SlideShare a Scribd company logo
1 of 51
REBECCA BOLLWITT
         @Miss604
    Miss604.com/contact
Basics for
Securing WordPress
Bloggers        Intermediate Users



So you’ve decided to run a WordPress blog....
Bloggers               Intermediate Users


Most common WordPress Hacks:
  1. Sending specially-crafted HTTP requests to your
    server with specific exploit payloads for specific
    vulnerabilities. These include old/outdated plugins and
    software.

  2. Attempting to gain access to your blog by using "brute-
    force" password guessing.
Bloggers        Intermediate Users



Security starts with usernames & passwords
Bloggers        Intermediate Users



Whatever you do, do not use “Admin” as
 your administrative account username

    (default was “fixed” in WP 3.0)
Bloggers        Intermediate Users



Do not use a password that you use for
anything else. Make it complicated with
     letters, numbers, and symbols

    %Thi$isMyS3curEPa$sw0rD%
Bloggers       Intermediate Users



 Do not approve spam comments, no
   matter how lovely they sound

Use Akismet (packaged with WordPress)
          for catching spam
Bloggers          Intermediate Users



Plugins you can install and use...
Bloggers       Intermediate Users


Plugin
WordPress Backup

Usage
Automatic backups

Where to get it
http://wordpress.org/extend/plugins/
wordpress-backup/
Bloggers          Intermediate Users


Plugin
WordPress Security Scan

Usage
Scans for vulnerabilities

Where to get it
http://wordpress.org/extend/plugins/wp-
security-scan/
Bloggers              Intermediate Users


Plugin
Secure WordPress

Usage
Behind the scenes

Where to get it
http://wordpress.org/extend/plugins/secure-
wordpress/
Bloggers              Intermediate Users


Plugin
Stealth Login

Usage
Secret Login URL

Where to get it
http://wordpress.org/extend/plugins/stealth-
login/
Bloggers      Intermediate Users


      Others:
    Login Logger
   Exploit Scanner
  WordPress Firewall
Bloggers         Intermediate Users



Speaking of plugins, make sure
   yours are all up to date
Bloggers   Intermediate Users



And, only install
plugins from the
main WordPress
   directory
Bloggers   Intermediate Users




The same goes
  for themes
Bloggers         Intermediate Users



     Now how can you
tell if you’ve been hacked?
Bloggers      Intermediate Users

Common symptoms:
Slow performance
Bloggers       Intermediate Users

Common symptoms:
Slow performance
Trouble logging in
Bloggers        Intermediate Users

Common symptoms:
Slow performance
Trouble logging in
Your theme looks “off ”
Bloggers       Intermediate Users

Common symptoms:
Slow performance
Trouble logging in
Your theme looks “off ”
Unusually high amounts of spam
Bloggers       Intermediate Users

Common symptoms:
Slow performance
Trouble logging in
Your theme looks “off ”
Unusually high amounts of spam
Unusually slow traffic
Bloggers        Intermediate Users

Common symptoms:
Funny-looking Google results
Bloggers        Intermediate Users

Common symptoms:
Funny-looking Google results
Google yourself every day
Bloggers   Intermediate Users
Bloggers        Intermediate Users




For users with FTP access
Bloggers         Intermediate Users




 Know and love the WordPress Codex
http://codex.wordpress.org/Hardening_WordPress
Bloggers        Intermediate Users

Basics, from the Codex:
Bloggers        Intermediate Users

Basics, from the Codex:
   Your computer could have security issues
Bloggers        Intermediate Users

Basics, from the Codex:
   Your computer could have security issues
   Make sure you are running the latest WP
Bloggers        Intermediate Users

Basics, from the Codex:
   Your computer could have security issues
   Make sure you are running the latest WP
   Your host could have security issues
Bloggers        Intermediate Users

Basics, from the Codex:
   Your computer could have security issues
   Make sure you are running the latest WP
   Your host could have security issues
   Lock down your directories
Bloggers        Intermediate Users

Basics, from the Codex:
   Your computer could have security issues
   Make sure you are running the latest WP
   Your host could have security issues
   Lock down your directories
          Default:
          Directories should be 755
          Files should be 644
Bloggers        Intermediate Users




Secure your wp-config.php file by moving it to
             the directory above
 (just one level above WordPress directory)
Bloggers       Intermediate Users



Give wp-config.php 400 or 440 permissions
Bloggers              Intermediate Users



Alternative to using a plugin to hide version;
            edit your header.php
   <?php remove_action('wp_head', 'wp_generator'); ?>
Bloggers        Intermediate Users



Monitor your files for changes
Bloggers         Intermediate Users

Resources:
   Your host’s status blog, Twitter, or page
   Your computer’s anti-virus & security
   The WordPress Codex: Hardening WordPress
Bloggers             Intermediate Users

Resources:
   Your host’s status blog, Twitter, or page
   Your computer’s anti-virus & security
   The WordPress Codex: Hardening WordPress
         If all else fails, ask the “community” either
         on WordPress forums, WordPress Meetup
         Groups, or Twitter
Bloggers           Intermediate Users

Additional comments, questions?
Bloggers         Intermediate Users

Recap:
 Usernames & passwords
Bloggers           Intermediate Users

Recap:
 Usernames & passwords
 Get trusted plugins & theme
Bloggers           Intermediate Users

Recap:
 Usernames & passwords
 Get trusted plugins & theme
 Use security plugins
Bloggers           Intermediate Users

Recap:
 Usernames & passwords
 Get trusted plugins & theme
 Use security plugins
 Monitor -- Google yourself
Bloggers           Intermediate Users

Recap:
 Usernames & passwords
 Get trusted plugins & theme
 Use security plugins
 Monitor -- Google yourself
 Know and love the Codex
Bloggers            Intermediate Users

Recap:
 Usernames & passwords
 Get trusted plugins & theme
 Use security plugins
 Monitor -- Google yourself
 Know and love the Codex
 Security on all levels -- computer, host, & WP
Bloggers            Intermediate Users

Recap:
 Usernames & passwords
 Get trusted plugins & theme
 Use security plugins
 Monitor -- Google yourself
 Know and love the Codex
 Security on all levels -- computer, host, & WP
 Hide version and login page
Bloggers            Intermediate Users

Recap:
 Usernames & passwords
 Get trusted plugins & theme
 Use security plugins
 Monitor -- Google yourself
 Know and love the Codex
 Security on all levels -- computer, host, & WP
 Hide version and login page
  Lock down file permissions
Bloggers            Intermediate Users

Recap:
 Usernames & passwords
 Get trusted plugins & theme
 Use security plugins
 Monitor -- Google yourself
 Know and love the Codex
 Security on all levels -- computer, host, & WP
 Hide version and login page
  Lock down file permissions
 Monitor -- again
REBECCA BOLLWITT



     @Miss604               @sixty4media
Miss604.com/contact   sixty4media.com/contact

More Related Content

What's hot

WordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdfWordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdfArthur Kasirye
 
WordPress A CMS for Beginners, Geeks and Those In-Between
WordPress A CMS for Beginners, Geeks and Those In-BetweenWordPress A CMS for Beginners, Geeks and Those In-Between
WordPress A CMS for Beginners, Geeks and Those In-BetweenHeidi Cool
 
Intro to Wordpress Security
Intro to Wordpress SecurityIntro to Wordpress Security
Intro to Wordpress SecurityChris Dodds
 
Getting Started With WordPress Development
Getting Started With WordPress DevelopmentGetting Started With WordPress Development
Getting Started With WordPress DevelopmentAndy Brudtkuhl
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
10 Ways to Secure WordPress
10 Ways to Secure WordPress10 Ways to Secure WordPress
10 Ways to Secure WordPressJeremy Green
 
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013Vlad Lasky
 
WordPress Security Basics - Melbourne WordPress User Meetup
WordPress Security Basics - Melbourne WordPress User MeetupWordPress Security Basics - Melbourne WordPress User Meetup
WordPress Security Basics - Melbourne WordPress User MeetupChris Burgess
 
Introduction wordpress
Introduction wordpressIntroduction wordpress
Introduction wordpressHall_
 
Social media management wordpress ppt
Social media management   wordpress pptSocial media management   wordpress ppt
Social media management wordpress pptTraining As A Service
 
Securing Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad LaskySecuring Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad Laskywordcampgc
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security PresentationAndrew Paton
 
WordCamp RI 2015 - Beginner WordPress Workshop
WordCamp RI 2015 - Beginner WordPress Workshop   WordCamp RI 2015 - Beginner WordPress Workshop
WordCamp RI 2015 - Beginner WordPress Workshop Ella J Designs
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressChelsea O'Brien
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 

What's hot (20)

Wordpress 101
Wordpress 101Wordpress 101
Wordpress 101
 
Jomc463 beginner wordpress(zeoli)
Jomc463 beginner wordpress(zeoli)Jomc463 beginner wordpress(zeoli)
Jomc463 beginner wordpress(zeoli)
 
WordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdfWordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdf
 
WordPress A CMS for Beginners, Geeks and Those In-Between
WordPress A CMS for Beginners, Geeks and Those In-BetweenWordPress A CMS for Beginners, Geeks and Those In-Between
WordPress A CMS for Beginners, Geeks and Those In-Between
 
Intro to Wordpress Security
Intro to Wordpress SecurityIntro to Wordpress Security
Intro to Wordpress Security
 
Getting Started With WordPress Development
Getting Started With WordPress DevelopmentGetting Started With WordPress Development
Getting Started With WordPress Development
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
 
10 Ways to Secure WordPress
10 Ways to Secure WordPress10 Ways to Secure WordPress
10 Ways to Secure WordPress
 
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
 
WordPress Security Basics - Melbourne WordPress User Meetup
WordPress Security Basics - Melbourne WordPress User MeetupWordPress Security Basics - Melbourne WordPress User Meetup
WordPress Security Basics - Melbourne WordPress User Meetup
 
Introduction wordpress
Introduction wordpressIntroduction wordpress
Introduction wordpress
 
Social media management wordpress ppt
Social media management   wordpress pptSocial media management   wordpress ppt
Social media management wordpress ppt
 
So i have a website now what?
So i have a website now what?So i have a website now what?
So i have a website now what?
 
Securing Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad LaskySecuring Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad Lasky
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security Presentation
 
WordCamp RI 2015 - Beginner WordPress Workshop
WordCamp RI 2015 - Beginner WordPress Workshop   WordCamp RI 2015 - Beginner WordPress Workshop
WordCamp RI 2015 - Beginner WordPress Workshop
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your Wordpress
 
WordPress101 ppt
WordPress101 pptWordPress101 ppt
WordPress101 ppt
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla
 

Viewers also liked

Internal Blogging for Business
Internal Blogging for BusinessInternal Blogging for Business
Internal Blogging for Businessmiss604
 
Social Media 101 - Surrey International Writers' Conference
Social Media 101 - Surrey International Writers' ConferenceSocial Media 101 - Surrey International Writers' Conference
Social Media 101 - Surrey International Writers' Conferencemiss604
 
WordPress Plugins to Make Your Blogging Life Easier
WordPress Plugins to Make Your Blogging Life EasierWordPress Plugins to Make Your Blogging Life Easier
WordPress Plugins to Make Your Blogging Life Easiermiss604
 
Social Media from an Engineering Perspective
Social Media from an Engineering PerspectiveSocial Media from an Engineering Perspective
Social Media from an Engineering Perspectivemiss604
 
Blogging for Business Basics - at F5 Expo
Blogging for Business Basics - at F5 ExpoBlogging for Business Basics - at F5 Expo
Blogging for Business Basics - at F5 Expomiss604
 
Presentation for TMAC
Presentation for TMACPresentation for TMAC
Presentation for TMACmiss604
 
15 Essential WordPress Plugins
15 Essential WordPress Plugins15 Essential WordPress Plugins
15 Essential WordPress PluginsMykl Roventine
 
Twitter for Tourism: LGBT Focus
Twitter for Tourism: LGBT FocusTwitter for Tourism: LGBT Focus
Twitter for Tourism: LGBT Focusmiss604
 
Mount Pleasant Business Improvement Area AGM
Mount Pleasant Business Improvement Area AGMMount Pleasant Business Improvement Area AGM
Mount Pleasant Business Improvement Area AGMmiss604
 

Viewers also liked (9)

Internal Blogging for Business
Internal Blogging for BusinessInternal Blogging for Business
Internal Blogging for Business
 
Social Media 101 - Surrey International Writers' Conference
Social Media 101 - Surrey International Writers' ConferenceSocial Media 101 - Surrey International Writers' Conference
Social Media 101 - Surrey International Writers' Conference
 
WordPress Plugins to Make Your Blogging Life Easier
WordPress Plugins to Make Your Blogging Life EasierWordPress Plugins to Make Your Blogging Life Easier
WordPress Plugins to Make Your Blogging Life Easier
 
Social Media from an Engineering Perspective
Social Media from an Engineering PerspectiveSocial Media from an Engineering Perspective
Social Media from an Engineering Perspective
 
Blogging for Business Basics - at F5 Expo
Blogging for Business Basics - at F5 ExpoBlogging for Business Basics - at F5 Expo
Blogging for Business Basics - at F5 Expo
 
Presentation for TMAC
Presentation for TMACPresentation for TMAC
Presentation for TMAC
 
15 Essential WordPress Plugins
15 Essential WordPress Plugins15 Essential WordPress Plugins
15 Essential WordPress Plugins
 
Twitter for Tourism: LGBT Focus
Twitter for Tourism: LGBT FocusTwitter for Tourism: LGBT Focus
Twitter for Tourism: LGBT Focus
 
Mount Pleasant Business Improvement Area AGM
Mount Pleasant Business Improvement Area AGMMount Pleasant Business Improvement Area AGM
Mount Pleasant Business Improvement Area AGM
 

Similar to Basics for Securing WordPress

Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
Securing Word Press Blog
Securing Word Press BlogSecuring Word Press Blog
Securing Word Press BlogChetan Gole
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityNathan Platt
 
How to publish your plugin as open source and contribute to WordPress
How to publish your plugin as open source and contribute to WordPressHow to publish your plugin as open source and contribute to WordPress
How to publish your plugin as open source and contribute to WordPressOtto Kekäläinen
 
WordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateWordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateZero Point Development
 
Wordpress security issues
Wordpress security issuesWordpress security issues
Wordpress security issuesDeepu Thomas
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009   Word Press In The WildWord Camp Ph 2009   Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wildrebelpixel
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Vlad Lasky
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Brad Williams
 
From WordPress With Love
From WordPress With LoveFrom WordPress With Love
From WordPress With LoveUp2 Technology
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best PracticesRobert Vidal
 
Intro to WordPress Plugins
Intro to WordPress PluginsIntro to WordPress Plugins
Intro to WordPress Pluginszamoose
 
Разработка плагина для Wordpress
Разработка плагина для Wordpress Разработка плагина для Wordpress
Разработка плагина для Wordpress Amin Benarieb
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignJudy Wilson
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
 
WordPress Optimization & Security - ThinkVisibility 2012, Leeds
WordPress Optimization & Security - ThinkVisibility 2012, LeedsWordPress Optimization & Security - ThinkVisibility 2012, Leeds
WordPress Optimization & Security - ThinkVisibility 2012, LeedsBastian Grimm
 

Similar to Basics for Securing WordPress (20)

Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
Securing Word Press Blog
Securing Word Press BlogSecuring Word Press Blog
Securing Word Press Blog
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
How to publish your plugin as open source and contribute to WordPress
How to publish your plugin as open source and contribute to WordPressHow to publish your plugin as open source and contribute to WordPress
How to publish your plugin as open source and contribute to WordPress
 
WordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateWordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 Update
 
WordPress security
WordPress securityWordPress security
WordPress security
 
Wordpress security issues
Wordpress security issuesWordpress security issues
Wordpress security issues
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009   Word Press In The WildWord Camp Ph 2009   Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wild
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010
 
From WordPress With Love
From WordPress With LoveFrom WordPress With Love
From WordPress With Love
 
WordPress Security
WordPress Security WordPress Security
WordPress Security
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
Intro to WordPress Plugins
Intro to WordPress PluginsIntro to WordPress Plugins
Intro to WordPress Plugins
 
Разработка плагина для Wordpress
Разработка плагина для Wordpress Разработка плагина для Wordpress
Разработка плагина для Wordpress
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web Design
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
 
WordPress Optimization & Security - ThinkVisibility 2012, Leeds
WordPress Optimization & Security - ThinkVisibility 2012, LeedsWordPress Optimization & Security - ThinkVisibility 2012, Leeds
WordPress Optimization & Security - ThinkVisibility 2012, Leeds
 

Recently uploaded

Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfAnubhavMangla3
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfalexjohnson7307
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentationyogeshlabana357357
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireExakis Nelite
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdfMuhammad Subhan
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimaginedpanagenda
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxjbellis
 

Recently uploaded (20)

Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 

Basics for Securing WordPress

  • 1. REBECCA BOLLWITT @Miss604 Miss604.com/contact
  • 3. Bloggers Intermediate Users So you’ve decided to run a WordPress blog....
  • 4. Bloggers Intermediate Users Most common WordPress Hacks: 1. Sending specially-crafted HTTP requests to your server with specific exploit payloads for specific vulnerabilities. These include old/outdated plugins and software. 2. Attempting to gain access to your blog by using "brute- force" password guessing.
  • 5. Bloggers Intermediate Users Security starts with usernames & passwords
  • 6. Bloggers Intermediate Users Whatever you do, do not use “Admin” as your administrative account username (default was “fixed” in WP 3.0)
  • 7. Bloggers Intermediate Users Do not use a password that you use for anything else. Make it complicated with letters, numbers, and symbols %Thi$isMyS3curEPa$sw0rD%
  • 8. Bloggers Intermediate Users Do not approve spam comments, no matter how lovely they sound Use Akismet (packaged with WordPress) for catching spam
  • 9. Bloggers Intermediate Users Plugins you can install and use...
  • 10. Bloggers Intermediate Users Plugin WordPress Backup Usage Automatic backups Where to get it http://wordpress.org/extend/plugins/ wordpress-backup/
  • 11. Bloggers Intermediate Users Plugin WordPress Security Scan Usage Scans for vulnerabilities Where to get it http://wordpress.org/extend/plugins/wp- security-scan/
  • 12. Bloggers Intermediate Users Plugin Secure WordPress Usage Behind the scenes Where to get it http://wordpress.org/extend/plugins/secure- wordpress/
  • 13. Bloggers Intermediate Users Plugin Stealth Login Usage Secret Login URL Where to get it http://wordpress.org/extend/plugins/stealth- login/
  • 14. Bloggers Intermediate Users Others: Login Logger Exploit Scanner WordPress Firewall
  • 15. Bloggers Intermediate Users Speaking of plugins, make sure yours are all up to date
  • 16. Bloggers Intermediate Users And, only install plugins from the main WordPress directory
  • 17. Bloggers Intermediate Users The same goes for themes
  • 18. Bloggers Intermediate Users Now how can you tell if you’ve been hacked?
  • 19. Bloggers Intermediate Users Common symptoms: Slow performance
  • 20. Bloggers Intermediate Users Common symptoms: Slow performance Trouble logging in
  • 21. Bloggers Intermediate Users Common symptoms: Slow performance Trouble logging in Your theme looks “off ”
  • 22. Bloggers Intermediate Users Common symptoms: Slow performance Trouble logging in Your theme looks “off ” Unusually high amounts of spam
  • 23. Bloggers Intermediate Users Common symptoms: Slow performance Trouble logging in Your theme looks “off ” Unusually high amounts of spam Unusually slow traffic
  • 24. Bloggers Intermediate Users Common symptoms: Funny-looking Google results
  • 25. Bloggers Intermediate Users Common symptoms: Funny-looking Google results Google yourself every day
  • 26. Bloggers Intermediate Users
  • 27. Bloggers Intermediate Users For users with FTP access
  • 28. Bloggers Intermediate Users Know and love the WordPress Codex http://codex.wordpress.org/Hardening_WordPress
  • 29. Bloggers Intermediate Users Basics, from the Codex:
  • 30. Bloggers Intermediate Users Basics, from the Codex: Your computer could have security issues
  • 31. Bloggers Intermediate Users Basics, from the Codex: Your computer could have security issues Make sure you are running the latest WP
  • 32. Bloggers Intermediate Users Basics, from the Codex: Your computer could have security issues Make sure you are running the latest WP Your host could have security issues
  • 33. Bloggers Intermediate Users Basics, from the Codex: Your computer could have security issues Make sure you are running the latest WP Your host could have security issues Lock down your directories
  • 34. Bloggers Intermediate Users Basics, from the Codex: Your computer could have security issues Make sure you are running the latest WP Your host could have security issues Lock down your directories Default: Directories should be 755 Files should be 644
  • 35. Bloggers Intermediate Users Secure your wp-config.php file by moving it to the directory above (just one level above WordPress directory)
  • 36. Bloggers Intermediate Users Give wp-config.php 400 or 440 permissions
  • 37. Bloggers Intermediate Users Alternative to using a plugin to hide version; edit your header.php <?php remove_action('wp_head', 'wp_generator'); ?>
  • 38. Bloggers Intermediate Users Monitor your files for changes
  • 39. Bloggers Intermediate Users Resources: Your host’s status blog, Twitter, or page Your computer’s anti-virus & security The WordPress Codex: Hardening WordPress
  • 40. Bloggers Intermediate Users Resources: Your host’s status blog, Twitter, or page Your computer’s anti-virus & security The WordPress Codex: Hardening WordPress If all else fails, ask the “community” either on WordPress forums, WordPress Meetup Groups, or Twitter
  • 41. Bloggers Intermediate Users Additional comments, questions?
  • 42. Bloggers Intermediate Users Recap: Usernames & passwords
  • 43. Bloggers Intermediate Users Recap: Usernames & passwords Get trusted plugins & theme
  • 44. Bloggers Intermediate Users Recap: Usernames & passwords Get trusted plugins & theme Use security plugins
  • 45. Bloggers Intermediate Users Recap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself
  • 46. Bloggers Intermediate Users Recap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex
  • 47. Bloggers Intermediate Users Recap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex Security on all levels -- computer, host, & WP
  • 48. Bloggers Intermediate Users Recap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex Security on all levels -- computer, host, & WP Hide version and login page
  • 49. Bloggers Intermediate Users Recap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex Security on all levels -- computer, host, & WP Hide version and login page Lock down file permissions
  • 50. Bloggers Intermediate Users Recap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex Security on all levels -- computer, host, & WP Hide version and login page Lock down file permissions Monitor -- again
  • 51. REBECCA BOLLWITT @Miss604 @sixty4media Miss604.com/contact sixty4media.com/contact

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n
  33. \n
  34. \n
  35. \n
  36. \n
  37. \n
  38. \n
  39. \n
  40. \n
  41. \n
  42. \n
  43. \n
  44. \n
  45. \n
  46. \n
  47. \n
  48. \n
  49. \n
  50. \n
  51. \n