SlideShare a Scribd company logo
1 of 42
Download to read offline
Beginners Security
WordCamp North Canton
Michele Butcher

CantSpeakGeek.com WPSecurityLock.com

@michele_butcher
Michele Butcher
WordPress Specialist, Site
Cleaner, and Trainer for WP
Security Lock
WordPress Evangelist for
InMotion Hosting
Geek behind Can’t Speak
Geek
Beginners and Intermediate
WordPress Instructor
Why is security
important?
Many do not think security is
important until it is too late.
Every single day hackers find new ways to get your
information.
Todays features are tomorrow’s vulnerabilities.
Stop them before they stop you
Why do hackers hack?
Make bank
build a zombie army
Share their nasty code with the world
Get your information
They are bored
They want to see if they can do it
But…Why are they
hacking me?
There is rarely ever a targeted hacking attack.
Typically all sites are considered targets. The big
and the small.
And how do they get in?
They guess your login information
Denial of Service Attack (DDoS)
Through a file in a theme, plugin, or anything
on your server where they found an exploit
Through your FTP and/or cPanel
configuration
Here is the only
scary thing I will say
in this talk
You are NEVER
100% secure
A test site or a site that might get
5 visitors a day can be hacked.
It happened to me and it can happen to you.
Don’t Let
Security
Make you like
this guy!
There are some
simple steps to keep
the hackers out
WordPress Security
Basics 101
Never ever never use “admin” as
a username or “password” as
password. NEVER!!!!
Any questions?
Adm1n and Pa55w0rd do not count either!
Always use SFTP
“S” is for safe!!!
Only give users the
access they need
Just because they want to be an admin does not
mean they should.
Guest bloggers should rarely every be anything
more than a contributor.
If it is a temporary login, delete
the user when the job is done
If they do have posts, you can convert them to different
users or make them a subscriber with limited access.
Set up file detection
Many security plugins like iThemes Security and
WordFence will alert you when files have been changed
Only keep the theme you are
using and one backup theme on
your site.
The more themes that are on a site, the more open
chances you have to a vulnerability
Only keep the plugins you
have active on your site.
An uninstalled plugin is not a potential vulnerability.
Use the plugins repo favorites option to keep a list of
your favorite plugins
Security Plugins
iThemes Security (Free and Pro version
Securi Firewall
WordFence Security
Jetpack with Brute Protect and Vault Press
Always make backups!
Backup Buddy, UpDraftPlus, BackWPUp
Always save to someplace OTHER than your
server
Save them to Dropbox, AWS, email, or your
local machine
Have them scheduled to be made daily or at
least weekly
Malware Scanning? Do I
need it?
If you suspect an issue scan your site!
Google Webmaster Tools
VirusTotal
iThemes Security Pro
Sucuri Scanner
What else can I do to
protect my site?
Update!
Update!
Update!
Update core. Update themes update plugins!
The biggest reasons of updates is typically security or feature
related.
The biggest source of nearly all hacks is due to lack of updating.
If you use Envato products
(ThemeForest and CodeCanyon)
always check the box in the
downloads to be notified of updates.
That is the only way you will know if any of their products
need to be updated.
This is why the RevSlider infection was so widespread. Many
did not even know the plugin was built into their theme.
Don't ever let your
site get too lonely.
That is when the zombies come. 

Nobody wants the zombies to come
If the unthinkable happens and
you do get hacked, it is not the
end of the world.
It can and will be fixed.
Who can clean my
hacked website?
Well I can!
And so can Securi and HackRepair
Great! Are there any other
ways I can be secure?
Always use complex
passwords
Never email
passwords
Never use the same
password twice
Use a Password Keeper
Last Pass
One Password
KeePass
If a login has a Two-
Factor Authentication,
USE IT!
Anti-virus!
Use it on all the things.
Yes, even a Mac!
Be conscious when
using public WiFi
Use a VPN if you use
Public WiFi
Torguard
Site Social
Hide My Ass
Update!
Update!
Update!
No one wants to lose their information
stored on their computer.
Back everything up
and back it up often!
Bitcasa
Carobinte
External Harddrives
Questions?
Thank you!!!
Michele Butcher
CantSpeakGeek.com WPSecurityLock.com
@michele_butcher

More Related Content

What's hot

RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesRailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesIMMUNIO
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
WordPress Plugins for Beginner Bloggers
WordPress Plugins for Beginner BloggersWordPress Plugins for Beginner Bloggers
WordPress Plugins for Beginner BloggersEternal Spiral Books
 
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSHOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSElsner Technologies Pvt Ltd
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
 
Improve WordPress Security How To
Improve WordPress Security How ToImprove WordPress Security How To
Improve WordPress Security How ToVivekanand Arumanda
 
Security Isn't Scary and It's Not Rocket Science either.
Security Isn't Scary and It's Not Rocket Science either.Security Isn't Scary and It's Not Rocket Science either.
Security Isn't Scary and It's Not Rocket Science either.Michele Butcher-Jones
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressChelsea O'Brien
 
State of Web Security RailsConf 2016
State of Web Security RailsConf 2016State of Web Security RailsConf 2016
State of Web Security RailsConf 2016IMMUNIO
 
Joomladay Netherlands - Security
Joomladay Netherlands - SecurityJoomladay Netherlands - Security
Joomladay Netherlands - SecurityWilco Jansen
 
Bảo Mật Website WordPress
Bảo Mật Website WordPressBảo Mật Website WordPress
Bảo Mật Website WordPressLê Quốc Toàn
 
Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Sucuri
 
The Enemy On The Web
The Enemy On The WebThe Enemy On The Web
The Enemy On The WebBishan Singh
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri
 
Basics for Securing WordPress
Basics for Securing WordPressBasics for Securing WordPress
Basics for Securing WordPressmiss604
 
Ten Easy Steps to Hackproof Your WordPress Install (Blogging While Brown 2013)
Ten Easy Steps to Hackproof Your WordPress Install (Blogging While Brown 2013)Ten Easy Steps to Hackproof Your WordPress Install (Blogging While Brown 2013)
Ten Easy Steps to Hackproof Your WordPress Install (Blogging While Brown 2013)brandbuildsell
 

What's hot (20)

RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesRailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla Revealed
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla
 
WordPress Plugins for Beginner Bloggers
WordPress Plugins for Beginner BloggersWordPress Plugins for Beginner Bloggers
WordPress Plugins for Beginner Bloggers
 
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSHOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
 
Security 101
Security 101Security 101
Security 101
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
 
Improve WordPress Security How To
Improve WordPress Security How ToImprove WordPress Security How To
Improve WordPress Security How To
 
Security Isn't Scary and It's Not Rocket Science either.
Security Isn't Scary and It's Not Rocket Science either.Security Isn't Scary and It's Not Rocket Science either.
Security Isn't Scary and It's Not Rocket Science either.
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your Wordpress
 
State of Web Security RailsConf 2016
State of Web Security RailsConf 2016State of Web Security RailsConf 2016
State of Web Security RailsConf 2016
 
Joomladay Netherlands - Security
Joomladay Netherlands - SecurityJoomladay Netherlands - Security
Joomladay Netherlands - Security
 
Bảo Mật Website WordPress
Bảo Mật Website WordPressBảo Mật Website WordPress
Bảo Mật Website WordPress
 
Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?
 
The Enemy On The Web
The Enemy On The WebThe Enemy On The Web
The Enemy On The Web
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best Performance
 
Basics for Securing WordPress
Basics for Securing WordPressBasics for Securing WordPress
Basics for Securing WordPress
 
Ten Easy Steps to Hackproof Your WordPress Install (Blogging While Brown 2013)
Ten Easy Steps to Hackproof Your WordPress Install (Blogging While Brown 2013)Ten Easy Steps to Hackproof Your WordPress Install (Blogging While Brown 2013)
Ten Easy Steps to Hackproof Your WordPress Install (Blogging While Brown 2013)
 

Viewers also liked

Master of Business Economics_Certificate
Master of Business Economics_CertificateMaster of Business Economics_Certificate
Master of Business Economics_CertificateM. Aftab Akbar Dogar
 
Pressupost d'Afers Exteriors - GenCat 2015
Pressupost d'Afers Exteriors - GenCat 2015Pressupost d'Afers Exteriors - GenCat 2015
Pressupost d'Afers Exteriors - GenCat 2015Miqui Mel
 
Richard Beckman Une Vicepresidente De Medios De Comunicacion
Richard Beckman Une Vicepresidente De Medios De ComunicacionRichard Beckman Une Vicepresidente De Medios De Comunicacion
Richard Beckman Une Vicepresidente De Medios De Comunicacionvonda9fowler3
 
Instrumentos apoio combate_discriminaçao act
Instrumentos apoio combate_discriminaçao actInstrumentos apoio combate_discriminaçao act
Instrumentos apoio combate_discriminaçao actcelsosimoesmendes
 
Case studies in oa profit versus mission - simon inger - berlin may 2015 - ...
Case studies in oa   profit versus mission - simon inger - berlin may 2015 - ...Case studies in oa   profit versus mission - simon inger - berlin may 2015 - ...
Case studies in oa profit versus mission - simon inger - berlin may 2015 - ...Simon Inger
 
Standard IT practices and Adapting change in the Standard Practices
Standard IT practices and Adapting change in the Standard  PracticesStandard IT practices and Adapting change in the Standard  Practices
Standard IT practices and Adapting change in the Standard Practicesnirmal chhetri
 
Робототехника для прикладных программистов
Робототехника для прикладных программистовРобототехника для прикладных программистов
Робототехника для прикладных программистовDotNetConf
 

Viewers also liked (18)

Positive interventions
Positive interventionsPositive interventions
Positive interventions
 
Presentation1
Presentation1Presentation1
Presentation1
 
Aashna Patodia
Aashna PatodiaAashna Patodia
Aashna Patodia
 
Pass 4 Venice
Pass 4 VenicePass 4 Venice
Pass 4 Venice
 
Master of Business Economics_Certificate
Master of Business Economics_CertificateMaster of Business Economics_Certificate
Master of Business Economics_Certificate
 
Anoop Kumar M S_CV
Anoop Kumar M S_CVAnoop Kumar M S_CV
Anoop Kumar M S_CV
 
Pressupost d'Afers Exteriors - GenCat 2015
Pressupost d'Afers Exteriors - GenCat 2015Pressupost d'Afers Exteriors - GenCat 2015
Pressupost d'Afers Exteriors - GenCat 2015
 
powertools
powertoolspowertools
powertools
 
Chave
ChaveChave
Chave
 
Richard Beckman Une Vicepresidente De Medios De Comunicacion
Richard Beckman Une Vicepresidente De Medios De ComunicacionRichard Beckman Une Vicepresidente De Medios De Comunicacion
Richard Beckman Une Vicepresidente De Medios De Comunicacion
 
RESUME_Subhadeep
RESUME_SubhadeepRESUME_Subhadeep
RESUME_Subhadeep
 
Instrumentos apoio combate_discriminaçao act
Instrumentos apoio combate_discriminaçao actInstrumentos apoio combate_discriminaçao act
Instrumentos apoio combate_discriminaçao act
 
Faites connaissance avec
Faites connaissance avecFaites connaissance avec
Faites connaissance avec
 
Case studies in oa profit versus mission - simon inger - berlin may 2015 - ...
Case studies in oa   profit versus mission - simon inger - berlin may 2015 - ...Case studies in oa   profit versus mission - simon inger - berlin may 2015 - ...
Case studies in oa profit versus mission - simon inger - berlin may 2015 - ...
 
Standard IT practices and Adapting change in the Standard Practices
Standard IT practices and Adapting change in the Standard  PracticesStandard IT practices and Adapting change in the Standard  Practices
Standard IT practices and Adapting change in the Standard Practices
 
Integrated Township
Integrated TownshipIntegrated Township
Integrated Township
 
Робототехника для прикладных программистов
Робототехника для прикладных программистовРобототехника для прикладных программистов
Робототехника для прикладных программистов
 
Get well soon
Get well soonGet well soon
Get well soon
 

Similar to Beginning WordPress Security WordCamp North Canton 2015

WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDStuartJDavidson.com
 
Word press security 101
Word press security 101  Word press security 101
Word press security 101 Kojac801
 
A Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdfA Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdfHost It Smart
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITEAcodez IT Solutions
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!Marko Heijnen
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureWordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureMeagan Hanes
 
Internet security
Internet securityInternet security
Internet securityrfukunaga
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress SecurityDougal Campbell
 
Locking Down Your WordPress Site
Locking Down Your WordPress SiteLocking Down Your WordPress Site
Locking Down Your WordPress SiteFrank Corso
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
WordPress Security Essential Tips & Tricks
WordPress Security Essential Tips & TricksWordPress Security Essential Tips & Tricks
WordPress Security Essential Tips & TricksFaraz Ahmed
 
Understanding word press security wwc-4-7-17
Understanding word press security wwc-4-7-17Understanding word press security wwc-4-7-17
Understanding word press security wwc-4-7-17Nicholas Batik
 
Types of Security Threats WordPress Websites Face: Part-1
Types of Security Threats WordPress Websites Face: Part-1Types of Security Threats WordPress Websites Face: Part-1
Types of Security Threats WordPress Websites Face: Part-1WPWhiteBoard
 
Securing Your Joomla website
Securing Your Joomla websiteSecuring Your Joomla website
Securing Your Joomla websiteMike Carson
 
Intro to Security (Beginner's Edition) WordCamp St. Louis 2015
Intro to Security (Beginner's Edition) WordCamp St. Louis 2015Intro to Security (Beginner's Edition) WordCamp St. Louis 2015
Intro to Security (Beginner's Edition) WordCamp St. Louis 2015Michele Butcher-Jones
 

Similar to Beginning WordPress Security WordCamp North Canton 2015 (20)

I Have My WordPress Site Now What?
I Have My WordPress Site Now What?I Have My WordPress Site Now What?
I Have My WordPress Site Now What?
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
 
Word press security 101
Word press security 101  Word press security 101
Word press security 101
 
A Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdfA Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdf
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureWordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
 
WordPress security
WordPress securityWordPress security
WordPress security
 
Internet security
Internet securityInternet security
Internet security
 
So i have a website now what?
So i have a website now what?So i have a website now what?
So i have a website now what?
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress Security
 
Locking Down Your WordPress Site
Locking Down Your WordPress SiteLocking Down Your WordPress Site
Locking Down Your WordPress Site
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
WordPress Security Essential Tips & Tricks
WordPress Security Essential Tips & TricksWordPress Security Essential Tips & Tricks
WordPress Security Essential Tips & Tricks
 
Understanding word press security wwc-4-7-17
Understanding word press security wwc-4-7-17Understanding word press security wwc-4-7-17
Understanding word press security wwc-4-7-17
 
Types of Security Threats WordPress Websites Face: Part-1
Types of Security Threats WordPress Websites Face: Part-1Types of Security Threats WordPress Websites Face: Part-1
Types of Security Threats WordPress Websites Face: Part-1
 
Securing Your Joomla website
Securing Your Joomla websiteSecuring Your Joomla website
Securing Your Joomla website
 
Intro to Security (Beginner's Edition) WordCamp St. Louis 2015
Intro to Security (Beginner's Edition) WordCamp St. Louis 2015Intro to Security (Beginner's Edition) WordCamp St. Louis 2015
Intro to Security (Beginner's Edition) WordCamp St. Louis 2015
 
Website security
Website securityWebsite security
Website security
 

More from Michele Butcher-Jones

Onboarding Clients Does Not have to take a Miracle to get all the things! - W...
Onboarding Clients Does Not have to take a Miracle to get all the things! - W...Onboarding Clients Does Not have to take a Miracle to get all the things! - W...
Onboarding Clients Does Not have to take a Miracle to get all the things! - W...Michele Butcher-Jones
 
You Don't Have to be Crazy to Work Here! A Mental Health Check
You Don't Have to be Crazy to Work Here! A Mental Health CheckYou Don't Have to be Crazy to Work Here! A Mental Health Check
You Don't Have to be Crazy to Work Here! A Mental Health CheckMichele Butcher-Jones
 
WordPress London: Creating a 5 Star Customer Experience
WordPress London: Creating a 5 Star Customer ExperienceWordPress London: Creating a 5 Star Customer Experience
WordPress London: Creating a 5 Star Customer ExperienceMichele Butcher-Jones
 
Demons in the Closet - Handling your mental health while working remotely and...
Demons in the Closet - Handling your mental health while working remotely and...Demons in the Closet - Handling your mental health while working remotely and...
Demons in the Closet - Handling your mental health while working remotely and...Michele Butcher-Jones
 
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...Michele Butcher-Jones
 
What To Do Post-Launch: How To Care For Your Brand New WordPress Site
What To Do Post-Launch: How To Care For Your Brand New WordPress SiteWhat To Do Post-Launch: How To Care For Your Brand New WordPress Site
What To Do Post-Launch: How To Care For Your Brand New WordPress SiteMichele Butcher-Jones
 
WordCamp St Louis 2018 Contributing Without Coding
WordCamp St Louis 2018 Contributing Without CodingWordCamp St Louis 2018 Contributing Without Coding
WordCamp St Louis 2018 Contributing Without CodingMichele Butcher-Jones
 
Contributing to WordPress without Coding
Contributing to WordPress without CodingContributing to WordPress without Coding
Contributing to WordPress without CodingMichele Butcher-Jones
 
The Five Star Customer Service Experience
The Five Star Customer Service ExperienceThe Five Star Customer Service Experience
The Five Star Customer Service ExperienceMichele Butcher-Jones
 
Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...
Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...
Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...Michele Butcher-Jones
 
Demons in the Closet WordCamp Montreal 2016
Demons in the Closet WordCamp Montreal 2016Demons in the Closet WordCamp Montreal 2016
Demons in the Closet WordCamp Montreal 2016Michele Butcher-Jones
 
WordPress for beginners lesson 4 fall2015 JALC
WordPress for beginners lesson 4 fall2015 JALCWordPress for beginners lesson 4 fall2015 JALC
WordPress for beginners lesson 4 fall2015 JALCMichele Butcher-Jones
 
Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015Michele Butcher-Jones
 

More from Michele Butcher-Jones (20)

Onboarding Clients Does Not have to take a Miracle to get all the things! - W...
Onboarding Clients Does Not have to take a Miracle to get all the things! - W...Onboarding Clients Does Not have to take a Miracle to get all the things! - W...
Onboarding Clients Does Not have to take a Miracle to get all the things! - W...
 
The Importance of Maintenance
The Importance of MaintenanceThe Importance of Maintenance
The Importance of Maintenance
 
Elevating Customer Experiences
Elevating Customer ExperiencesElevating Customer Experiences
Elevating Customer Experiences
 
You Don't Have to be Crazy to Work Here! A Mental Health Check
You Don't Have to be Crazy to Work Here! A Mental Health CheckYou Don't Have to be Crazy to Work Here! A Mental Health Check
You Don't Have to be Crazy to Work Here! A Mental Health Check
 
WordPress London: Creating a 5 Star Customer Experience
WordPress London: Creating a 5 Star Customer ExperienceWordPress London: Creating a 5 Star Customer Experience
WordPress London: Creating a 5 Star Customer Experience
 
Demons in the Closet - Handling your mental health while working remotely and...
Demons in the Closet - Handling your mental health while working remotely and...Demons in the Closet - Handling your mental health while working remotely and...
Demons in the Closet - Handling your mental health while working remotely and...
 
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...
 
What To Do Post-Launch: How To Care For Your Brand New WordPress Site
What To Do Post-Launch: How To Care For Your Brand New WordPress SiteWhat To Do Post-Launch: How To Care For Your Brand New WordPress Site
What To Do Post-Launch: How To Care For Your Brand New WordPress Site
 
The Five Star Customer Experience
The Five Star Customer ExperienceThe Five Star Customer Experience
The Five Star Customer Experience
 
Taming the Demons in the Closet
Taming the Demons in the ClosetTaming the Demons in the Closet
Taming the Demons in the Closet
 
My website is live now what?
My website is live now what?My website is live now what?
My website is live now what?
 
WordCamp St Louis 2018 Contributing Without Coding
WordCamp St Louis 2018 Contributing Without CodingWordCamp St Louis 2018 Contributing Without Coding
WordCamp St Louis 2018 Contributing Without Coding
 
Contributing to WordPress without Coding
Contributing to WordPress without CodingContributing to WordPress without Coding
Contributing to WordPress without Coding
 
The Five Star Customer Service Experience
The Five Star Customer Service ExperienceThe Five Star Customer Service Experience
The Five Star Customer Service Experience
 
Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...
Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...
Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...
 
Demons in the Closet WordCamp Montreal 2016
Demons in the Closet WordCamp Montreal 2016Demons in the Closet WordCamp Montreal 2016
Demons in the Closet WordCamp Montreal 2016
 
Jetpack All The Things
Jetpack All The ThingsJetpack All The Things
Jetpack All The Things
 
WordPress for beginners lesson 4 fall2015 JALC
WordPress for beginners lesson 4 fall2015 JALCWordPress for beginners lesson 4 fall2015 JALC
WordPress for beginners lesson 4 fall2015 JALC
 
Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015
 
Beginners WordPress JALC Lesson 2
Beginners WordPress JALC Lesson 2Beginners WordPress JALC Lesson 2
Beginners WordPress JALC Lesson 2
 

Recently uploaded

Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfappinfoedgeca
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?Linksys Velop Login
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideVarun Mithran
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebJie Liau
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyDamar Juniarto
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsrahman018755
 
I’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 ShirtI’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 Shirtrahman018755
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresencePC Doctors NET
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsrahman018755
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxChloeMeadows1
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfOndejSur
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkklolsDocherty
 
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.Tortogel
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appscristianmanaila2
 

Recently uploaded (16)

Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdf
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's Guide
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
GOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdfGOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdf
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirts
 
I’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 ShirtI’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 Shirt
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirts
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdf
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
 
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of apps
 

Beginning WordPress Security WordCamp North Canton 2015

  • 1. Beginners Security WordCamp North Canton Michele Butcher
 CantSpeakGeek.com WPSecurityLock.com
 @michele_butcher
  • 2. Michele Butcher WordPress Specialist, Site Cleaner, and Trainer for WP Security Lock WordPress Evangelist for InMotion Hosting Geek behind Can’t Speak Geek Beginners and Intermediate WordPress Instructor
  • 4. Many do not think security is important until it is too late. Every single day hackers find new ways to get your information. Todays features are tomorrow’s vulnerabilities. Stop them before they stop you
  • 5. Why do hackers hack? Make bank build a zombie army Share their nasty code with the world Get your information They are bored They want to see if they can do it
  • 6. But…Why are they hacking me? There is rarely ever a targeted hacking attack. Typically all sites are considered targets. The big and the small.
  • 7. And how do they get in? They guess your login information Denial of Service Attack (DDoS) Through a file in a theme, plugin, or anything on your server where they found an exploit Through your FTP and/or cPanel configuration
  • 8. Here is the only scary thing I will say in this talk
  • 10. A test site or a site that might get 5 visitors a day can be hacked. It happened to me and it can happen to you.
  • 12. There are some simple steps to keep the hackers out
  • 14. Never ever never use “admin” as a username or “password” as password. NEVER!!!! Any questions? Adm1n and Pa55w0rd do not count either!
  • 15. Always use SFTP “S” is for safe!!!
  • 16. Only give users the access they need Just because they want to be an admin does not mean they should. Guest bloggers should rarely every be anything more than a contributor.
  • 17. If it is a temporary login, delete the user when the job is done If they do have posts, you can convert them to different users or make them a subscriber with limited access.
  • 18. Set up file detection Many security plugins like iThemes Security and WordFence will alert you when files have been changed
  • 19. Only keep the theme you are using and one backup theme on your site. The more themes that are on a site, the more open chances you have to a vulnerability
  • 20. Only keep the plugins you have active on your site. An uninstalled plugin is not a potential vulnerability. Use the plugins repo favorites option to keep a list of your favorite plugins
  • 21. Security Plugins iThemes Security (Free and Pro version Securi Firewall WordFence Security Jetpack with Brute Protect and Vault Press
  • 22. Always make backups! Backup Buddy, UpDraftPlus, BackWPUp Always save to someplace OTHER than your server Save them to Dropbox, AWS, email, or your local machine Have them scheduled to be made daily or at least weekly
  • 23. Malware Scanning? Do I need it? If you suspect an issue scan your site! Google Webmaster Tools VirusTotal iThemes Security Pro Sucuri Scanner
  • 24. What else can I do to protect my site?
  • 25. Update! Update! Update! Update core. Update themes update plugins! The biggest reasons of updates is typically security or feature related. The biggest source of nearly all hacks is due to lack of updating.
  • 26. If you use Envato products (ThemeForest and CodeCanyon) always check the box in the downloads to be notified of updates. That is the only way you will know if any of their products need to be updated. This is why the RevSlider infection was so widespread. Many did not even know the plugin was built into their theme.
  • 27. Don't ever let your site get too lonely. That is when the zombies come. 
 Nobody wants the zombies to come
  • 28. If the unthinkable happens and you do get hacked, it is not the end of the world. It can and will be fixed.
  • 29. Who can clean my hacked website? Well I can! And so can Securi and HackRepair
  • 30. Great! Are there any other ways I can be secure?
  • 33. Never use the same password twice
  • 34. Use a Password Keeper Last Pass One Password KeePass
  • 35. If a login has a Two- Factor Authentication, USE IT!
  • 36. Anti-virus! Use it on all the things. Yes, even a Mac!
  • 37. Be conscious when using public WiFi
  • 38. Use a VPN if you use Public WiFi Torguard Site Social Hide My Ass
  • 40. No one wants to lose their information stored on their computer. Back everything up and back it up often! Bitcasa Carobinte External Harddrives
  • 42. Thank you!!! Michele Butcher CantSpeakGeek.com WPSecurityLock.com @michele_butcher