Safety First, Kids! flickr.com/photos/dwulff
Kulpreet Singh
Summary <ul><li>Intro </li></ul><ul><li>Your Computer </li></ul><ul><li>WordPress Installation </li></ul><ul><li>WordPress...
SECURITY:  Believe the Hype  <ul><li>Be Proactive and Vigilant </li></ul><ul><li>Save Time </li></ul><ul><li>Save Money </...
SECURITY:  DON'T Believe the Hype <ul><li>Every application has security concerns </li></ul><ul><li>Open source  </li></ul...
Your Computer <ul><li>Scan for adware, spyware, virus, etc.  </li></ul>
WordPress Installation <ul><li>Upgrade to 2.6! </li></ul><ul><li>Use “WP Automatic Upgrade” plugin </li></ul><ul><li>Don't...
Database <ul><li>Setup </li></ul><ul><ul><li>Only use one-click if you can modify the database name  </li></ul></ul><ul><u...
WP Folders <ul><li>Plugins and other unprotected folders should have an index file or fix with htaccess </li></ul><ul><li>...
Admin Login <ul><li>Don't use default “admin” </li></ul><ul><li>Improve password </li></ul>
Themes <ul><li>Check themes before installing </li></ul><ul><li>Ads? Links? Scripts? </li></ul>
Forms <ul><li>Secure Forms </li></ul><ul><li>Secure Contact Forms </li></ul><ul><li>Cforms </li></ul>
Watch: Logs & Code <ul><li>Watch usage stats </li></ul><ul><li>Watch login attempts </li></ul><ul><li>New scripts in your ...
Plugins <ul><li>Disable and delete unused plugins </li></ul><ul><li>Check plugins before installing </li></ul><ul><li>Keep...
Security Plugins <ul><li>Login LockDown </li></ul><ul><li>WP Security Scan* </li></ul><ul><li>Tripwire </li></ul><ul><li>W...
Further Reading <ul><li>WordPress Security Whitepaper </li></ul><ul><ul><li>blogsecurity.net </li></ul></ul><ul><li>Site L...
Upcoming SlideShare
Loading in …5
×

WordPress Security - Kulpreet Singh

1,830 views

Published on

Presentation on WordPress Security by Kulpreet Singh (www.kulpreetsingh.com) from WordPress Fraser Valley at Cascades Hotel & Convention Centre, Langley, BC on July 16, 2008 hosted by BlueFur hosting (www.bluefur.com).

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,830
On SlideShare
0
From Embeds
0
Number of Embeds
57
Actions
Shares
0
Downloads
34
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

WordPress Security - Kulpreet Singh

  1. 1. Safety First, Kids! flickr.com/photos/dwulff
  2. 2. Kulpreet Singh
  3. 3. Summary <ul><li>Intro </li></ul><ul><li>Your Computer </li></ul><ul><li>WordPress Installation </li></ul><ul><li>WordPress Database </li></ul><ul><li>WP Folders </li></ul><ul><li>Admin Login </li></ul><ul><li>Themes </li></ul><ul><li>Forms, Logs & Code </li></ul><ul><li>Plugins </li></ul><ul><li>More Resources </li></ul>
  4. 4. SECURITY: Believe the Hype <ul><li>Be Proactive and Vigilant </li></ul><ul><li>Save Time </li></ul><ul><li>Save Money </li></ul><ul><li>Reduce Stress </li></ul><ul><li>Prevent Loss of Readership or Clients </li></ul><ul><li>Prevent Loss of Content </li></ul>
  5. 5. SECURITY: DON'T Believe the Hype <ul><li>Every application has security concerns </li></ul><ul><li>Open source </li></ul><ul><li>More Users = </li></ul><ul><ul><li>More attempts to compromise security </li></ul></ul><ul><ul><li>More people working on solutions </li></ul></ul><ul><ul><li>More preventative tools to prevent security breach </li></ul></ul>
  6. 6. Your Computer <ul><li>Scan for adware, spyware, virus, etc. </li></ul>
  7. 7. WordPress Installation <ul><li>Upgrade to 2.6! </li></ul><ul><li>Use “WP Automatic Upgrade” plugin </li></ul><ul><li>Don't share your version </li></ul><ul><li>Remove version from meta tags </li></ul><ul><li>[email_address] </li></ul>
  8. 8. Database <ul><li>Setup </li></ul><ul><ul><li>Only use one-click if you can modify the database name </li></ul></ul><ul><ul><li>Use a custom name, not the default name </li></ul></ul><ul><ul><li>Use a custom prefix for tables </li></ul></ul><ul><li>Passwords </li></ul><ul><li>Backup Regularly! – many plugins </li></ul>
  9. 9. WP Folders <ul><li>Plugins and other unprotected folders should have an index file or fix with htaccess </li></ul><ul><li>Delete unnecessary files like wp-install </li></ul><ul><li>Password protect wp-admin </li></ul><ul><li>Restrict access to wp-config </li></ul><ul><li>Change default secret key value in wp-config </li></ul>
  10. 10. Admin Login <ul><li>Don't use default “admin” </li></ul><ul><li>Improve password </li></ul>
  11. 11. Themes <ul><li>Check themes before installing </li></ul><ul><li>Ads? Links? Scripts? </li></ul>
  12. 12. Forms <ul><li>Secure Forms </li></ul><ul><li>Secure Contact Forms </li></ul><ul><li>Cforms </li></ul>
  13. 13. Watch: Logs & Code <ul><li>Watch usage stats </li></ul><ul><li>Watch login attempts </li></ul><ul><li>New scripts in your theme? </li></ul><ul><li>New code in your htaccess file? </li></ul><ul><li>New random jpgs in your uploaded images? </li></ul>
  14. 14. Plugins <ul><li>Disable and delete unused plugins </li></ul><ul><li>Check plugins before installing </li></ul><ul><li>Keep plugins updated (easier in 2.6) </li></ul>
  15. 15. Security Plugins <ul><li>Login LockDown </li></ul><ul><li>WP Security Scan* </li></ul><ul><li>Tripwire </li></ul><ul><li>WP Exploit Scanner </li></ul><ul><li>Akismet </li></ul><ul><li>Bad Behaviour </li></ul><ul><li>TTC WP Security </li></ul><ul><li>Postlogger </li></ul><ul><li>Phone Factor </li></ul>
  16. 16. Further Reading <ul><li>WordPress Security Whitepaper </li></ul><ul><ul><li>blogsecurity.net </li></ul></ul><ul><li>Site Link Analyzer </li></ul><ul><ul><li>seochat.com </li></ul></ul><ul><li>Did Your WordPress Get Hacked? </li></ul><ul><ul><li>ocaoimh.ie </li></ul></ul><ul><li>WP Security Prevention, Reaction and Scares </li></ul><ul><ul><li>lorelle.wordpress.com </li></ul></ul><ul><li>Fun and Games with WordPress Hacker </li></ul><ul><ul><li>pajamadeen.com </li></ul></ul>

×