WordPress Setup and Security (Please look for the newer version!)


Published on

Since WordPress enjoys the position of being one of the most widely used web platforms, it is also one of the most attacked. From installation to operation there are fairly easy, and must-do steps to make sure your site is as secure as possible.

In this two part session, we will cover everything from file permissions and user accounts to script injection and backup procedures to protect your blog from hacking or downtime. The first part of the session will be delivered at this user group meetup.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • [twitter]Getting reading to start the Building Blocks of Better Blogs in the Dad Track.[/twitter]
  • [twitter]Retweet this! Pick your blog platform carefully. You want to own your content![/twitter]
  • [twitter]Don’t go to complex in your platform choice or you will never get to the publishing part.[/twitter]
  • [twitter]Let’s look at some examples for WordPress[/twitter]
  • [twitter]Correct installation and setup will make your blog more secure and accessible. [/twitter]
  • [twitter]Correct installation and setup will make your blog more secure and accessible. [/twitter]
  • [twitter]More links and tips will be posted soon. Or got to http://thesocialmediamonster.com and sign up.[twitter]
  • [twitter]Let’s look at some examples for WordPress[/twitter]
  • WordPress Setup and Security (Please look for the newer version!)

    1. 1. Charleston WordPress http://wpchs.org Twitter: @wpchs Our Partners # wpchs Thank you to . . .
    2. 2. WordPress Setup and Security <ul><li>Michael Carnell - @carnellm </li></ul>
    3. 3. Let’s Talk Hosting
    4. 4. The Not So Good <ul><li>GoDaddy - common back end database that isn’t secured well and suffers from performance overload, poor support </li></ul><ul><li>Brinkster - has been hacked numerous times </li></ul><ul><li>FreeHostia - slow, free account is very limited, always pushing the upsell </li></ul>
    5. 5. For the Good Times <ul><li>DreamHost - Not always the cheapest, but good and good support. But watch CPU usage as they will cut off processes. </li></ul><ul><li>MediaTemple - Again, not cheap, but very stable and secure. Monitors scripts. </li></ul><ul><li>BlueHost </li></ul><ul><li>HostGator </li></ul>
    6. 6. The Basic Rules <ul><li>Do your research - http://www.michaelcarnell.com/hosting </li></ul><ul><li>Check their own support forums </li></ul><ul><li>Is there a free trial or money back guarantee? </li></ul><ul><li>None of this really applies to WordPress.com </li></ul><ul><li>If you are hosting yourself, that is a different set of issues </li></ul>
    7. 7. The Dirty Details for WordPress for WordPress
    8. 8. Install Correctly <ul><li>While installing (most will use OneClick) . . . </li></ul><ul><li>Consider your directory? Do you use the standard? Root? </li></ul><ul><li>Consider altering the database name if your install allows. </li></ul><ul><li>Make database username and password long and cryptic. Store them away not to be used. </li></ul><ul><li>Don’t user redundant info - admin name same as username, same as blog name, etc... </li></ul>
    9. 9. Double Check the Install <ul><li>File level tasks to be done via FTP . . . </li></ul><ul><li>Delete ..wp-admininstall.php </li></ul><ul><li>In wp-config.php, add the optional security keys - http://api.wordpress.org/secret-key/1.1/ </li></ul><ul><li>Add index.php, a blank file to all plugin and theme directories if it isn’t already there </li></ul><ul><li>Check the file directory privileges (if you are comfortable) </li></ul>
    10. 10. Post Install Setup <ul><li>Create new admin user with strong password </li></ul><ul><li>Change Admin password and make a subscriber Why not delete?? </li></ul><ul><li>Make your main admin’s display name different from login name </li></ul><ul><li>Change setting to allow editing by outside packages if wanted - but know what you are doing </li></ul><ul><li>Change “permalink” structure (thank you WP 3.3!) </li></ul><ul><li>Demo Time Again.... </li></ul>
    11. 11. After Setup Before Live <ul><li>Themes ... not this session! </li></ul><ul><li>Plugins that you should have: </li></ul><ul><ul><li>Askimet - AntiSpam, comes with the install </li></ul></ul><ul><ul><li>Block Bad Queries - blocks code injection through queries </li></ul></ul><ul><ul><li>Search Meter - What are your visitors looking for, but also shows extraneous search injections </li></ul></ul><ul><ul><li>SecureWordPress - basically a security audit </li></ul></ul><ul><ul><li>AntiVirus or another such </li></ul></ul><ul><li>Demo Time Again! </li></ul>
    12. 12. Simple Backup for WP <ul><li>Your content is your responsibility, not your hosts. </li></ul><ul><li>Great a GMail account or use your current one with custom address such as “yourname+backups@gmail.com” </li></ul><ul><li>Make a filter that auto files away all email coming in to that address. </li></ul><ul><li>Database - WP-DB-Backup </li></ul><ul><li>Images & Themes - WordPress Backup </li></ul>
    13. 13. Michael Carnell http://www.MichaelCarnell.com @ carnellm on Twitter Slides and further info available on... Sophisticated Secure Websites http://www.DesignTechWeb.com
    14. 14. Q & A
    15. 15. Some Other Business <ul><li>WordPress 3.3 is Out! (Wanna demo?) </li></ul><ul><li>CiviCRM now working with WordPress in Alpha </li></ul><ul><li>WordCamp Atlanta - February 3 & 4 http://2012.atlanta.wordcamp.org </li></ul><ul><li>Next Meeting, January 10 - </li></ul><ul><li>Until then, don’t forget the updates on WPChs.org </li></ul>
    16. 16. Charleston WordPress http://wpchs.org Twitter: @wpchs Our Partners # wpchs Thank you to . . .