Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WordPress Setup and Security (Please look for the newer version!)


Published on

Since WordPress enjoys the position of being one of the most widely used web platforms, it is also one of the most attacked. From installation to operation there are fairly easy, and must-do steps to make sure your site is as secure as possible.

In this two part session, we will cover everything from file permissions and user accounts to script injection and backup procedures to protect your blog from hacking or downtime. The first part of the session will be delivered at this user group meetup.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

WordPress Setup and Security (Please look for the newer version!)

  1. 1. Charleston WordPress Twitter: @wpchs Our Partners # wpchs Thank you to . . .
  2. 2. WordPress Setup and Security <ul><li>Michael Carnell - @carnellm </li></ul>
  3. 3. Let’s Talk Hosting
  4. 4. The Not So Good <ul><li>GoDaddy - common back end database that isn’t secured well and suffers from performance overload, poor support </li></ul><ul><li>Brinkster - has been hacked numerous times </li></ul><ul><li>FreeHostia - slow, free account is very limited, always pushing the upsell </li></ul>
  5. 5. For the Good Times <ul><li>DreamHost - Not always the cheapest, but good and good support. But watch CPU usage as they will cut off processes. </li></ul><ul><li>MediaTemple - Again, not cheap, but very stable and secure. Monitors scripts. </li></ul><ul><li>BlueHost </li></ul><ul><li>HostGator </li></ul>
  6. 6. The Basic Rules <ul><li>Do your research - </li></ul><ul><li>Check their own support forums </li></ul><ul><li>Is there a free trial or money back guarantee? </li></ul><ul><li>None of this really applies to </li></ul><ul><li>If you are hosting yourself, that is a different set of issues </li></ul>
  7. 7. The Dirty Details for WordPress for WordPress
  8. 8. Install Correctly <ul><li>While installing (most will use OneClick) . . . </li></ul><ul><li>Consider your directory? Do you use the standard? Root? </li></ul><ul><li>Consider altering the database name if your install allows. </li></ul><ul><li>Make database username and password long and cryptic. Store them away not to be used. </li></ul><ul><li>Don’t user redundant info - admin name same as username, same as blog name, etc... </li></ul>
  9. 9. Double Check the Install <ul><li>File level tasks to be done via FTP . . . </li></ul><ul><li>Delete ..wp-admininstall.php </li></ul><ul><li>In wp-config.php, add the optional security keys - </li></ul><ul><li>Add index.php, a blank file to all plugin and theme directories if it isn’t already there </li></ul><ul><li>Check the file directory privileges (if you are comfortable) </li></ul>
  10. 10. Post Install Setup <ul><li>Create new admin user with strong password </li></ul><ul><li>Change Admin password and make a subscriber Why not delete?? </li></ul><ul><li>Make your main admin’s display name different from login name </li></ul><ul><li>Change setting to allow editing by outside packages if wanted - but know what you are doing </li></ul><ul><li>Change “permalink” structure (thank you WP 3.3!) </li></ul><ul><li>Demo Time Again.... </li></ul>
  11. 11. After Setup Before Live <ul><li>Themes ... not this session! </li></ul><ul><li>Plugins that you should have: </li></ul><ul><ul><li>Askimet - AntiSpam, comes with the install </li></ul></ul><ul><ul><li>Block Bad Queries - blocks code injection through queries </li></ul></ul><ul><ul><li>Search Meter - What are your visitors looking for, but also shows extraneous search injections </li></ul></ul><ul><ul><li>SecureWordPress - basically a security audit </li></ul></ul><ul><ul><li>AntiVirus or another such </li></ul></ul><ul><li>Demo Time Again! </li></ul>
  12. 12. Simple Backup for WP <ul><li>Your content is your responsibility, not your hosts. </li></ul><ul><li>Great a GMail account or use your current one with custom address such as “” </li></ul><ul><li>Make a filter that auto files away all email coming in to that address. </li></ul><ul><li>Database - WP-DB-Backup </li></ul><ul><li>Images & Themes - WordPress Backup </li></ul>
  13. 13. Michael Carnell @ carnellm on Twitter Slides and further info available on... Sophisticated Secure Websites
  14. 14. Q & A
  15. 15. Some Other Business <ul><li>WordPress 3.3 is Out! (Wanna demo?) </li></ul><ul><li>CiviCRM now working with WordPress in Alpha </li></ul><ul><li>WordCamp Atlanta - February 3 & 4 </li></ul><ul><li>Next Meeting, January 10 - </li></ul><ul><li>Until then, don’t forget the updates on </li></ul>
  16. 16. Charleston WordPress Twitter: @wpchs Our Partners # wpchs Thank you to . . .