Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
WP Site Management
Keeping your Creation Happy, Healthy,
and Secure
Meagan Hanes @mhanes
WordCamp Hamilton 2016
A Bit About Me
Freelance designer &
developer 15+ years
10+ years creating WP
sites of all sizes & styles
TheWPCrowd Membe...
What is Web Security?
What is Web Security?
Protecting your website from malicious threats
Bots, Hackers
Ex-employees
Competing Businesses
Reduc...
Why does web security matter?
$$$
Why does web security matter?
Protect your investment
Websites aren’t cheap or easy to build - why risk losing that invest...
Access
Who has access? How do they access the server? Where do they access it from?
Backups
How often are backups made? Wh...
Who has access to your site?
What level of access do they need?
How do they access your site?
Current Users
Modify their U...
Dolphin12 is not a
password, it’s a
Hotmail account.
Not easily guessable
- No birth years
Never write it down
- LastPass,...
When was your last website backup made?
Where is that backup?
How do you restore your site from a backup?
Manually1
Copy W...
What version of WordPress are you using?
What plugins do you have installed and activated on your site?
What theme are you...
Who’s tried logging in to your site, from where, and when?
Does your site have any suspicious code? When were site files l...
Question Time!
Meagan Hanes @mhanes
WordCamp Hamilton 2016
Upcoming SlideShare
Loading in …5
×

WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure

446 views

Published on

You’ve designed it, you’ve built it, you’ve launched your new website – job done, right?

Nope – your adventure has only begun!

In this session we’ll review what “website security” really means, why it matters, and how exactly to implement basic security best practices such as:

– Controlling user access to your site,

– Using (and managing) strong passwords,

– Applying updates to Core and Plugins,

– Installing and configuring security plugins,

– & How to back up your site easily, effectively, and automatically!

You’ll leave this session with the ABCs of Security – literally!

Published in: Technology
  • Be the first to comment

  • Be the first to like this

WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure

  1. 1. WP Site Management Keeping your Creation Happy, Healthy, and Secure Meagan Hanes @mhanes WordCamp Hamilton 2016
  2. 2. A Bit About Me Freelance designer & developer 15+ years 10+ years creating WP sites of all sizes & styles TheWPCrowd Member #training team make.wordpress.org/training Favourite colour: Rainbow! Say Hi to my Friend Roy: http://hiroy.club
  3. 3. What is Web Security?
  4. 4. What is Web Security? Protecting your website from malicious threats Bots, Hackers Ex-employees Competing Businesses Reducing vectors of attack Plugins and themes Weak passwords Unused user accounts Reducing the risk of an attack Backups & Security
  5. 5. Why does web security matter? $$$
  6. 6. Why does web security matter? Protect your investment Websites aren’t cheap or easy to build - why risk losing that investment? Reduce your stress levels, sleep well at night Web Security = insurance policy for your website Make your web employees happy As much as developers love money, they don’t like fixing hacked sites!
  7. 7. Access Who has access? How do they access the server? Where do they access it from? Backups How often are backups made? What’s involved in restoring a backup? Whose job is it? Check for Updates What kind of updates? How do I update my site with no risk of it breaking? ABCs of Website Security
  8. 8. Who has access to your site? What level of access do they need? How do they access your site? Current Users Modify their User Role based on what level of access they need1 Encourage server connections with SFTP or SSH vs FTP Old Users Delete from Users section of WordPress * Check Server-level Access As Well! * 1. https://codex.wordpress.org/Roles_and_Capabilities Access
  9. 9. Dolphin12 is not a password, it’s a Hotmail account. Not easily guessable - No birth years Never write it down - LastPass, KeyPass Never reuse a password Weird mind tricks work! Password Reset Links are your friends! Strong Passwords
  10. 10. When was your last website backup made? Where is that backup? How do you restore your site from a backup? Manually1 Copy WordPress file directory, export the database, store on a third party server Automagically2 Via a plugin: UpdraftPlus, BackupBuddy, WP-DB Backup, etc Via a centralized hub: ManageWP, InfiniteWP * Test your Backup Restore Routine Tomorrow! * 1. https://codex.wordpress.org/WordPress_Backups 2. http://www.wpbeginner.com/plugins/7-best-wordpress-backup-plugins-compared-pros-and-cons/ Backups
  11. 11. What version of WordPress are you using? What plugins do you have installed and activated on your site? What theme are you using? What themes do you have installed but not active? Core Updates Point updates are done automatically (4.5.1 to 4.5.2) -> security patches, etc Major updates are done manually (4.3 to 4.5) -> get on the most recent version for :) Plugins and Themes If you don’t need them, delete them! -> fewer attack vectors If they’re old, update them! -> missing features & compatibility with themes/plugins If they’ve been modified, get a developer to help! * Set Up A Staging Server for Maximum Win! * Check for Updates
  12. 12. Who’s tried logging in to your site, from where, and when? Does your site have any suspicious code? When were site files last modified? Security Plugins for WordPress iThemes Security WordFence Sucuri AllInOne WP Security Limit user login attempts (# of times), geolocation, time of access, IP address Detect if/when files are changed Two-factor authentication Forcing secure passwords .htaccess monitoring Blacklists, firewalls, etc … and more! * Peace of mind comes at a cost - budget accordingly! * BONUS: Security Plugins
  13. 13. Question Time! Meagan Hanes @mhanes WordCamp Hamilton 2016

×