Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Security isn't scary, and
it’s not rocket science
either.
Michele Butcher
!
CantSpeakGeek.com WPSecurityLock.com
!
@Michel...
Michele Butcher
• WordPress Consultant, Site
Cleaner, and Trainer for 

WP Security Lock
• WordPress Manager for
Megabytes...
Why is security
important?
@michele_butcher
Every day hackers try
to find ways to get
your information.
@michele_butcher
Why do hackers hack?
• Make bank
• Build a zombie site army
• Share their nasty malware with the world
• Get your informat...
Why are these people
attacking me?
Anymore, it is not people but bots attacking your site.
Hackers have programs that do t...
How do they get in?
• Guess your login. If you know it so can someone
else. (Brute force attack or man in the middle)
• De...
And now for the only
thing scary that I am
going to say.
@michele_butcher
You are NEVER
100% secure
@michele_butcher
Even a test site or a
knitting site with only 2
visitors can be hacked.
It can happen to your
site.
@michele_butcher
Don’t let
security
make you
like this guy.
@michele_butcher
But there are ways to
keep the hacker
attackers out!
@michele_butcher
WordPress Security
Basics
@michele_butcher
Never ever ever use admin as user
name or password as password.
Never!
@michele_butcher
ALWAYS change your prefix name
from wp_ Let it be anything other
than wp_
fdhsfjkhs_ is always good
I typically do not even...
If you do have to let others
into your dashboard or FTP…
• Use SFTP Always!
• Only give them access to what they NEED not
...
What about security
plugins?
@michele_butcher
iThemes Security
Great all encompassing best practices
WordPress security plugin.
Two versions a free and a premium.
!
htt...
Brute Protect
If you are mainly worried about DDoS attacks, Brute
Protect has you covered.
!
http://bruteprotect.com
@mich...
Who can scan my site
for malware?
Google Webmaster Tools http://google.com/webmaster
!
VirusTotal https://virustotal.com
!...
Need an extra eye on
your site?
CloudFlare has a free and premium version.
http://cloudflare.com
@michele_butcher
Update!
Update!
Update!
Update core, update plugins, update
themes, update content, update everything
and update often!
!
...
Have a minimalist approach
to plugins and themes.
• Only have the plugins you are using at that time
on your site. You can...
Back up your site!
!
Somewhere, anywhere, just have a
backup copy.
BackupBuddy from iThemes is a great choice. iThemes
Sec...
Always back up to someplace
OTHER than your server. If the
server gets hacked, so does your
backup.
@michele_butcher
Don’t let your site get
lonely.
Lonely sites can turn into zombie sites and
nobody wants a zombie
@michele_butcher
If your website get
hacked it is not the
end of the world.
!
It can and will be fixed.
@michele_butcher
Who cleans hacked
websites?
Well I do over at WP Security Lock ~Smile~
!
http://wpsecuritylock.com
I apologize… had to do ...
What are other ways I
can be more secure?
@michele_butcher
ALWAYS use complex
passwords. ALWAYS!
For everything!
“password” is never a
good password!
@michele_butcher
Never email passwords to
anyone. Including yourself.
!
Use a different password for each
and every thing you log into.
!
U...
If the login has a
Two-Factor authentication,
use it!
@michele_butcher
Anti-virus
Protect your unit!
Yes I even have an anti-virus on my Mac!
AVG and Avast have free versions as well as paid.
K...
Be conscious when
using public WiFi.
@michele_butcher
Use a VPN when connecting
out in the wild.
torguard.com
@michele_butcher
Update!
Update!
Update!
Let me say this again
Back up everything
and back it up often.
If you fear you might lose
information, save it in more than one
spot. Bitcasa, C...
Questions?
@michele_butcher
Thank you for attending!
Slides can be found at http://mlb.pw/k1mbf
Michele Butcher
@michele_butcher
http://wpsecuritylock...
Upcoming SlideShare
Loading in …5
×

Security Isn't Scary and It's Not Rocket Science either.

939 views

Published on

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Security Isn't Scary and It's Not Rocket Science either.

  1. 1. Security isn't scary, and it’s not rocket science either. Michele Butcher ! CantSpeakGeek.com WPSecurityLock.com ! @Michele_Butcher ! Slides can be found at http://mlb.pw/k1mbf
  2. 2. Michele Butcher • WordPress Consultant, Site Cleaner, and Trainer for 
 WP Security Lock • WordPress Manager for Megabytes Inc • One Woman Wonder at 
 Can’t Speak Geek @michele_butcher
  3. 3. Why is security important? @michele_butcher
  4. 4. Every day hackers try to find ways to get your information. @michele_butcher
  5. 5. Why do hackers hack? • Make bank • Build a zombie site army • Share their nasty malware with the world • Get your information • They are bored • They want to see if they can do it @michele_butcher
  6. 6. Why are these people attacking me? Anymore, it is not people but bots attacking your site. Hackers have programs that do the work for them. ! Rarely is it people doing the hacking unless it is targeted. Strong opinion sites are a good example. @michele_butcher
  7. 7. How do they get in? • Guess your login. If you know it so can someone else. (Brute force attack or man in the middle) • Denial of Service attack (DDoS) flood your site with more traffic than it can handle • Through a theme, file or plugin • Through your FTP or CPanel. (Files set to read, write,execute. Brute force, anonymous login, shared hosting infection) @michele_butcher
  8. 8. And now for the only thing scary that I am going to say. @michele_butcher
  9. 9. You are NEVER 100% secure @michele_butcher
  10. 10. Even a test site or a knitting site with only 2 visitors can be hacked. It can happen to your site. @michele_butcher
  11. 11. Don’t let security make you like this guy. @michele_butcher
  12. 12. But there are ways to keep the hacker attackers out! @michele_butcher
  13. 13. WordPress Security Basics @michele_butcher
  14. 14. Never ever ever use admin as user name or password as password. Never! @michele_butcher
  15. 15. ALWAYS change your prefix name from wp_ Let it be anything other than wp_ fdhsfjkhs_ is always good I typically do not even look at what I am typing anymore when I make the WP prefix. The random the better. @michele_butcher
  16. 16. If you do have to let others into your dashboard or FTP… • Use SFTP Always! • Only give them access to what they NEED not what they want • If it is only a temporary login, delete their login when they have completed their job. • Set up a file change detection notification to know what they are changing in your site. @michele_butcher
  17. 17. What about security plugins? @michele_butcher
  18. 18. iThemes Security Great all encompassing best practices WordPress security plugin. Two versions a free and a premium. ! http://ithemes.com/security @michele_butcher
  19. 19. Brute Protect If you are mainly worried about DDoS attacks, Brute Protect has you covered. ! http://bruteprotect.com @michele_butcher
  20. 20. Who can scan my site for malware? Google Webmaster Tools http://google.com/webmaster ! VirusTotal https://virustotal.com ! iThemes Security Pro htttp://ithemes.com/security @michele_butcher
  21. 21. Need an extra eye on your site? CloudFlare has a free and premium version. http://cloudflare.com @michele_butcher
  22. 22. Update! Update! Update! Update core, update plugins, update themes, update content, update everything and update often! ! The biggest source of nearly all hacks as once something is patched, it is trivial to get into the old stuff. @michele_butcher
  23. 23. Have a minimalist approach to plugins and themes. • Only have the plugins you are using at that time on your site. You can always upload them again later. • Only have your theme you are using on your site. • If something is not active, delete it. @michele_butcher
  24. 24. Back up your site! ! Somewhere, anywhere, just have a backup copy. BackupBuddy from iThemes is a great choice. iThemes Security will do a database backup for you. ! http://ithemes.com/backupbuddy @michele_butcher
  25. 25. Always back up to someplace OTHER than your server. If the server gets hacked, so does your backup. @michele_butcher
  26. 26. Don’t let your site get lonely. Lonely sites can turn into zombie sites and nobody wants a zombie @michele_butcher
  27. 27. If your website get hacked it is not the end of the world. ! It can and will be fixed. @michele_butcher
  28. 28. Who cleans hacked websites? Well I do over at WP Security Lock ~Smile~ ! http://wpsecuritylock.com I apologize… had to do one shameful plug. @michele_butcher
  29. 29. What are other ways I can be more secure? @michele_butcher
  30. 30. ALWAYS use complex passwords. ALWAYS! For everything! “password” is never a good password! @michele_butcher
  31. 31. Never email passwords to anyone. Including yourself. ! Use a different password for each and every thing you log into. ! Use something like LastPass or 1Password to share passwords with others. @michele_butcher
  32. 32. If the login has a Two-Factor authentication, use it! @michele_butcher
  33. 33. Anti-virus Protect your unit! Yes I even have an anti-virus on my Mac! AVG and Avast have free versions as well as paid. Kaspersky is great with Windows and Macs. @michele_butcher
  34. 34. Be conscious when using public WiFi. @michele_butcher
  35. 35. Use a VPN when connecting out in the wild. torguard.com @michele_butcher
  36. 36. Update! Update! Update! Let me say this again
  37. 37. Back up everything and back it up often. If you fear you might lose information, save it in more than one spot. Bitcasa, Carbonite, and external hard drives are great options of backing up data. @michele_butcher
  38. 38. Questions? @michele_butcher
  39. 39. Thank you for attending! Slides can be found at http://mlb.pw/k1mbf Michele Butcher @michele_butcher http://wpsecuritylock.com http://cantspeakgeek.com

×