Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Basics for Securing WordPress

3,643 views

Published on

Basics for WordPress Security as presented by Rebecca of Miss604.com & sixty4media.com at WordCamp Victoria 2011

Published in: Technology

Basics for Securing WordPress

  1. 1. REBECCA BOLLWITT @Miss604 Miss604.com/contact
  2. 2. Basics forSecuring WordPress
  3. 3. Bloggers Intermediate UsersSo you’ve decided to run a WordPress blog....
  4. 4. Bloggers Intermediate UsersMost common WordPress Hacks: 1. Sending specially-crafted HTTP requests to your server with specific exploit payloads for specific vulnerabilities. These include old/outdated plugins and software. 2. Attempting to gain access to your blog by using "brute- force" password guessing.
  5. 5. Bloggers Intermediate UsersSecurity starts with usernames & passwords
  6. 6. Bloggers Intermediate UsersWhatever you do, do not use “Admin” as your administrative account username (default was “fixed” in WP 3.0)
  7. 7. Bloggers Intermediate UsersDo not use a password that you use foranything else. Make it complicated with letters, numbers, and symbols %Thi$isMyS3curEPa$sw0rD%
  8. 8. Bloggers Intermediate Users Do not approve spam comments, no matter how lovely they soundUse Akismet (packaged with WordPress) for catching spam
  9. 9. Bloggers Intermediate UsersPlugins you can install and use...
  10. 10. Bloggers Intermediate UsersPluginWordPress BackupUsageAutomatic backupsWhere to get ithttp://wordpress.org/extend/plugins/wordpress-backup/
  11. 11. Bloggers Intermediate UsersPluginWordPress Security ScanUsageScans for vulnerabilitiesWhere to get ithttp://wordpress.org/extend/plugins/wp-security-scan/
  12. 12. Bloggers Intermediate UsersPluginSecure WordPressUsageBehind the scenesWhere to get ithttp://wordpress.org/extend/plugins/secure-wordpress/
  13. 13. Bloggers Intermediate UsersPluginStealth LoginUsageSecret Login URLWhere to get ithttp://wordpress.org/extend/plugins/stealth-login/
  14. 14. Bloggers Intermediate Users Others: Login Logger Exploit Scanner WordPress Firewall
  15. 15. Bloggers Intermediate UsersSpeaking of plugins, make sure yours are all up to date
  16. 16. Bloggers Intermediate UsersAnd, only installplugins from themain WordPress directory
  17. 17. Bloggers Intermediate UsersThe same goes for themes
  18. 18. Bloggers Intermediate Users Now how can youtell if you’ve been hacked?
  19. 19. Bloggers Intermediate UsersCommon symptoms:Slow performance
  20. 20. Bloggers Intermediate UsersCommon symptoms:Slow performanceTrouble logging in
  21. 21. Bloggers Intermediate UsersCommon symptoms:Slow performanceTrouble logging inYour theme looks “off ”
  22. 22. Bloggers Intermediate UsersCommon symptoms:Slow performanceTrouble logging inYour theme looks “off ”Unusually high amounts of spam
  23. 23. Bloggers Intermediate UsersCommon symptoms:Slow performanceTrouble logging inYour theme looks “off ”Unusually high amounts of spamUnusually slow traffic
  24. 24. Bloggers Intermediate UsersCommon symptoms:Funny-looking Google results
  25. 25. Bloggers Intermediate UsersCommon symptoms:Funny-looking Google resultsGoogle yourself every day
  26. 26. Bloggers Intermediate Users
  27. 27. Bloggers Intermediate UsersFor users with FTP access
  28. 28. Bloggers Intermediate Users Know and love the WordPress Codexhttp://codex.wordpress.org/Hardening_WordPress
  29. 29. Bloggers Intermediate UsersBasics, from the Codex:
  30. 30. Bloggers Intermediate UsersBasics, from the Codex: Your computer could have security issues
  31. 31. Bloggers Intermediate UsersBasics, from the Codex: Your computer could have security issues Make sure you are running the latest WP
  32. 32. Bloggers Intermediate UsersBasics, from the Codex: Your computer could have security issues Make sure you are running the latest WP Your host could have security issues
  33. 33. Bloggers Intermediate UsersBasics, from the Codex: Your computer could have security issues Make sure you are running the latest WP Your host could have security issues Lock down your directories
  34. 34. Bloggers Intermediate UsersBasics, from the Codex: Your computer could have security issues Make sure you are running the latest WP Your host could have security issues Lock down your directories Default: Directories should be 755 Files should be 644
  35. 35. Bloggers Intermediate UsersSecure your wp-config.php file by moving it to the directory above (just one level above WordPress directory)
  36. 36. Bloggers Intermediate UsersGive wp-config.php 400 or 440 permissions
  37. 37. Bloggers Intermediate UsersAlternative to using a plugin to hide version; edit your header.php <?php remove_action(wp_head, wp_generator); ?>
  38. 38. Bloggers Intermediate UsersMonitor your files for changes
  39. 39. Bloggers Intermediate UsersResources: Your host’s status blog, Twitter, or page Your computer’s anti-virus & security The WordPress Codex: Hardening WordPress
  40. 40. Bloggers Intermediate UsersResources: Your host’s status blog, Twitter, or page Your computer’s anti-virus & security The WordPress Codex: Hardening WordPress If all else fails, ask the “community” either on WordPress forums, WordPress Meetup Groups, or Twitter
  41. 41. Bloggers Intermediate UsersAdditional comments, questions?
  42. 42. Bloggers Intermediate UsersRecap: Usernames & passwords
  43. 43. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme
  44. 44. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme Use security plugins
  45. 45. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself
  46. 46. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex
  47. 47. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex Security on all levels -- computer, host, & WP
  48. 48. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex Security on all levels -- computer, host, & WP Hide version and login page
  49. 49. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex Security on all levels -- computer, host, & WP Hide version and login page Lock down file permissions
  50. 50. Bloggers Intermediate UsersRecap: Usernames & passwords Get trusted plugins & theme Use security plugins Monitor -- Google yourself Know and love the Codex Security on all levels -- computer, host, & WP Hide version and login page Lock down file permissions Monitor -- again
  51. 51. REBECCA BOLLWITT @Miss604 @sixty4mediaMiss604.com/contact sixty4media.com/contact

×