WordPress Security

495 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
495
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • VPS – more secure than shared hosting, independent file systems, administrators empowered to implement secure configurations.FTP – prevents cross-site contamination if one site on a shared hosting account is hackedOne-Click Installs – fantversion.php is installed by fantastico during install; this gives hackers the ability to search for sites installed by fantastico and exploit known security vulnerabilities. Other one-click install have their own php install file and have the same vulnerability.Databas name – I believe it was Shakespeare who said “rose by any other name…. Something, something, something – I don’t remember the rest of the quote but basically he was saying that no matter what you call a rose it’s always going to be a rose… okay, okay enough with the roses! The point I’m trying to make here is about database names – no matter what you name your database it’s still going to be a wordpress database, heck you can even call it a rose…but it’s still a wordpress database. Hackers are familiar with the defaul wordpress database name and that’s something they look for when trying to find loopholes in you site – so get creative and call it something different to make it difficult for them to find… how hard is that?
  • VPS – more secure than shared hosting, independent file systems, administrators empowered to implement secure configurations.FTP – prevents cross-site contamination if one site on a shared hosting account is hackedOne-Click Installs – fantversion.php is installed by fantastico during install; this gives hackers the ability to search for sites installed by fantastico and exploit known security vulnerabilities. Other one-click install have their own php install file and have the same vulnerability.Databas name – I believe it was Shakespeare who said “rose by any other name…. Something, something, something – I don’t remember the rest of the quote but basically he was saying that no matter what you call a rose it’s always going to be a rose… okay, okay enough with the roses! The point I’m trying to make here is about database names – no matter what you name your database it’s still going to be a wordpress database, heck you can even call it a rose…but it’s still a wordpress database. Hackers are familiar with the defaul wordpress database name and that’s something they look for when trying to find loopholes in you site – so get creative and call it something different to make it difficult for them to find… how hard is that?
  • VPS – more secure than shared hosting, independent file systems, administrators empowered to implement secure configurations.FTP – prevents cross-site contamination if one site on a shared hosting account is hackedOne-Click Installs – fantversion.php is installed by fantastico during install; this gives hackers the ability to search for sites installed by fantastico and exploit known security vulnerabilities. Other one-click install have their own php install file and have the same vulnerability.Databas name – I believe it was Shakespeare who said “rose by any other name…. Something, something, something – I don’t remember the rest of the quote but basically he was saying that no matter what you call a rose it’s always going to be a rose… okay, okay enough with the roses! The point I’m trying to make here is about database names – no matter what you name your database it’s still going to be a wordpress database, heck you can even call it a rose…but it’s still a wordpress database. Hackers are familiar with the defaul wordpress database name and that’s something they look for when trying to find loopholes in you site – so get creative and call it something different to make it difficult for them to find… how hard is that?
  • VPS – more secure than shared hosting, independent file systems, administrators empowered to implement secure configurations.FTP – prevents cross-site contamination if one site on a shared hosting account is hackedOne-Click Installs – fantversion.php is installed by fantastico during install; this gives hackers the ability to search for sites installed by fantastico and exploit known security vulnerabilities. Other one-click install have their own php install file and have the same vulnerability.Databas name – I believe it was Shakespeare who said “rose by any other name…. Something, something, something – I don’t remember the rest of the quote but basically he was saying that no matter what you call a rose it’s always going to be a rose… okay, okay enough with the roses! The point I’m trying to make here is about database names – no matter what you name your database it’s still going to be a wordpress database, heck you can even call it a rose…but it’s still a wordpress database. Hackers are familiar with the defaul wordpress database name and that’s something they look for when trying to find loopholes in you site – so get creative and call it something different to make it difficult for them to find… how hard is that?
  • Username – worse one is admin, hackers look for thisDisplay name – don’t make your username your display namePermissions – folders should be 644/files should be 755; increase privileges as needed to 775 and rarely to 777WP-Config move it to the directory above your wordpress install – this makes it nearly impossible for hackers to access it be sure to use a unique salt key - http://api.wordpress.org change your database prefix to something other than wp_WP-Content directory – makes it difficult for hackers to find itFunctions.php – remove wordpress version from header; hackers look for this info to exploit known vulnerabilities of various wordpress version remove login errors so it doesn’t display what error was encountered (i.e. wrong username/password)
  • WordPress Security

    1. 1. Save Your Site! Basic Security Practices By Rose Fields
    2. 2. 5 Security Vulnerabilities1. Hosting2. Set Up3. Personal Security4. Plugins5. Maintenance
    3. 3. Hosting• VPS vs. Shared Server
    4. 4. Hosting•Multiple FTP Accounts
    5. 5. Hosting•Fantistico & Other One-Click Installs • not always most recent version • default settings • extra files
    6. 6. Hosting•Database Name
    7. 7. Set Up• Username• Display Name• Permissions• WP-config• WP-content directory• Functions.php
    8. 8. Personal Security• Use Anti-Virus Protection• Other Users Computers
    9. 9. Plugins• Better wp-security • Change database prefix
    10. 10. Plugins• Better wp-security • Limit login attempts
    11. 11. Plugins• Better wp-security •Hide the backend
    12. 12. Plugins• Better wp-security •Remove #1 admin • Disable directory browsing • Turn off file editor
    13. 13. Plugins• Better wp-security •Remove login error file
    14. 14. Plugins• Backup Buddy • Malware Scanner • Server Info
    15. 15. Maintenance• Update plugins, themes, core•Require regular password changes• Change SALT Key regularly• Delete/deactivate unusedthemes/plugins

    ×