Raymund Mitchell, profile picture
Uploaded byRaymund Mitchell
PDF, PPTX1,866 views

Staying Connected: Securing Your WordPress Website

The document provides guidance on how to secure a WordPress website, emphasizing the importance of managing site owner and user behaviors to prevent hacking. It highlights the necessity of using strong passwords, keeping WordPress updated, and implementing security measures like two-factor authentication. Additionally, it offers resources for hardening WordPress and managing user roles effectively.

Embed presentation

Download as PDF, PPTX
STAYING CONNECTED: SecuringYour WordPress Website
About Me ● Designer / Developer /Consultant at SixFour Web Design ● SixFour Web Design specializes in helping Small Businesses and Non-Profits maximize their Web Presence ● We Believe “Even Small Businesses Deserve a Nice Website”
Some WordPress Background and what it means for Security ● Increasingly,WordPress powers the internet ● Over 20% of all websites are WordPress based and over 60% of websites that use a CMS use WordPress
Some WordPress Background and what it means for Security ● Increasingly,WordPress powers the internet ● Over 20% of all websites are WordPress based and over 60% of websites that use a CMS use WordPress* ● “There are no viruses for Mac's” ● That's because only pretentious, hipster designers use them (just kidding (not really)) ● It's ALMOST too easy to use ● One-Click-Installs, themes and plugins have democratized the internet. Ease of Use ≠ Set and Forget *W3techs monthly technology survey – http://w3techs.com/technologies/overview/content_management/all/
Why Do They Want To Hack My Little Site? ● Most times, it's not for the content or data on your site, but what your site can do – Drive by Downloads/Malicious Downloads – Email Spam – SEO Spam – Access your server for malicious tasks (botnets) – Hactivism - your politics are not mine
So,How Can I Protect My Site ● Practice good hygiene ● Take advantage of tools and best practices ● Don't put your head in the sand.Take Action! Do Something!
The Three Steps To Securing A WordPress Site ● Manage Site Owner Behaviors ● Don't be your worst enemy. Do things that make your site more secure ● Control User Behaviors ● Don't let others intentionally or unintentionally compromise your site ● Frustrate The Bad Guys ● Frustrate, because as long as you're connected to the internet, you can't guarantee you wont get hacked.
Managing Site Owner Behavior ● Skip the One-Click-Install ● It's not hard to do it from scratch - https://codex.wordpress.org/Installing_WordPress ● Keep WordPress Core and Plugins Updated ● Use a “Safe”Theme and Plugins, from the WordPress repository or from known vendors
Managing Site Owner Behavior ● Don't use admin or other easily guessed user names ● Make sure your own password is strong
Archer – Mole Hunt https://youtu.be/UduILWi2p6s
Managing Site Owner Behavior ● Don't use admin or other easily guessed user names ● Make sure your own password is strong ● Don't underpay for hosting ● Backup your website regularly- database and content and keep copies off-site ● Keep your computer's antivirus up to date
Controlling User Behavior ● Require the use of strong passwords ● Require complex passwords, especially if you allow people to sign up as subscribers, contributors, or members ● Given the chance, people would use "1" as their password ● Remove unnecessary users ● Do they still work here? ● Manage user roles appropriately ● Do they really need Admin access?
Frustrate The Bad Guys ● Limit brute force attacks ● Use two factor authentication ● Scan your site regularly for Malware ● Use the salts ● Use .htaccess to protect your site ● or, Use a security plugin
Security Plugins
Additional Resources ● Hardening WordPress ● http://codex.wordpress.org/Hardening_WordPress ● Reducing Comment Spam ● https://github.com/splorp/wordpress-comment- blacklist
Questions & Contact Info @sixfourweb on Twitter Connect with me on LinkedIn (bit.ly/raymitchell) – Let me know we met at #WCAVL Visit sixfourweb.com and unsuckywebsite.com

More Related Content

PPTX
Resources and lessons for using WordPress in your business
bySteven Slack
 
PDF
Empathetc Development
byKyle Evans
 
PDF
WordCamp Mumbai 2017: How to get more involved with WordPress
byRocío Valdivia
 
PDF
10 things Not To Do With WordPress
byRicky Blacker
 
PPTX
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
byMeagan Hanes
 
PDF
10 Things Not To Do With WordPress
byWordPress Sydney
 
PDF
Introduction to WordPress Security
byNile Flores
 
PPTX
Pitch Perfect: Agency Secrets to Winning More Business
byWP Engine
 
Resources and lessons for using WordPress in your business
bySteven Slack
 
Empathetc Development
byKyle Evans
 
WordCamp Mumbai 2017: How to get more involved with WordPress
byRocío Valdivia
 
10 things Not To Do With WordPress
byRicky Blacker
 
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
byMeagan Hanes
 
10 Things Not To Do With WordPress
byWordPress Sydney
 
Introduction to WordPress Security
byNile Flores
 
Pitch Perfect: Agency Secrets to Winning More Business
byWP Engine
 

What's hot

KEY
WordPress Melbourne June Meetup
byAaron Rutley
 
PDF
Client-friendly WordPress Websites
byAaron Rutley
 
PDF
Don't lose revenue. Go viral with no downtime.
byWP Engine
 
PDF
Building and future-proofing your WordPress sites with the Genesis Framework
byWP Engine
 
PPTX
Top 10 WordPress Plugins
byManny Sarmiento
 
PDF
Webinar - Accessibility: The journey.
byWP Engine
 
PPTX
Smart Development-Happy Clients
byAbhishek Rijal
 
PPTX
How to set up a website
byjosephlyman15
 
PPTX
WordPress Management & Marketing Tools
byWP Engine
 
PPTX
Top 8 Tools To Optimize Your Work Day!
byManny Sarmiento
 
PPTX
Webinar: On-Page SEO Tips and Tricks
byWP Engine
 
PDF
Introduction to Optimizing WordPress for Website Speed
byNile Flores
 
PDF
WordPress security & sanitation for beginners
byD'nelle Dowis
 
PDF
WordPress Best Practices / Sh*t You Shouldn't Do
byKai Armstrong
 
PDF
Teaching Your Clients How to Use WordPress
byNile Flores
 
PDF
Security Webinar: Harden the Heart of Your WordPress SiteSe
byWP Engine
 
PPTX
Webinar: You Are Too Cheap!
byWP Engine
 
PDF
WordPress Security : What We Learnt When We Were Hacked : WordCamp Mumbai 2017
byBhushan Jawle
 
PDF
wp cli- don’t fear the command line
byDwayne McDaniel
 
PDF
WordPress Developer tools
bySudar Muthu
 
WordPress Melbourne June Meetup
byAaron Rutley
 
Client-friendly WordPress Websites
byAaron Rutley
 
Don't lose revenue. Go viral with no downtime.
byWP Engine
 
Building and future-proofing your WordPress sites with the Genesis Framework
byWP Engine
 
Top 10 WordPress Plugins
byManny Sarmiento
 
Webinar - Accessibility: The journey.
byWP Engine
 
Smart Development-Happy Clients
byAbhishek Rijal
 
How to set up a website
byjosephlyman15
 
WordPress Management & Marketing Tools
byWP Engine
 
Top 8 Tools To Optimize Your Work Day!
byManny Sarmiento
 
Webinar: On-Page SEO Tips and Tricks
byWP Engine
 
Introduction to Optimizing WordPress for Website Speed
byNile Flores
 
WordPress security & sanitation for beginners
byD'nelle Dowis
 
WordPress Best Practices / Sh*t You Shouldn't Do
byKai Armstrong
 
Teaching Your Clients How to Use WordPress
byNile Flores
 
Security Webinar: Harden the Heart of Your WordPress SiteSe
byWP Engine
 
Webinar: You Are Too Cheap!
byWP Engine
 
WordPress Security : What We Learnt When We Were Hacked : WordCamp Mumbai 2017
byBhushan Jawle
 
wp cli- don’t fear the command line
byDwayne McDaniel
 
WordPress Developer tools
bySudar Muthu
 

Viewers also liked

PDF
SEO goes Local
byRich Owings
 
PDF
The Goldilocks Zone: Finding the Perfect Length for Blog Posts
bySarah Giavedoni
 
PPTX
Creating a Promo Video using Your iPad and Editing with iMovie for iPad
byNew Tricks
 
PDF
WordCamp Asheville 2015 - Connections
byCarrie Dils
 
PPTX
WordCamp Birmingham 2014: SEO Workshop: Best Practices for Better Website Tra...
byMickey Mellen
 
PPTX
Building Accessible Websites in WordPress - Birmingham WordCamp 2014
byNancy Thanki
 
PDF
Sanitizing, Validating and Escaping in WordPress Themes and Plugins
byMicah Wood
 
PDF
Typography and User Experience in Web Design
bySara Cannon
 
PDF
Why we publish -- WordCamp Birmingham 2014
byBrian Krogsgard
 
PDF
Accessible Websites: What are they and why should I care?
byNancy Thanki
 
PDF
Demystifying Accessible Websites - WCUS 2015
byNancy Thanki
 
PDF
Let's Encrypt! Wait. Why? How? - WC Pune
byNancy Thanki
 
PDF
The GPL: What It Means (And What It Doesn't) - WC Udaipur
byNancy Thanki
 
PDF
Website Design with UX in Mind
byMelissa Eggleston
 
PDF
WordCamp Seattle 2011 Presentation
byBobWP.com
 
PDF
Design and Development Techniques for Accessibility: WordCamp Tampa 2015
byRobert Jolly
 
PPTX
Debugging common errors in WordPress by Steve Mortiboy
bySteve Mortiboy
 
PDF
A Plugin For That presentation
bymarnafriedman
 
PPTX
Caching 101 - WordCamp OC
byEugene Kovshilovsky
 
PPTX
Building Your First Widget
byChris Wilcoxson
 
SEO goes Local
byRich Owings
 
The Goldilocks Zone: Finding the Perfect Length for Blog Posts
bySarah Giavedoni
 
Creating a Promo Video using Your iPad and Editing with iMovie for iPad
byNew Tricks
 
WordCamp Asheville 2015 - Connections
byCarrie Dils
 
WordCamp Birmingham 2014: SEO Workshop: Best Practices for Better Website Tra...
byMickey Mellen
 
Building Accessible Websites in WordPress - Birmingham WordCamp 2014
byNancy Thanki
 
Sanitizing, Validating and Escaping in WordPress Themes and Plugins
byMicah Wood
 
Typography and User Experience in Web Design
bySara Cannon
 
Why we publish -- WordCamp Birmingham 2014
byBrian Krogsgard
 
Accessible Websites: What are they and why should I care?
byNancy Thanki
 
Demystifying Accessible Websites - WCUS 2015
byNancy Thanki
 
Let's Encrypt! Wait. Why? How? - WC Pune
byNancy Thanki
 
The GPL: What It Means (And What It Doesn't) - WC Udaipur
byNancy Thanki
 
Website Design with UX in Mind
byMelissa Eggleston
 
WordCamp Seattle 2011 Presentation
byBobWP.com
 
Design and Development Techniques for Accessibility: WordCamp Tampa 2015
byRobert Jolly
 
Debugging common errors in WordPress by Steve Mortiboy
bySteve Mortiboy
 
A Plugin For That presentation
bymarnafriedman
 
Caching 101 - WordCamp OC
byEugene Kovshilovsky
 
Building Your First Widget
byChris Wilcoxson
 

Similar to Staying Connected: Securing Your WordPress Website

PPTX
WordPress Security - WordPress Meetup Copenhagen 2013
byThor Kristiansen
 
PPTX
Understanding word press security wwc-4-7-17
byNicholas Batik
 
PPTX
WordPress Security and Best Practices
byRobert Vidal
 
PDF
Security Presentation for Boulder WordPress Meetup
byAngela Bowman
 
PDF
Securing your WordPress powered Website
byPratik Jagdishwala
 
PDF
WordCamp Finland 2015 - WordPress Security
byTiia Rantanen
 
PDF
Word camp2011 introwordpresssecurity
byDavid Wilemski
 
PDF
I Have My WordPress Site Now What?
byMichele Butcher-Jones
 
PDF
Word press security checklist
bySanjay Dabhoya
 
PDF
Staying Online: Keeping Your Website Safe and Secure
byLiam Dempsey
 
PDF
Top Ten WordPress Security Tips for 2012
byBrad Williams
 
PDF
WordPress Security Essentials
byAngela Bowman
 
PDF
Head Slapping WordPress Security
byChris Burgess
 
PDF
WordPress Security 101
byManifest Creative
 
PPT
Secure All The Things!
byDougal Campbell
 
PPTX
WordPress Security - What to do, What NOT to do
byWordPress Trivandrum
 
PPT
Blog World 2010 - How to Keep Your Blog from Being Hacked
byBrian Layman
 
PDF
Are You Safe From Hackers
byMichele Butcher-Jones
 
PDF
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
byStuartJDavidson.com
 
PDF
Keep Your SIte Secure
byMichele Butcher-Jones
 
WordPress Security - WordPress Meetup Copenhagen 2013
byThor Kristiansen
 
Understanding word press security wwc-4-7-17
byNicholas Batik
 
WordPress Security and Best Practices
byRobert Vidal
 
Security Presentation for Boulder WordPress Meetup
byAngela Bowman
 
Securing your WordPress powered Website
byPratik Jagdishwala
 
WordCamp Finland 2015 - WordPress Security
byTiia Rantanen
 
Word camp2011 introwordpresssecurity
byDavid Wilemski
 
I Have My WordPress Site Now What?
byMichele Butcher-Jones
 
Word press security checklist
bySanjay Dabhoya
 
Staying Online: Keeping Your Website Safe and Secure
byLiam Dempsey
 
Top Ten WordPress Security Tips for 2012
byBrad Williams
 
WordPress Security Essentials
byAngela Bowman
 
Head Slapping WordPress Security
byChris Burgess
 
WordPress Security 101
byManifest Creative
 
Secure All The Things!
byDougal Campbell
 
WordPress Security - What to do, What NOT to do
byWordPress Trivandrum
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
byBrian Layman
 
Are You Safe From Hackers
byMichele Butcher-Jones
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
byStuartJDavidson.com
 
Keep Your SIte Secure
byMichele Butcher-Jones
 

Recently uploaded

PPTX
AWS Architecture Design Icons Template.pptx
bybiqtor1
 
PPTX
Living in IT Era Module 5 - (DIGITAL TECHNOLOGY AND SOCIAL CHANGES).pptx
bycjregua03
 
PPTX
Your Complete Brand Protection Guide with Fieldwatch.ai!
byFieldwatch ai
 
PDF
The Girl Who Left a Mark - Deep Impact of Kindness to a person
byAnoop Singh Nagi
 
PDF
Weaponizing the Neutral Web: Analyzing Adversary Botnets for Offensive Cyber ...
byJoe Slowik
 
PDF
Top 3 Snapchat Monitoring Apps of 2026 for Activity Tracking
byMichael Carter
 
AWS Architecture Design Icons Template.pptx
bybiqtor1
 
Living in IT Era Module 5 - (DIGITAL TECHNOLOGY AND SOCIAL CHANGES).pptx
bycjregua03
 
Your Complete Brand Protection Guide with Fieldwatch.ai!
byFieldwatch ai
 
The Girl Who Left a Mark - Deep Impact of Kindness to a person
byAnoop Singh Nagi
 
Weaponizing the Neutral Web: Analyzing Adversary Botnets for Offensive Cyber ...
byJoe Slowik
 
Top 3 Snapchat Monitoring Apps of 2026 for Activity Tracking
byMichael Carter
 

Staying Connected: Securing Your WordPress Website

  • 1.
  • 2.
    About Me ● Designer/ Developer /Consultant at SixFour Web Design ● SixFour Web Design specializes in helping Small Businesses and Non-Profits maximize their Web Presence ● We Believe “Even Small Businesses Deserve a Nice Website”
  • 3.
    Some WordPress Background andwhat it means for Security ● Increasingly,WordPress powers the internet ● Over 20% of all websites are WordPress based and over 60% of websites that use a CMS use WordPress
  • 11.
    Some WordPress Background andwhat it means for Security ● Increasingly,WordPress powers the internet ● Over 20% of all websites are WordPress based and over 60% of websites that use a CMS use WordPress* ● “There are no viruses for Mac's” ● That's because only pretentious, hipster designers use them (just kidding (not really)) ● It's ALMOST too easy to use ● One-Click-Installs, themes and plugins have democratized the internet. Ease of Use ≠ Set and Forget *W3techs monthly technology survey – http://w3techs.com/technologies/overview/content_management/all/
  • 12.
    Why Do TheyWant To Hack My Little Site? ● Most times, it's not for the content or data on your site, but what your site can do – Drive by Downloads/Malicious Downloads – Email Spam – SEO Spam – Access your server for malicious tasks (botnets) – Hactivism - your politics are not mine
  • 14.
    So,How Can IProtect My Site ● Practice good hygiene ● Take advantage of tools and best practices ● Don't put your head in the sand.Take Action! Do Something!
  • 15.
    The Three StepsTo Securing A WordPress Site ● Manage Site Owner Behaviors ● Don't be your worst enemy. Do things that make your site more secure ● Control User Behaviors ● Don't let others intentionally or unintentionally compromise your site ● Frustrate The Bad Guys ● Frustrate, because as long as you're connected to the internet, you can't guarantee you wont get hacked.
  • 16.
    Managing Site Owner Behavior ● Skipthe One-Click-Install ● It's not hard to do it from scratch - https://codex.wordpress.org/Installing_WordPress ● Keep WordPress Core and Plugins Updated ● Use a “Safe”Theme and Plugins, from the WordPress repository or from known vendors
  • 17.
    Managing Site Owner Behavior ● Don'tuse admin or other easily guessed user names ● Make sure your own password is strong
  • 18.
    Archer – MoleHunt https://youtu.be/UduILWi2p6s
  • 19.
    Managing Site Owner Behavior ● Don'tuse admin or other easily guessed user names ● Make sure your own password is strong ● Don't underpay for hosting ● Backup your website regularly- database and content and keep copies off-site ● Keep your computer's antivirus up to date
  • 20.
    Controlling User Behavior ●Require the use of strong passwords ● Require complex passwords, especially if you allow people to sign up as subscribers, contributors, or members ● Given the chance, people would use "1" as their password ● Remove unnecessary users ● Do they still work here? ● Manage user roles appropriately ● Do they really need Admin access?
  • 21.
    Frustrate The BadGuys ● Limit brute force attacks ● Use two factor authentication ● Scan your site regularly for Malware ● Use the salts ● Use .htaccess to protect your site ● or, Use a security plugin
  • 22.
  • 23.
    Additional Resources ● Hardening WordPress ●http://codex.wordpress.org/Hardening_WordPress ● Reducing Comment Spam ● https://github.com/splorp/wordpress-comment- blacklist
  • 24.
    Questions & ContactInfo @sixfourweb on Twitter Connect with me on LinkedIn (bit.ly/raymitchell) – Let me know we met at #WCAVL Visit sixfourweb.com and unsuckywebsite.com