Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WordPress Security Basics - Melbourne WordPress User Meetup

3,958 views

Published on

This presentation covers the basic security topics that those building or hosting your own WordPress website should be aware of. Security is an incredibly broad topic, this is targeted at those who want to hit the ground running.

Published in: Technology

WordPress Security Basics - Melbourne WordPress User Meetup

  1. 1. WordPress Security Basics Chris Burgess @chrisburgess
  2. 2. Bad News There is no such thing as absolute security. Nothing is 100% secure.
  3. 3. Good News There are many things we can do to drastically reduce the risks.
  4. 4. Context is everything…
  5. 5. “Most successful WordPress hack attacks are typically the result of human error, be it a configuration error or failing to maintain WordPress, such as keeping core and all plugins up to date, or installing insecure plugins etc.” - Robert Abela (@robertabela)
  6. 6. Source: http://www.wpwhitesecurity.com/wordpress-security/statistics-highlight-main-source-wordpress-vulnerabilities/
  7. 7. Overview Take Security Seriously Updates Themes and Plugins Passwords Backups and Maintenance Hardening WordPress and SSL will be covered in the following presentations
  8. 8. Take Security Seriously
  9. 9. Defense in Depth
  10. 10. Source: http://wptavern.com/
  11. 11. Keep WordPress Updated
  12. 12. Updates •  “Patch early and patch often” •  This is another good reason to have a testing/ staging environment
  13. 13. Use Reputable Plugins
  14. 14. Use Reputable Themes
  15. 15. Trust
  16. 16. The Weakest Link
  17. 17. Password Management •  LastPass, 1Password, Roboform, KeePass, Dashlane •  Secret Server, LastPass Enterprise, PassPack •  Use Two-factor authentication wherever possible
  18. 18. Perform Regular Backups and Maintenance
  19. 19. Prepare for Problems
  20. 20. Backup Options •  Server Level Backups – cPanel/Plesk – Replication – Snapshots •  Backup Services •  Backup Plugins •  Manual Backups •  Exports
  21. 21. Hardening WordPress
  22. 22. Hardening WordPress •  All in one plugins: Sucuri, Wordfence, iThemes Security •  Or you can take a more modular approach, but choose wisely •  Security Services •  Manual Hardening
  23. 23. Google Search Console (formerly Webmaster Tools)
  24. 24. How can I learn more?
  25. 25. Verizon DBIR http://news.verizonenterprise.com/2015/04/2015-data-breach-report-info/
  26. 26. Resources •  https://wordpress.org/about/security/ •  https://wordpress.org/news/category/ security/ •  http://codex.wordpress.org/ Hardening_WordPress •  http://codex.wordpress.org/ Brute_Force_Attacks#Protect_Your_Server
  27. 27. Thanks! Chris Burgess @chrisburgess

×