You find some blog posts on your site that you didn’t publish. Or you get an email from your host telling you your site is sending out spam email. Or maybe you were just browsing your site and you found a file that doesn’t look quite right.
In this talk, we’ll cover everything from the basic steps to take (changing passwords, locking down your theme, and enforcing proper file permissions) to finding the affected portions of your site (checking core, theme, and plugin files against WP.org versions) and removing the malicious code. We’ll also touch on general security practices that can prevent breaches in the future.
Keanan Koppenhaver is a Digital Product Developer and Consulting Engineer with doejo, a WordPress VIP Partner Agency.
While at doejo, he has worked on baking WordPress into the publishing workflow of one of the largest investment news publications in the United States, a WordPress-backed real estate investment portal, and many other projects large and small.
He is passionate about mentoring other developers as well as teaching people that WordPress can be more than just a blogging platform. Keanan writes about all these topics and more at http://levelupwp.net.
• Some hosts will disable/take down your site
when they find out you’ve been hacked
• Peace of mind during the restore process
• Useful even if (especially if) you already have
an existing backup
• Don’t give the WP user root access to MySQL
• Change the default table prefix
• Hide the WP version
• Change the default login URL (/wp-admin)
• Don’t use admin as your username
• Block login attempts