Many do not think security is
important until it is too late.
Every single day hackers ﬁnd new ways to get your
Todays features are tomorrow’s vulnerabilities.
Stop them before they stop you
Why do hackers hack?
build a zombie army
Share their nasty code with the world
Get your information
They are bored
They want to see if they can do it
But…Why are they
There is rarely ever a targeted hacking attack.
Typically all sites are considered targets. The big
and the small.
And how do they get in?
They guess your login information
Denial of Service Attack (DDoS)
Through a ﬁle in a theme, plugin, or anything
on your server where they found an exploit
Through your FTP and/or cPanel
Here is the only
scary thing I will say
in this talk
Only give users the
access they need
Just because they want to be an admin does not
mean they should.
Guest bloggers should rarely every be anything
more than a contributor.
If it is a temporary login, delete
the user when the job is done
If they do have posts, you can convert them to different
users or make them a subscriber with limited access.
Set up ﬁle detection
Many security plugins like iThemes Security and
WordFence will alert you when ﬁles have been changed
Only keep the theme you are
using and one backup theme on
The more themes that are on a site, the more open
chances you have to a vulnerability
Only keep the plugins you
have active on your site.
An uninstalled plugin is not a potential vulnerability.
Use the plugins repo favorites option to keep a list of
your favorite plugins
iThemes Security (Free and Pro version
Jetpack with Brute Protect and Vault Press
Always make backups!
Backup Buddy, UpDraftPlus, BackWPUp
Always save to someplace OTHER than your
Save them to Dropbox, AWS, email, or your
Have them scheduled to be made daily or at
Malware Scanning? Do I
If you suspect an issue scan your site!
Google Webmaster Tools
iThemes Security Pro
Update core. Update themes update plugins!
The biggest reasons of updates is typically security or feature
The biggest source of nearly all hacks is due to lack of updating.
If you use Envato products
(ThemeForest and CodeCanyon)
always check the box in the
downloads to be notiﬁed of updates.
That is the only way you will know if any of their products
need to be updated.
This is why the RevSlider infection was so widespread. Many
did not even know the plugin was built into their theme.
Don't ever let your
site get too lonely.
That is when the zombies come.
Nobody wants the zombies to come
If the unthinkable happens and
you do get hacked, it is not the
end of the world.
It can and will be ﬁxed.
Who can clean my
Well I can!
And so can Securi and HackRepair
Great! Are there any other
ways I can be secure?