Every day hackers try
to ﬁnd ways to get
Why do hackers hack?
• Make bank
• Build a zombie site army
• Share their nasty malware with the world
• Get your information
• They are bored
• They want to see if they can do it
Why are these people
Anymore, it is not people but bots attacking your site.
Hackers have programs that do the work for them.
Rarely is it people doing the hacking unless it is targeted.
Strong opinion sites are a good example.
How do they get in?
• Guess your login. If you know it so can someone
else. (Brute force attack or man in the middle)
• Denial of Service attack (DDoS) ﬂood your site
with more trafﬁc than it can handle
• Through a theme, ﬁle or plugin
• Through your FTP or CPanel. (Files set to read,
write,execute. Brute force, anonymous login,
shared hosting infection)
And now for the only
thing scary that I am
going to say.
Never ever ever use admin as user
name or password as password.
ALWAYS change your preﬁx name
from wp_ Let it be anything other
fdhsfjkhs_ is always good
I typically do not even look at what I am typing anymore
when I make the WP preﬁx. The random the better.
If you do have to let others
into your dashboard or FTP…
• Use SFTP Always!
• Only give them access to what they NEED not
what they want
• If it is only a temporary login, delete their login
when they have completed their job.
• Set up a ﬁle change detection notiﬁcation to
know what they are changing in your site.
Great all encompassing best practices
WordPress security plugin.
Two versions a free and a premium.
If you are mainly worried about DDoS attacks, Brute
Protect has you covered.
Who can scan my site
Google Webmaster Tools http://google.com/webmaster
iThemes Security Pro htttp://ithemes.com/security
Need an extra eye on
CloudFlare has a free and premium version.
Update core, update plugins, update
themes, update content, update everything
and update often!
The biggest source of nearly all hacks as
once something is patched, it is trivial to get
into the old stuff.
Have a minimalist approach
to plugins and themes.
• Only have the plugins you are using at that time
on your site. You can always upload them again
• Only have your theme you are using on your site.
• If something is not active, delete it.
Back up your site!
Somewhere, anywhere, just have a
BackupBuddy from iThemes is a great choice. iThemes
Security will do a database backup for you.
Always back up to someplace
OTHER than your server. If the
server gets hacked, so does your
Don’t let your site get
Lonely sites can turn into zombie sites and
nobody wants a zombie
If your website get
hacked it is not the
end of the world.
It can and will be ﬁxed.
Who cleans hacked
Well I do over at WP Security Lock ~Smile~
I apologize… had to do one shameful plug.
What are other ways I
can be more secure?
ALWAYS use complex
“password” is never a
Never email passwords to
anyone. Including yourself.
Use a different password for each
and every thing you log into.
Use something like LastPass or
1Password to share passwords
If the login has a
Protect your unit!
Yes I even have an anti-virus on my Mac!
AVG and Avast have free versions as well as paid.
Kaspersky is great with Windows and Macs.
Be conscious when
using public WiFi.
Use a VPN when connecting
out in the wild.
Back up everything
and back it up often.
If you fear you might lose
information, save it in more than one
spot. Bitcasa, Carbonite, and
external hard drives are great
options of backing up data.