Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Passwords, Attacks, and Security oh my!


Published on

An introduction to WordPress Security

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Passwords, Attacks, and Security oh my!

  1. 1. Michele Butcher-Jones Passwords, Attacks, and Security oh my! @michele_butcher
  2. 2. Michele Butcher-Jones • Support Rocketeer at WP Rocket • Director of Awesomeness at 13Core • Writer of all the things at • Beginners and Intermediate WordPress Instructor @michele_butcher
  3. 3. Why is security important? @michele_butcher
  4. 4. Many do not think security is important until it is too late. Every single day hackers find new ways to get your information. Todays features are tomorrow’s vulnerabilities. Stop them before they stop you @michele_butcher
  5. 5. Why do hackers hack? • Make bank • build a zombie army • Share their nasty code with the world • Get your information • They are bored • They want to see if they can do it @michele_butcher
  6. 6. But…Why are they hacking me? There is rarely ever a targeted hacking attack. Typically all sites are considered targets. The big and the small. @michele_butcher
  7. 7. And how do they get in? • They guess your login information • Denial of Service Attack (DDoS) • Through a file in a theme, plugin, or anything on your server where they found an exploit • Through your FTP and/or cPanel configuration @michele_butcher
  8. 8. Here is the only scary thing I will say in this talk @michele_butcher
  9. 9. You are NEVER 100% secure @michele_butcher
  10. 10. A test site or a site that might get 5 visitors a day can be hacked. It happened to me and it can happen to you. @michele_butcher
  11. 11. Don’t Let Security Make you like this guy! @michele_butcher
  12. 12. There are some simple steps to keep the hackers out @michele_butcher
  13. 13. WordPress Security Basics 101 @michele_butcher
  14. 14. Never ever never use “admin” as a username or “password” as password. NEVER!!!! Any questions? Adm1n and Pa55w0rd do not count either! @michele_butcher
  15. 15. Always use SFTP “S” is for safe!!! @michele_butcher
  16. 16. Only give users the access they need Just because they want to be an admin does not mean they should. Guest bloggers should rarely every be anything more than a contributor. @michele_butcher
  17. 17. If it is a temporary login, delete the user when the job is done If they do have posts, you can convert them to different users or make them a subscriber with limited access. @michele_butcher
  18. 18. Set up file detection Many security plugins like iThemes Security and WordFence will alert you when files have been changed @michele_butcher
  19. 19. Only keep the theme you are using and one backup theme on your site. The more themes that are on a site, the more open chances you have to a vulnerability @michele_butcher
  20. 20. Only keep the plugins you have active on your site. An uninstalled plugin is not a potential vulnerability. Use the plugins repo favorites option to keep a list of your favorite plugins @michele_butcher
  21. 21. Security Plugins • iThemes Security (Free and Pro version) • Sucuri Firewall • WordFence Security • Jetpack with Brute Protect and Vault Press • SecuPress @michele_butcher
  22. 22. Always make backups! • Backup Buddy, UpDraftPlus, BackWPUp • Always save to someplace OTHER than your server • Save them to Dropbox, AWS, email, or your local machine • Have them scheduled to be made daily or at least weekly @michele_butcher
  23. 23. Malware Scanning? Do I need it? • Google Webmaster Tools
 • Sucuri Scanner
 • VirusTotal If you feel your site could be infected, first do a malware scan @michele_butcher
  24. 24. What else can I do to protect my site? @michele_butcher
  25. 25. Update! Update! Update! Update core. Update themes update plugins! The biggest reasons of updates is typically security or feature related. The biggest source of nearly all hacks is due to lack of updating. @michele_butcher
  26. 26. If you use Envato products (ThemeForest and CodeCanyon) always check the box in the downloads to be notified of updates. That is the only way you will know if any of their products need to be updated. This is why the RevSlider infection was so widespread. Many did not even know the plugin was built into their theme. @michele_butcher
  27. 27. Don't ever let your site get too lonely. That is when the zombies come. 
 Nobody wants the zombies to come @michele_butcher
  28. 28. If the unthinkable happens and you do get hacked, it is not the end of the world. It can and will be fixed. @michele_butcher
  29. 29. Who can clean my hacked website? Sucuri
 Hack Repair
 Wp Security Lock @michele_butcher
  30. 30. Great! Are there any other ways I can be secure? @michele_butcher
  31. 31. Always use complex passwords @michele_butcher
  32. 32. Never email passwords @michele_butcher
  33. 33. Never use the same password twice @michele_butcher
  34. 34. Use a Password Keeper • Last Pass • One Password • KeePass @michele_butcher
  35. 35. If a login has a Two-Factor Authentication, USE IT! @michele_butcher
  36. 36. Anti-virus! Use it on all the things. Yes, even a Mac! @michele_butcher
  37. 37. Be conscious when using public WiFi @michele_butcher
  38. 38. Use a VPN if you use Public WiFi • Torguard • Cloak (Mac only) • Site Social • Hide My Ass @michele_butcher
  39. 39. Update! Update! Update! @michele_butcher
  40. 40. Back everything up and back it up often! No one wants to lose their information stored on their computer. • Bitcasa • Caronbinte • External Harddrives @michele_butcher
  41. 41. Questions? @michele_butcher
  42. 42. Thank you!!! Michele Butcher-Jones @michele_butcher Slides can be found at