetteville on Guest Blogging.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
849
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

WordCamp St. Louis 2011 WordPress Security Presentation

  1. 1. WORDPRESS SECURITY Tips and Tricks to Secure Your Site
  2. 2. A LITTLE ABOUTANDY CROFFORD CONTACT INFO Email: acrofford@gmail.com Twitter: @andycrofford WEBSITES AppTa.co - http://appta.co TechKing - http://testking.com/techkingMobile Orchard - http://mobileorchard.com ThemeFuse - http://theme fuse.com
  3. 3. HTTP://J.MP/WORDCAMPSTL Slides available for download
  4. 4. #WCSTLSEC #hashtag
  5. 5. WHY IS WORDPRESSSECURITY IMPORTANT?
  6. 6. YOU VALUE YOUR SITE AND ITS CONTENTS
  7. 7. WHY IS WORDPRESS INSECURE?
  8. 8. IT IS OPEN SOURCE ANDANYONE HAS ACCESS TO THE CODE
  9. 9. PLUGINS CAN LEAVE THE DOOR OPEN
  10. 10. SO WHAT CAN YOU DO?
  11. 11. 1. KEEP WORDPRESS UP TO DATE
  12. 12. 2. UPDATE PLUGINS REGULARLY
  13. 13. 3. DO NOT USE ADMIN AS YOUR USERNAME
  14. 14. 4. USE A SECURE PASSWORD
  15. 15. CHECK YOUR PASSWORD STRENGTH AT:HTTP://WWW.PASSWORDMETER.COM
  16. 16. 5. KEEP YOUR THEME UPDATED
  17. 17. 6. RESTRICT ACCESS TO THE ADMIN LOGIN PAGE BY IP ADDRESS
  18. 18. .HTACCESSAuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to whitelistallow from xxx.xxx.xxx.xxxReplace xxx.xxx.xxx.xxx with your IP address.
  19. 19. .HTACCESSAuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to whitelistallow from xxx.xxx.xxx.* Replace xxx.xxx.xxx.* with your IP address.
  20. 20. 7. MOVE YOUR WP- CONFIG.PHP FILE
  21. 21. 8. CHANGE THE WORDPRESS TABLE PREFIX
  22. 22. UPDATE$TABLE_PREFIX
  23. 23. 9. USE SECRET KEYS
  24. 24. SECRET KEY GENERATORhttps://api.wordpress.org/secret-key/1.1/salt
  25. 25. SECURE KEYS
  26. 26. 10. HIDE LOGIN ERROR MESSAGES
  27. 27. HIDE LOGIN ERRORSadd_filter(login_errors, create_function($a, "return null;"));
  28. 28. 11. BACKUP, BACKUP, BACKUP
  29. 29. UTILIZE SECURITY PLUGINS
  30. 30. 1. LOGIN LOCK DOWN http://j.mp/wp-lockdown
  31. 31. 2. STEALTH LOGIN http://j.mp/wp-stealth
  32. 32. 3. ADMIN SSLhttp://j.mp/wp-adminssl
  33. 33. 4. BACKWPUPhttp://j.mp/backwpup
  34. 34. PAID BACKUP SERVICES• VaultPress - http://www.vaultpress.com• Backup Buddy - http://j.mp/wp-backup buddy
  35. 35. QUESTIONS?
  36. 36. GET 6 MONTHS FREE SHARED HOSTING FROM SITE5 (WWW.SITE5.COM) WORDCAMP

×