2. Michele Butcher-Jones
โข Support Rocketeer at WP
Rocket
โข Director of Awesomeness at
13Core
โข Writer of all the things at
CantSpeakGeek.com
โข Beginners and Intermediate
WordPress Instructor
http://mlb.pw/montreal17 @michele_butcher
3. Why is security important?
http://mlb.pw/montreal17 @michele_butcher
4. Many do not think security is
important until it is too late.
Every single day hackers ๏ฌnd new ways to get your information.
Todays features are tomorrowโs vulnerabilities.
Stop them before they stop you
http://mlb.pw/montreal17 @michele_butcher
5. Why do hackers hack?
โข Make bank
โข build a zombie
army
โข Share their nasty
code with the world
โข Get your
information
โข They are bored
โข They want to see if
they can do it
http://mlb.pw/montreal17 @michele_butcher
6. ButโฆWhy are they hacking
me?
There is rarely ever a targeted hacking attack.
Typically all sites are considered targets. The
big and the small.
http://mlb.pw/montreal17 @michele_butcher
7. And how do they get in?
โข They guess your login information
โข Denial of Service Attack (DDoS)
โข Through a ๏ฌle in a theme, plugin, or anything on your
server where they found an exploit
โข Through your FTP and/or cPanel con๏ฌguration
http://mlb.pw/montreal17 @michele_butcher
8. Here is the only scary thing I
will say in this talk
http://mlb.pw/montreal17 @michele_butcher
10. A test site or a site that might get
5 visitors a day can be hacked.
It happened to me and it can happen to you.
http://mlb.pw/montreal17 @michele_butcher
14. Never ever never use โadminโ as a
username or โpasswordโ as
password. NEVER!!!!
Any questions?
Adm1n and Pa55w0rd do not count either!
http://mlb.pw/montreal17 @michele_butcher
16. Only give users the access
they need
Just because they want to be an admin does not mean they should.
Guest bloggers should rarely every be anything more than a contributor.
http://mlb.pw/montreal17 @michele_butcher
17. If it is a temporary login, delete
the user when the job is done
If they do have posts, you can convert them to different users or make them a
subscriber with limited access.
http://mlb.pw/montreal17 @michele_butcher
18. Set up ๏ฌle detection
Many security plugins like iThemes Security and WordFence will alert you when
๏ฌles have been changed
http://mlb.pw/montreal17 @michele_butcher
19. Only keep the theme you are using
and one backup theme on your
site.
The more themes that are on a site, the more open chances you have to a
vulnerability
http://mlb.pw/montreal17 @michele_butcher
20. Only keep the plugins you
have active on your site.
An uninstalled plugin is not a potential vulnerability.
Use the plugins repo favorites option to keep a list
of your favorite plugins
http://mlb.pw/montreal17 @michele_butcher
21. Security Plugins
โข iThemes Security (Free and Pro version)
โข Sucuri Firewall
โข WordFence Security
โข Jetpack with Brute Protect and Vault Press
โข SecuPress
http://mlb.pw/montreal17 @michele_butcher
22. Always make backups!
โข Backup Buddy, UpDraftPlus, BackWPUp
โข Always save to someplace OTHER than your server
โข Save them to Dropbox, AWS, email, or your local
machine
โข Have them scheduled to be made daily or at least
weekly
http://mlb.pw/montreal17 @michele_butcher
23. Malware Scanning? Do I
need it?
โข Google Webmaster Toolsโจ
โข Sucuri Scannerโจ
โข VirusTotal
If you feel your site could be infected, ๏ฌrst do
a malware scan
http://mlb.pw/montreal17 @michele_butcher
24. What else can I do to protect
my site?
http://mlb.pw/montreal17 @michele_butcher
25. Update!
Update!
Update!
Update core. Update themes update plugins!
The biggest reasons of updates is typically security or feature related.
The biggest source of nearly all hacks is due to lack of updating.
http://mlb.pw/montreal17 @michele_butcher
26. If you use Envato products (ThemeForest
and CodeCanyon) always check the box in
the downloads to be noti๏ฌed of updates.
That is the only way you will know if any of their
products need to be updated.
This is why the RevSlider infection was so widespread.
Many did not even know the plugin was built into their
theme.
http://mlb.pw/montreal17 @michele_butcher
27. Don't ever let your site get
too lonely.
That is when the zombies come. โจ
Nobody wants the zombies to come
http://mlb.pw/montreal17 @michele_butcher
28. If the unthinkable happens and you
do get hacked, it is not the end of
the world.
It can and will be ๏ฌxed.
http://mlb.pw/montreal17 @michele_butcher
29. Who can clean my hacked
website?
Sucuriโจ
SiteLockโจ
Hack Repairโจ
Wp Security Lock
http://mlb.pw/montreal17 @michele_butcher
30. Great! Are there any other
ways I can be secure?
http://mlb.pw/montreal17 @michele_butcher
40. Back everything up and back
it up often!
No one wants to lose their information
stored on their computer.
โข Bitcasa
โข Caronbinte
โข External Harddrives
http://mlb.pw/montreal17 @michele_butcher