Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WordPress security


Published on

An introduction to WordPress Security

Published in: Technology
  • Be the first to comment

  • Be the first to like this

WordPress security

  1. 1. blogVAULT
  2. 2. WordPress Security Akshat Choudhary Founder, blogVault blogVAULT
  3. 3. Why?Sites get Hacked! blogVAULT
  4. 4. Why will some one hack a Site? Fun and Profit blogVAULT
  5. 5. Fun: Because they can blogVAULT
  6. 6. Profit: To make moneySEOAffiliate ScamRedirect to a different sitePolitical defacementUse host for hacks blogVAULT
  7. 7. How?Vulnerabilities! blogVAULT
  8. 8. Where?Wordpress Core Plugins Themes blogVAULT
  9. 9. How do I know if I have been hacked? blogVAULT
  10. 10. Browser warning blogVAULT
  11. 11. Google Search Warning blogVAULT
  12. 12. Sucuri SiteCheck - Free Tool blogVAULT
  13. 13. Inspect FileshtaccessJavascript FilesUnknown PHP filesExisting PHP files blogVAULT
  14. 14. What to do when my site gets hacked? blogVAULT
  15. 15. Recover from Backup Most reliable method blogVAULT
  16. 16. Use SucuriNot foolproof, costs money blogVAULT
  17. 17. Talk to an expertDifficult Job. Dont take lightly. blogVAULT
  18. 18. Change Password blogVAULT
  19. 19. Change Authentication keys Removes existing sessions. blogVAULT
  20. 20. Prevention is better than Cure blogVAULT
  21. 21. Update Wordpress / Plugins / Themes blogVAULT
  22. 22. Change Database Prefix Prevent SQL Injection attacks blogVAULT
  23. 23. Disable File Editordefine(DISALLOW_FILE_EDIT, true); blogVAULT
  24. 24. Make Folders / Files Readonly blogVAULT
  25. 25. Prevent File ExecutionAddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi blogVAULT
  26. 26. Use SSL / Google Authenticator blogVAULT
  27. 27. Set Authentication Keysdefine(AUTH_KEY, put your unique phrase here);define(SECURE_AUTH_KEY, put your unique phrase here);define(LOGGED_IN_KEY, put your unique phrase here);define(NONCE_KEY, put your unique phrase here);define(AUTH_SALT, put your unique phrase here);define(SECURE_AUTH_SALT, put your unique phrase here);define(LOGGED_IN_SALT, put your unique phrase here);define(NONCE_SALT, put your unique phrase here); blogVAULT
  28. 28. Security by Obscurityremove admin user / hide wordpress version / ... blogVAULT
  29. 29. Automatic Backups e.g. use blogVAULT blogVAULT
  30. 30. What makes a good backup solution?Complete - Database + FilesOffsite - Local backup is as good as noneRegular BackupHistory of backupTest the RestoreSecure Backup blogVAULT
  31. 31. Thank you blogVAULT We are Hiring!