Successfully reported this slideshow.

WordPress Security Blitz

586 views

Published on

A 15-minute introduction to making your WordPress install more secure, and so leverage your efforts in building a great community.

Published in: Technology, Design
  • Be the first to comment

  • Be the first to like this

WordPress Security Blitz

  1. 1. Reno Tahoe WordCamp 2010 WordPress Security Blitz!
  2. 2. Why? Content, freshness, SEO, networking, design, stability, functionality, performance, scaling...
  3. 3. Why? Content, freshness, SEO, networking, design, stability, functionality, performance, scaling... ...and now security, too?
  4. 4. Why? ...can't we all just get along?
  5. 5. Why? To leverage your efforts building a thriving community!
  6. 6. Strategy A little bit of effort, some discipline, and LOTS of common sense
  7. 7. Basic Security <ul><li>Pick a hoster wisely </li></ul>
  8. 8. Basic Security <ul><li>Pick a hoster wisely
  9. 9. Split domain and hosting </li></ul>
  10. 10. Basic Security <ul><li>Pick a hoster wisely
  11. 11. Split domain and hosting
  12. 12. Back up (and back up again!) </li></ul>
  13. 13. Basic Security <ul><li>Pick a hoster wisely
  14. 14. Split domain and hosting
  15. 15. Back up (and back up again!)
  16. 16. Keep WP, plugins up-to-date </li></ul>
  17. 17. Basic Security <ul><li>Pick a hoster wisely
  18. 18. Split domain and hosting
  19. 19. Back up (and back up again!)
  20. 20. Keep WP, plugins up-to-date
  21. 21. Move wp-config.php up/out </li></ul>
  22. 22. Basic Security <ul><li>Pick a hoster wisely
  23. 23. Split domain and hosting
  24. 24. Back up (and back up again!)
  25. 25. Keep WP, plugins up-to-date
  26. 26. Move wp-config.php up/out
  27. 27. File permissions (755/644) </li></ul>
  28. 28. Basic Security <ul><li>.htaccess to restrict wp-admin </li></ul>
  29. 29. Basic Security <ul><li>.htaccess to restrict wp-admin
  30. 30. Regularly check server logs </li></ul>
  31. 31. Basic Security <ul><li>.htaccess to restrict wp-admin
  32. 32. Regularly check server logs
  33. 33. Post-Logger (vi-logger.php) </li></ul>
  34. 34. Basic Security <ul><li>.htaccess to restrict wp-admin
  35. 35. Regularly check server logs
  36. 36. Post-Logger (vi-logger.php)
  37. 37. DB table prefix: not “wp_” </li></ul>
  38. 38. Basic Security <ul><li>.htaccess to restrict wp-admin
  39. 39. Regularly check server logs
  40. 40. Post-Logger (vi-logger.php)
  41. 41. DB table prefix: not “wp_”
  42. 42. No user “admin” </li></ul>
  43. 43. Basic Security <ul><li>.htaccess to restrict wp-admin
  44. 44. Regularly check server logs
  45. 45. Post-Logger (vi-logger.php)
  46. 46. DB table prefix: not “wp_”
  47. 47. No user “admin”
  48. 48. Use strong passwords! </li></ul>
  49. 49. Plugins to consider: <ul><li>Akismet </li></ul>
  50. 50. Plugins to consider: <ul><li>Akismet
  51. 51. Bad Behavior </li></ul>
  52. 52. Plugins to consider: <ul><li>Akismet
  53. 53. Bad Behavior
  54. 54. http:BL (Project Honey Pot) </li></ul>
  55. 55. Plugins to consider: <ul><li>Akismet
  56. 56. Bad Behavior
  57. 57. http:BL (Project Honey Pot)
  58. 58. WP Security Scan </li></ul>
  59. 59. Plugins to consider: <ul><li>Akismet
  60. 60. Bad Behavior
  61. 61. http:BL (Project Honey Pot)
  62. 62. WP Security Scan
  63. 63. AntiVirus </li></ul>
  64. 64. Plugins to consider: <ul><li>Akismet
  65. 65. Bad Behavior
  66. 66. http:BL (Project Honey Pot)
  67. 67. WP Security Scan
  68. 68. AntiVirus
  69. 69. ...but don't go wild on plugins! </li></ul>
  70. 70. Also... <ul><li>Check on your back-ups! (Do they really work?) </li></ul>
  71. 71. Also... <ul><li>Check on your back-ups! (Do they really work?)
  72. 72. Check on your DB (e.g. drop old tables, optimize... Clean Options plugin) </li></ul>
  73. 73. Also... <ul><li>Check on your back-ups! (Do they really work?)
  74. 74. Check on your DB (e.g. drop old tables, optimize...)
  75. 75. Security audits (e.g. Acunetix) </li></ul>
  76. 76. Also... <ul><li>Check on your back-ups! (Do they really work?)
  77. 77. Check on your DB (e.g. drop old tables, optimize...)
  78. 78. Security audits (e.g. Acunetix)
  79. 79. Your own computer </li></ul>
  80. 80. Also... <ul><li>Check on your back-ups! (Do they really work?)
  81. 81. Check on your DB (e.g. drop old tables, optimize...)
  82. 82. Security audits (e.g. Acunetix)
  83. 83. Your own computer
  84. 84. Use a staging server to test </li></ul>
  85. 85. Also... <ul><li>Check on your back-ups! (Do they really work?)
  86. 86. Check on your DB (e.g. drop old tables, optimize...)
  87. 87. Security audits (e.g. Acunetix)
  88. 88. Your own computer
  89. 89. Use a staging server to test
  90. 90. External (e.g. CloudFlare) </li></ul>
  91. 91. And finally... Support developers and designers!
  92. 92. Questions?
  93. 93. Contact information Álvaro Degives-Más: Alvaro at RenoLanguages.com

×