Basics for Securing WordPress

3,605 views

Published on

Basics for WordPress Security as presented by Rebecca of Miss604.com & sixty4media.com at WordCamp Victoria 2011

Published in: Technology
4 Comments
2 Likes
Statistics
Notes
No Downloads
Views
Total views
3,605
On SlideShare
0
From Embeds
0
Number of Embeds
746
Actions
Shares
0
Downloads
0
Comments
4
Likes
2
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Basics for Securing WordPress

    1. 1. REBECCA BOLLWITT @Miss604 Miss604.com/contact
    2. 2. Basics forSecuring WordPress
    3. 3. Bloggers Intermediate UsersSo you’ve decided to run a WordPress blog....
    4. 4. Bloggers Intermediate UsersMost common WordPress Hacks: 1. Sending specially-crafted HTTP requests to your server with specific exploit payloads for specific vulnerabilities. These include old/outdated plugins and software. 2. Attempting to gain access to your blog by using "brute- force" password guessing.
    5. 5. Bloggers Intermediate UsersSecurity starts with usernames & passwords
    6. 6. Bloggers Intermediate UsersWhatever you do, do not use “Admin” as your administrative account username (default was “fixed” in WP 3.0)
    7. 7. Bloggers Intermediate UsersDo not use a password that you use foranything else. Make it complicated with letters, numbers, and symbols %Thi$isMyS3curEPa$sw0rD%
    8. 8. Bloggers Intermediate Users Do not approve spam comments, no matter how lovely they soundUse Akismet (packaged with WordPress) for catching spam
    9. 9. Bloggers Intermediate UsersPlugins you can install and use...
    10. 10. Bloggers Intermediate UsersPluginWordPress BackupUsageAutomatic backupsWhere to get ithttp://wordpress.org/extend/plugins/wordpress-backup/
    11. 11. Bloggers Intermediate UsersPluginWordPress Security ScanUsageScans for vulnerabilitiesWhere to get ithttp://wordpress.org/extend/plugins/wp-security-scan/
    12. 12. Bloggers Intermediate UsersPluginSecure WordPressUsageBehind the scenesWhere to get ithttp://wordpress.org/extend/plugins/secure-wordpress/
    13. 13. Bloggers Intermediate UsersPluginStealth LoginUsageSecret Login URLWhere to get ithttp://wordpress.org/extend/plugins/stealth-login/
    14. 14. Bloggers Intermediate Users Others: Login Logger Exploit Scanner WordPress Firewall
    15. 15. Bloggers Intermediate UsersSpeaking of plugins, make sure yours are all up to date
    16. 16. Bloggers Intermediate UsersAnd, only installplugins from themain WordPress directory
    17. 17. Bloggers Intermediate UsersThe same goes for themes
    18. 18. Bloggers Intermediate Users Now how can youtell if you’ve been hacked?
    19. 19. Bloggers Intermediate UsersCommon symptoms:Slow performance
    20. 20. Bloggers Intermediate UsersCommon symptoms:Slow performanceTrouble logging in
    21. 21. Bloggers Intermediate UsersCommon symptoms:Slow performanceTrouble logging inYour theme looks “off ”
    22. 22. Bloggers Intermediate UsersCommon symptoms:Slow performanceTrouble logging inYour theme looks “off ”Unusually high amounts of spam
    23. 23. Bloggers Intermediate UsersCommon symptoms:Slow performanceTrouble logging inYour theme looks “off ”Unusually high amounts of spamUnusually slow traffic
    24. 24. Bloggers Intermediate UsersCommon symptoms:Funny-looking Google results
    25. 25. Bloggers Intermediate UsersCommon symptoms:Funny-looking Google resultsGoogle yourself every day
    26. 26. Bloggers Intermediate Users
    27. 27. Bloggers Intermediate UsersFor users with FTP access
    28. 28. Bloggers Intermediate Users Know and love the WordPress Codexhttp://codex.wordpress.org/Hardening_WordPress
    29. 29. Bloggers Intermediate UsersBasics, from the Codex:
    30. 30. Bloggers Intermediate UsersBasics, from the Codex: Your computer could have security issues
    31. 31. Bloggers Intermediate UsersBasics, from the Codex: Your computer could have security issues Make sure you are running the latest WP
    32. 32. Bloggers Intermediate UsersBasics, from the Codex: Your computer could have security issues Make sure you are running the latest WP Your host could have security issues
    33. 33. Bloggers Intermediate UsersBasics, from the Codex: Your computer could have security issues Make sure you are running the latest WP Your host could have security issues Lock down your directories
    34. 34. Bloggers Intermediate UsersBasics, from the Codex: Your computer could have security issues Make sure you are running the latest WP Your host could have security issues Lock down your directories Default: Directories should be 755 Files should be 644
    35. 35. Bloggers Intermediate UsersSecure your wp-config.php file by moving it to the directory above (just one level above WordPress directory)
    36. 36. Bloggers Intermediate UsersGive wp-config.php 400 or 440 permissions
    37. 37. Bloggers Intermediate UsersAlternative to using a plugin to hide version; edit your header.php <?php remove_action(wp_head, wp_generator); ?>
    38. 38. Bloggers Intermediate UsersMonitor your files for changes
    39. 39. Bloggers Intermediate UsersResources: Your host’s status blog, Twitter, or page Your computer’s anti-virus & security The WordPress Codex: Hardening WordPress
    40. 40. Bloggers Intermediate UsersResources: Your host’s status blog, Twitter, or page Your computer’s anti-virus & security The WordPress Codex: Hardening WordPress If all else fails, ask the “community” either on WordPress forums, WordPress Meetup Groups, or Twitter
    41. 41. Bloggers Intermediate UsersAdditional comments, questions?
    42. 42. Bloggers Intermediate UsersRecap: Usernames & passwords
    43. 43. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme
    44. 44. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme Use security plugins
    45. 45. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself
    46. 46. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex
    47. 47. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex Security on all levels -- computer, host, & WP
    48. 48. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex Security on all levels -- computer, host, & WP Hide version and login page
    49. 49. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex Security on all levels -- computer, host, & WP Hide version and login page Lock down file permissions
    50. 50. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex Security on all levels -- computer, host, & WP Hide version and login page Lock down file permissions Monitor -- again
    51. 51. REBECCA BOLLWITT @Miss604 @sixty4mediaMiss604.com/contact sixty4media.com/contact

    ×