As the world's most popular open-source website platform WordPress gets a lot of criticism. But it is a versatile platform that makes amazing things possible. We'll talk about rumored "security issues" and how you can keep your site safe.
1. Hi, I’m Bekee Gibson!
🙋 Director of CMS at Earthling Interactive
• Developer, Team Lead, Project Manager for 6y
• Madison WordPress Meetup Organizer for 3y
• Technerd from wayback
Some things I enjoy away from the computer:
🥘 Fooding
🧶 Knitting, a lot
☢ Fallout 4
2. What is WordPress?
WordPress is a Content Management System.
It is much more than a blogging platform.
It’s Open Source, easy to use, and can be customized
to fit your needs, the needs of your staff, and, most
importantly, your customers.
3. Why is WordPress a target? 🎯
All websites on the internet are vulnerable to hacking attempts,
so why does WordPress get a bad rap?
WordPress runs 64% of all CMS sites, or 38% of all websites on the
Internet.
Those odds are pretty good if your goal is to harvest passwords.
5. Why WordPress Fails
● Insecure Hosting
● Weak Passwords
● Users and admin access
● Default setup and configuration
● Core out of date
● Plugins & Themes
○ Out of date
○ Out of development
○ Out of service
These all have a common element:
A Human Choice
6. WordPress works when you work with it
Fundamentally, security is not about perfectly secure systems.
Such a thing might well be impractical, or impossible to find
and/or maintain. What security is though is risk reduction, not
risk elimination. It’s about employing all the appropriate
controls available to you, within reason, that allow you to
improve your overall posture reducing the odds of making
yourself a target, subsequently getting hacked. – WordPress
Security Codex
7. Why WordPress Works
Decide about hosting
● 🤓 Shared
● 🤓🤓 Virtual Private Server (VPS)
● 🤓🤓🤓🤓 Dedicated (On Prem)
● 🤓🤓 Managed
10. Why WordPress Works
Users and admin access
● 🤓 Make sure ‘admin’ is not a username
● 🤓 Create second admin user, remove the first
● 🤓 Audit users and their roles
SELECT * FROM wp_users WHERE ID=1
11. Why WordPress Works
Setup and configuration
● 🤓 Change database table prefix
● 🤓🤓🤓 Obfuscate, hide, or chmod wp-config.php
○ CHMOD 440 wp-config.php
● 🤓🤓 Disable file editing from the Dashboard
○ define('DISALLOW_FILE_EDIT', true);
● 🤓 Serve your site over HTTPS
● 🤓🤓🤓🤓 Use a code repository
12. Why WordPress Works
Keep Core updated
● 🤓 Automatic Background Updates
● Update and test
○ 🤓🤓🤓 Local
○ 🤓🤓 Staging
13. Why WordPress Works
Know your Plugins & Themes
● Keep them updated
● Check on the status
● Get from trusted sources
14. Why WordPress Works
“I’m just a small business with a website, I’m not a target for hackers!”
🏢 vs 🏬
This all sounds like a lot, but you don’t have to do it alone.
🤝