SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Successfully reported this slideshow.
Activate your 14 day free trial to unlock unlimited reading.
Security Isn't Scary and It's Not Rocket Science either.
Security Isn't Scary and It's Not Rocket Science either.
1.
Security isn't scary, and
it’s not rocket science
either.
Michele Butcher
!
CantSpeakGeek.com WPSecurityLock.com
!
@Michele_Butcher
!
Slides can be found at http://mlb.pw/k1mbf
2.
Michele Butcher
• WordPress Consultant, Site
Cleaner, and Trainer for
WP Security Lock
• WordPress Manager for
Megabytes Inc
• One Woman Wonder at
Can’t Speak Geek
@michele_butcher
4.
Every day hackers try
to find ways to get
your information.
@michele_butcher
5.
Why do hackers hack?
• Make bank
• Build a zombie site army
• Share their nasty malware with the world
• Get your information
• They are bored
• They want to see if they can do it
@michele_butcher
6.
Why are these people
attacking me?
Anymore, it is not people but bots attacking your site.
Hackers have programs that do the work for them.
!
Rarely is it people doing the hacking unless it is targeted.
Strong opinion sites are a good example.
@michele_butcher
7.
How do they get in?
• Guess your login. If you know it so can someone
else. (Brute force attack or man in the middle)
• Denial of Service attack (DDoS) flood your site
with more traffic than it can handle
• Through a theme, file or plugin
• Through your FTP or CPanel. (Files set to read,
write,execute. Brute force, anonymous login,
shared hosting infection)
@michele_butcher
8.
And now for the only
thing scary that I am
going to say.
@michele_butcher
14.
Never ever ever use admin as user
name or password as password.
Never!
@michele_butcher
15.
ALWAYS change your prefix name
from wp_ Let it be anything other
than wp_
fdhsfjkhs_ is always good
I typically do not even look at what I am typing anymore
when I make the WP prefix. The random the better.
@michele_butcher
16.
If you do have to let others
into your dashboard or FTP…
• Use SFTP Always!
• Only give them access to what they NEED not
what they want
• If it is only a temporary login, delete their login
when they have completed their job.
• Set up a file change detection notification to
know what they are changing in your site.
@michele_butcher
18.
iThemes Security
Great all encompassing best practices
WordPress security plugin.
Two versions a free and a premium.
!
http://ithemes.com/security
@michele_butcher
19.
Brute Protect
If you are mainly worried about DDoS attacks, Brute
Protect has you covered.
!
http://bruteprotect.com
@michele_butcher
20.
Who can scan my site
for malware?
Google Webmaster Tools http://google.com/webmaster
!
VirusTotal https://virustotal.com
!
iThemes Security Pro htttp://ithemes.com/security
@michele_butcher
21.
Need an extra eye on
your site?
CloudFlare has a free and premium version.
http://cloudflare.com
@michele_butcher
22.
Update!
Update!
Update!
Update core, update plugins, update
themes, update content, update everything
and update often!
!
The biggest source of nearly all hacks as
once something is patched, it is trivial to get
into the old stuff.
@michele_butcher
23.
Have a minimalist approach
to plugins and themes.
• Only have the plugins you are using at that time
on your site. You can always upload them again
later.
• Only have your theme you are using on your site.
• If something is not active, delete it.
@michele_butcher
24.
Back up your site!
!
Somewhere, anywhere, just have a
backup copy.
BackupBuddy from iThemes is a great choice. iThemes
Security will do a database backup for you.
!
http://ithemes.com/backupbuddy
@michele_butcher
25.
Always back up to someplace
OTHER than your server. If the
server gets hacked, so does your
backup.
@michele_butcher
26.
Don’t let your site get
lonely.
Lonely sites can turn into zombie sites and
nobody wants a zombie
@michele_butcher
27.
If your website get
hacked it is not the
end of the world.
!
It can and will be fixed.
@michele_butcher
28.
Who cleans hacked
websites?
Well I do over at WP Security Lock ~Smile~
!
http://wpsecuritylock.com
I apologize… had to do one shameful plug.
@michele_butcher
29.
What are other ways I
can be more secure?
@michele_butcher
30.
ALWAYS use complex
passwords. ALWAYS!
For everything!
“password” is never a
good password!
@michele_butcher
31.
Never email passwords to
anyone. Including yourself.
!
Use a different password for each
and every thing you log into.
!
Use something like LastPass or
1Password to share passwords
with others.
@michele_butcher
32.
If the login has a
Two-Factor authentication,
use it!
@michele_butcher
33.
Anti-virus
Protect your unit!
Yes I even have an anti-virus on my Mac!
AVG and Avast have free versions as well as paid.
Kaspersky is great with Windows and Macs.
@michele_butcher
34.
Be conscious when
using public WiFi.
@michele_butcher
35.
Use a VPN when connecting
out in the wild.
torguard.com
@michele_butcher
37.
Back up everything
and back it up often.
If you fear you might lose
information, save it in more than one
spot. Bitcasa, Carbonite, and
external hard drives are great
options of backing up data.
@michele_butcher
39.
Thank you for attending!
Slides can be found at http://mlb.pw/k1mbf
Michele Butcher
@michele_butcher
http://wpsecuritylock.com
http://cantspeakgeek.com
0 likes
Be the first to like this
Views
Total views
1,056
On SlideShare
0
From Embeds
0
Number of Embeds
11
You have now unlocked unlimited access to 20M+ documents!
Unlimited Reading
Learn faster and smarter from top experts
Unlimited Downloading
Download to take your learnings offline and on the go
You also get free access to Scribd!
Instant access to millions of ebooks, audiobooks, magazines, podcasts and more.
Read and listen offline with any device.
Free access to premium services like Tuneln, Mubi and more.