Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Introduction to WordPress Security

5,686 views

Published on

Keeping your website secure is important. No one likes a site that has nasty code injections or has been defaced. In fact, WordPress Security is one of the issues that continually needs to be taught to WordPressers around the world because for some people, their website is their livelihood.

I’m not here to make your head pop up with mind boggling hardening tricks. I’m hear to give you an introduction to WordPress Security. I might make you laugh, but security is a serious matter. I will be covering a couple methods to secure your WordPress website, and even a couple beginner tips on what to do if your site has been hacked.

By the end of this session, I hope you find a security method that suits you, and are more aware of the importance of securing your WordPress website.

Originally presented at WordCamp Philly 2015

Published in: Technology

Introduction to WordPress Security

  1. 1. Introduction to WordPress Security By Nile Flores @blondishnet http://blondish.net
  2. 2. Objective ❏ Answer why security is important ❏ Basic WordPress security tips ❏ Some related general security tips that work hand-in-hand with WordPress security ❏ WordPress security plugin suggestions ❏ Resources to learn more about security
  3. 3. Why is WordPress security important? Your website may be your livelihood. Like getting insurance and putting an alarm on your home or car, implementing security techniques or “hardening” your site protects your investment.
  4. 4. Why you? It’s not about you. It’s not even about how much traffic you get. The hacks are usually with bots and done randomly.
  5. 5. Ways In ❏ Your Internet Service Provider/ includes Wifi ❏ Your Email ❏ Your Web Hosting Account ❏ Web Scripts/ Software (Yes, this includes WordPress)
  6. 6. Why do people hack? ❏ Make money ❏ Curiosity
  7. 7. So, how does WordPress get compromised? ❏ Brute Force through your login ❏ Theme files ❏ Plugin files ❏ WordPress core files ❏ FTP/ Cpanel/ Plesk ❏ Bot attack/ DDoS
  8. 8. Security is an ongoing process. Technology is always advancing, so you’re never going to be 100% secure.
  9. 9. HOWEVER… Remember that “insurance” part I mentioned?
  10. 10. #1 Piece of WordPress Security Advice ALWAYS keep your WordPress core, themes, and plugins up-to-date!
  11. 11. #2 Most Important Thing ALWAYS back up your website. Oh, and don’t just save the backup in one place. Store them in a couple places.
  12. 12. More WordPress Security Tips
  13. 13. Your Username Your username should never be “admin”
  14. 14. Your Password ❏ You should never use “password” for your password ❏ Use sites like LastPass.com to save passwords ❏ Use different passwords for different websites
  15. 15. Passwords (continued…) Try using a plugin that contains two-factor authentication. Clef Two-Factor Authentication is a cool one to use - http://bit.ly/1GK2OqB
  16. 16. WordPress Database Prefix Change your database prefix. (By default it’s wp_ )
  17. 17. Security Advice for Multiple Users ❏ Set their roles ❏ Don’t allow them full access to your web hosting account ❏ Remove users who are temporary tenants ❏ Don’t send their password from the WordPress admin panel
  18. 18. Themes ❏ Keep your theme up-to-date ❏ Consider child theming - http://bit.ly/1cjzSdt ❏ Vett your theme ❏ Remove themes that you’re not using
  19. 19. Plugins ❏ Keep your plugin up-to-date ❏ Vett your plugins before using ❏ Remove plugins that you’re not using
  20. 20. WordPress Security Plugins ❏ Brute Protect (included in Jetpack) - http: //bruteprotect.com/ ❏ iThemes Security - http://bit.ly/1cNkPpN ❏ Wordfence - http://bit.ly/1ikXHyS ❏ Sucuri Security - http://bit.ly/1He85sW
  21. 21. More WordPress Security Resources ❏ Codex (Hardening WordPress) - http://bit. ly/19fxUmu ❏ How to Secure Your WordPress Blog - http: //bit.ly/1dzTESE
  22. 22. Not code savvy? If you don’t know code and were hacked, don’t worry… there’s always someone out there that offers Hack cleanups, and also Security audit services.
  23. 23. Any Questions Nile Flores http://blondish.net Subscribe to my weekly newsletter! Twitter: @blondishnet Facebook: http://facebook.com/NileFlores SlideShare: http://slideshare.net/blondishnet All About WordPress group on Facebook

×