SlideShare a Scribd company logo
1 of 34
Download to read offline
WordPress	Security	Basics	
Chris	Burgess	@chrisburgess
Bad	News	
There	is	no	such	thing	as	absolute	
security.	Nothing	is	100%	secure.
Good	News	
There	are	many	things	we	can	do	to	
drastically	reduce	the	risks.
Context	is	everything…
“Most	successful	WordPress	hack	
attacks	are	typically	the	result	of	
human	error,	be	it	a	configuration	error	
or	failing	to	maintain	WordPress,	such	
as	keeping	core	and	all	plugins	up	to	
date,	or	installing	insecure	plugins	etc.”	
-	Robert	Abela	(@robertabela)
Source:	http://www.wpwhitesecurity.com/wordpress-security/statistics-highlight-main-source-wordpress-vulnerabilities/
Overview	
Take	Security	Seriously	
Updates	
Themes	and	Plugins	
Passwords	
Backups	and	Maintenance	
	
Hardening	WordPress	and	SSL	will	be	
covered	in	the	following	presentations
Take	Security	Seriously
Defense	in	Depth
Source:	http://wptavern.com/
Keep	WordPress	Updated
Updates	
•  “Patch	early	and	patch	often”	
•  This	is	another	good	reason	to	have	a	testing/
staging	environment
Use	Reputable	Plugins
Use	Reputable	Themes
Trust
The	Weakest	Link
Password	Management	
•  LastPass,	1Password,	Roboform,	KeePass,	
Dashlane	
•  Secret	Server,	LastPass	Enterprise,	PassPack	
•  Use	Two-factor	authentication	wherever	
possible
Perform	Regular	Backups	and	
Maintenance
Prepare	for	Problems
Backup	Options	
•  Server	Level	Backups	
– cPanel/Plesk	
– Replication	
– Snapshots	
•  Backup	Services	
•  Backup	Plugins	
•  Manual	Backups	
•  Exports
Hardening	WordPress
Hardening	WordPress	
•  All	in	one	plugins:	Sucuri,	Wordfence,	
iThemes	Security	
•  Or	you	can	take	a	more	modular	approach,	
but	choose	wisely	
•  Security	Services	
•  Manual	Hardening
Google	Search	Console	
(formerly	Webmaster	Tools)
How	can	I	learn	more?
Verizon	DBIR	
http://news.verizonenterprise.com/2015/04/2015-data-breach-report-info/
Resources	
•  https://wordpress.org/about/security/	
•  https://wordpress.org/news/category/
security/	
•  http://codex.wordpress.org/
Hardening_WordPress	
•  http://codex.wordpress.org/
Brute_Force_Attacks#Protect_Your_Server
Thanks!	
Chris	Burgess	@chrisburgess

More Related Content

What's hot

Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup   ehermits - how to keep your blog from being hacked 2012Neo word press meetup   ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Brian Layman
 
Let’s write a plugin
Let’s write a pluginLet’s write a plugin
Let’s write a plugin
Brian Layman
 
WordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The WildWordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The Wild
rebelpixel
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009   Word Press In The WildWord Camp Ph 2009   Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wild
rebelpixel
 

What's hot (20)

WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
 
WordPress and the Enterprise
WordPress and the EnterpriseWordPress and the Enterprise
WordPress and the Enterprise
 
Securing your WordPress site in 5 easy pieces
Securing your WordPress site in 5 easy piecesSecuring your WordPress site in 5 easy pieces
Securing your WordPress site in 5 easy pieces
 
20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners
 
WebHosting Performance / WordPress - Pubcon Vegas - Hendison
WebHosting Performance / WordPress  - Pubcon Vegas - HendisonWebHosting Performance / WordPress  - Pubcon Vegas - Hendison
WebHosting Performance / WordPress - Pubcon Vegas - Hendison
 
10 Ways to Secure WordPress
10 Ways to Secure WordPress10 Ways to Secure WordPress
10 Ways to Secure WordPress
 
Word press security checklist
Word press security checklistWord press security checklist
Word press security checklist
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup   ehermits - how to keep your blog from being hacked 2012Neo word press meetup   ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
 
Let’s write a plugin
Let’s write a pluginLet’s write a plugin
Let’s write a plugin
 
20 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-201720 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-2017
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
 
WordPress Basics
WordPress BasicsWordPress Basics
WordPress Basics
 
Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkManaging Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large Network
 
WordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The WildWordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The Wild
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009   Word Press In The WildWord Camp Ph 2009   Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wild
 
Getting started with WordPress development
Getting started with WordPress developmentGetting started with WordPress development
Getting started with WordPress development
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla
 
Sucuri Webinar: Beginner's Guide to CDNs
Sucuri Webinar: Beginner's Guide to CDNsSucuri Webinar: Beginner's Guide to CDNs
Sucuri Webinar: Beginner's Guide to CDNs
 
Your Site Has Been Hacked, Now What?
Your Site Has Been Hacked, Now What?Your Site Has Been Hacked, Now What?
Your Site Has Been Hacked, Now What?
 

Viewers also liked

Contributing to WordPress: Why it's Important to Your Business
Contributing to WordPress: Why it's Important to Your Business Contributing to WordPress: Why it's Important to Your Business
Contributing to WordPress: Why it's Important to Your Business
Kel
 

Viewers also liked (20)

Accelerated Mobile Pages (AMP)
Accelerated Mobile Pages (AMP)Accelerated Mobile Pages (AMP)
Accelerated Mobile Pages (AMP)
 
SEO Training at Envatotalks
SEO Training at EnvatotalksSEO Training at Envatotalks
SEO Training at Envatotalks
 
WordPress SEO Basics - Melbourne WordPress Meetup
WordPress SEO Basics - Melbourne WordPress MeetupWordPress SEO Basics - Melbourne WordPress Meetup
WordPress SEO Basics - Melbourne WordPress Meetup
 
Tori Cushing - Actionable SEO Insights - SMX 2015
Tori Cushing - Actionable SEO Insights - SMX 2015Tori Cushing - Actionable SEO Insights - SMX 2015
Tori Cushing - Actionable SEO Insights - SMX 2015
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress Security
 
How to achieve mind-blowing Content Marketing ROI
How to achieve mind-blowing Content Marketing ROIHow to achieve mind-blowing Content Marketing ROI
How to achieve mind-blowing Content Marketing ROI
 
Paid Traffic with WordPress PPC Hacks - by Peter Mead for BigDigital 2016
Paid Traffic with WordPress PPC Hacks - by Peter Mead for BigDigital 2016Paid Traffic with WordPress PPC Hacks - by Peter Mead for BigDigital 2016
Paid Traffic with WordPress PPC Hacks - by Peter Mead for BigDigital 2016
 
Mobile Visibility to the Max - 2016 Edition #BigDigitalADL
Mobile Visibility to the Max - 2016 Edition #BigDigitalADLMobile Visibility to the Max - 2016 Edition #BigDigitalADL
Mobile Visibility to the Max - 2016 Edition #BigDigitalADL
 
Harnessing The Power Of Archetypes For Your Digital Marketing
Harnessing The Power Of Archetypes For Your Digital MarketingHarnessing The Power Of Archetypes For Your Digital Marketing
Harnessing The Power Of Archetypes For Your Digital Marketing
 
Writing the Right Content at #SMS2016
Writing the Right Content at #SMS2016 Writing the Right Content at #SMS2016
Writing the Right Content at #SMS2016
 
Negotiating crawl budget with googlebots
Negotiating crawl budget with googlebotsNegotiating crawl budget with googlebots
Negotiating crawl budget with googlebots
 
Keeping Things Lean & Mean: Crawl Optimisation - Search Marketing Summit AU
Keeping Things Lean & Mean: Crawl Optimisation - Search Marketing Summit AUKeeping Things Lean & Mean: Crawl Optimisation - Search Marketing Summit AU
Keeping Things Lean & Mean: Crawl Optimisation - Search Marketing Summit AU
 
Build on Chassis: Introduction to a Solid Development Workflow
Build on Chassis: Introduction to a Solid Development WorkflowBuild on Chassis: Introduction to a Solid Development Workflow
Build on Chassis: Introduction to a Solid Development Workflow
 
Web Performance Optimisation
Web Performance OptimisationWeb Performance Optimisation
Web Performance Optimisation
 
Final cbd slides
Final cbd slidesFinal cbd slides
Final cbd slides
 
WordPress Menus - Melbourne User Meetup
WordPress Menus - Melbourne User MeetupWordPress Menus - Melbourne User Meetup
WordPress Menus - Melbourne User Meetup
 
Contributing to WordPress: Why it's Important to Your Business
Contributing to WordPress: Why it's Important to Your Business Contributing to WordPress: Why it's Important to Your Business
Contributing to WordPress: Why it's Important to Your Business
 
Recurring Revenue Roadmap Keynote
Recurring Revenue Roadmap KeynoteRecurring Revenue Roadmap Keynote
Recurring Revenue Roadmap Keynote
 
WordPress, Domain Names and Web Hosting Basics
WordPress, Domain Names and Web Hosting BasicsWordPress, Domain Names and Web Hosting Basics
WordPress, Domain Names and Web Hosting Basics
 
Instagram for tour operators
Instagram for tour operatorsInstagram for tour operators
Instagram for tour operators
 

Similar to WordPress Security Basics - Melbourne WordPress User Meetup

How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your Wordpress
Chelsea O'Brien
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
Angela Bowman
 

Similar to WordPress Security Basics - Melbourne WordPress User Meetup (20)

Professional WordPress Security: Beyond Security Plugins
Professional WordPress Security: Beyond Security PluginsProfessional WordPress Security: Beyond Security Plugins
Professional WordPress Security: Beyond Security Plugins
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
 
Locking down word press
Locking down word pressLocking down word press
Locking down word press
 
Wordpress best practices
Wordpress best practicesWordpress best practices
Wordpress best practices
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
 
Security 101
Security 101Security 101
Security 101
 
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your Wordpress
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress Security
 
Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte Secure
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
Understanding word press security wwc-4-7-17
Understanding word press security wwc-4-7-17Understanding word press security wwc-4-7-17
Understanding word press security wwc-4-7-17
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security Basics
 
A Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdfA Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdf
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
WordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your WebsiteWordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your Website
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress Security
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP Meetup
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and Security
 

More from Chris Burgess

More from Chris Burgess (10)

Getting Started with Google Data Studio
Getting Started with Google Data StudioGetting Started with Google Data Studio
Getting Started with Google Data Studio
 
WordPress Hosting Basics
WordPress Hosting BasicsWordPress Hosting Basics
WordPress Hosting Basics
 
Improving the WordPress Ecosystem with Tide
Improving the WordPress Ecosystem with TideImproving the WordPress Ecosystem with Tide
Improving the WordPress Ecosystem with Tide
 
Deep Dive Into Yoast SEO 7
Deep Dive Into Yoast SEO 7Deep Dive Into Yoast SEO 7
Deep Dive Into Yoast SEO 7
 
Bootstrapping eCommerce with WordPress and WooCommerce
Bootstrapping eCommerce with WordPress and WooCommerceBootstrapping eCommerce with WordPress and WooCommerce
Bootstrapping eCommerce with WordPress and WooCommerce
 
WordPress and SSL
WordPress and SSLWordPress and SSL
WordPress and SSL
 
Choosing the Right WordPress Theme
Choosing the Right WordPress ThemeChoosing the Right WordPress Theme
Choosing the Right WordPress Theme
 
SEO Basics for Bloggers
SEO Basics for BloggersSEO Basics for Bloggers
SEO Basics for Bloggers
 
WordPress Themes Demystified
WordPress Themes DemystifiedWordPress Themes Demystified
WordPress Themes Demystified
 
Introduction to SEO and SEO for WordPress
Introduction to SEO and SEO for WordPressIntroduction to SEO and SEO for WordPress
Introduction to SEO and SEO for WordPress
 

Recently uploaded

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 

Recently uploaded (20)

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 

WordPress Security Basics - Melbourne WordPress User Meetup