Sucuri , profile picture
Uploaded bySucuri
PPTX, PDF553 views

Steps to Keep Your Site Clean

The webinar by Jen Fisher emphasizes the importance of website security and outlines various approaches to secure sites, including updates and access management. Key points include the need for regular updates to content management systems and plugins, and the dangers of outdated software being a major vulnerability. Additionally, it suggests having a proactive security plan and utilizing tools like two-factor authentication and password managers for better protection.

Embed presentation

Download to read offline
Steps to a Clean Safe Site Jen Fisher, Product Support Analyst S U C U R I W E B I N A R
Jen Fisher Product Support Analyst Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R
Tweet #AskSucuri to @SucuriSecurity In this webinar you will learn: • What website security is and how to approach the subject when making your own plan • The various access points that most websites have • Simple ways to approach website security security • Intermediate ways to approach security • A few ways to increase your general security online
Why is website security important? Accounted for 90% of all websites cleaned by Sucuri in 2018. Authorities detected only 11% of infected sites in 2018, a 6% drop from 2017. Increased by 14% to 51.3%, from 37% in Q3 2016. Increased to 56.4%, from 47% in 2017. WordPress Blacklist SEO Spam General Malware Ecommerce Outdated software continues to be the greatest vulnerability to these targets.
What is website security? • Applied: to content via restrictions • Environmental: linked to security of hardware and work environments • Tangential: related to all accounts and individuals who may interact with content • Flexible: a compromise between existing risks and the level of time and interaction that you want to have • Active: Security is also a practice!
Tweet #AskSucuri to @SucuriSecurity Can’t I just buy a service? Tweet #AskSucuri to @SucuriSecurity
Tweet #AskSucuri to @SucuriSecurity Direct Points of Access What do we need to secure? Clients with hacked sites frequently ask "how did the intruder get in?“ Most sites can be accessed: • Via the hosting account • Via the control panel • Via an FTP, SFTP, or SSH connection • Via your CMS management panel, such as WP Admin • Via the database • Via the internet, publicly
Tweet #AskSucuri to @SucuriSecurity Direct Points of Access How they do they get in? Tangentially, we also need to consider the ways that these elements can be accessed: • Email, for password recovery purposes • Your computer or device and the security there • The browser used on your computer or device • The way your data is being sent (HTTPS) • The security of the server on which your content is stored
Tweet #AskSucuri to @SucuriSecurity Update, Update, Update Preventing the #1 cause of hacks As we mentioned earlier, outdated site elements are the number one cause of website infections. Updating your CMS isn’t the only thing you can do to avoid risks, however! Updates can be applied to: • Content Management Systems • Plugins • Themes • Extensions • Server-side platforms and security
Tweet #AskSucuri to @SucuriSecurity Protecting Your Website Applying updates is helpful, but a fully updated site may still be at risk. Consider: • Avoiding pirated plugins & themes • Removing content that isn't in use • Limiting, monitoring, and auditing access regularly • Using 2FA wherever possible • Using strong random passwords (password managers) • Using only one security plugin • Using non-standard usernames • Applying an SSL
Tweet #AskSucuri to @SucuriSecurity Have a “Plan B” Website security plan If your site is compromised, how can you most effectively react to mitigate the issue? Consider in advance of a compromise: • Points of access • Individuals with access • How you will update all passwords • How updated access can be sent securely • Will a backup save the day? • Assistance resources available to you
Tweet #AskSucuri to @SucuriSecurity Intermediate options • Disallow PHP execution via .htaccess • Disallow file editing in wp-config.php via .htaccess (Sucuri plugin is a good free option) • IP-based limitations to WP-Admin pages • Limited access to wp_includes, images, and uploads folders • Restrict upload capabilities • Avoid renaming file extensions (ie: wp_config.php.bak), voiding restrictions
Tweet #AskSucuri to @SucuriSecurity Fun security for fun internet users! • Use a script blocker • Antivirus programs with active protection • 2-factor authentication • Password managers • Be aware of social engineering & phishing risks • Discuss security requirements • Send sensitive info securely If you’re ever unsure, ask! Most online service providers will have documentation related to security, and the best of those will help formulate a security plan.
Submit your questions to us at any time by tweeting us @SucuriSecurity using the hashtag #AskSucuri

More Related Content

PPTX
Sucuri Webinar: What is SEO Spam and How to Fight It
bySucuri
 
PPTX
Sucuri Webinar: Website Security Primer for Digital Marketers
bySucuri
 
PPTX
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
bySucuri
 
PPTX
Sucuri Webinar: How Websites Get Hacked
bySucuri
 
PPTX
What Are the Most Common Types of Hacks?
bySucuri
 
PPTX
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
bySucuri
 
PPTX
Webinar: Personal Online Privacy - Sucuri Security
bySucuri
 
PPTX
Why Do Hackers Hack?
bySucuri
 
Sucuri Webinar: What is SEO Spam and How to Fight It
bySucuri
 
Sucuri Webinar: Website Security Primer for Digital Marketers
bySucuri
 
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
bySucuri
 
Sucuri Webinar: How Websites Get Hacked
bySucuri
 
What Are the Most Common Types of Hacks?
bySucuri
 
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
bySucuri
 
Webinar: Personal Online Privacy - Sucuri Security
bySucuri
 
Why Do Hackers Hack?
bySucuri
 

What's hot

PDF
Sucuri Webinar: How to clean hacked WordPress sites
bySucuri
 
PPTX
Sucuri Webinar: Preventing Cross-Site Contamination for Beginners
bySucuri
 
PPTX
Sucuri Webinar: Is SSL enough to secure your website?
bySucuri
 
PDF
Sucuri Webinar: How to Clean a Hacked Magento Website
bySucuri
 
PPTX
Sucuri Webinar: How To Know For Sure You Can Trust A Plugin
bySucuri
 
PPTX
Sucuri Webinar: Simple Steps To Secure Your Online Store
bySucuri
 
PDF
Sucuri Webinar: Hacked Website Trend Report Q1/2016
bySucuri
 
PPTX
Logs: Understanding Them to Better Manage Your WordPress Site
bySucuri
 
PPTX
Sucuri Webinar: Website Security for Web Agencies
bySucuri
 
PDF
Sucuri Webinar: Defending Your Google Brand Reputation and Analytics Reports
bySucuri
 
PPTX
Kludges and PHP. Why Should You Use a WAF?
bySucuri
 
PDF
Sucuri Webinar: Impacts of a website compromise
bySucuri
 
PPTX
Sucuri Webinar: Tis the Season for Credit Card Scraping and Malware Trends
bySucuri
 
PPTX
2018 Hacked Website Trends
bySucuri
 
PPTX
Sucuri Webinar: How to Optimize Your Website for Best Performance
bySucuri
 
PPTX
Sucuri Webinar: Leveraging Sucuri's API
bySucuri
 
PPTX
Webinar: CWAF for Mid Market/Enterprise Organizations
bySucuri
 
PPTX
WordPress Security - Learning From Hacks
byTony Perez
 
PPTX
Hacked - What do you do now?
byTony Perez
 
PPTX
WordPress Security Begins With Good Posture
byTony Perez
 
Sucuri Webinar: How to clean hacked WordPress sites
bySucuri
 
Sucuri Webinar: Preventing Cross-Site Contamination for Beginners
bySucuri
 
Sucuri Webinar: Is SSL enough to secure your website?
bySucuri
 
Sucuri Webinar: How to Clean a Hacked Magento Website
bySucuri
 
Sucuri Webinar: How To Know For Sure You Can Trust A Plugin
bySucuri
 
Sucuri Webinar: Simple Steps To Secure Your Online Store
bySucuri
 
Sucuri Webinar: Hacked Website Trend Report Q1/2016
bySucuri
 
Logs: Understanding Them to Better Manage Your WordPress Site
bySucuri
 
Sucuri Webinar: Website Security for Web Agencies
bySucuri
 
Sucuri Webinar: Defending Your Google Brand Reputation and Analytics Reports
bySucuri
 
Kludges and PHP. Why Should You Use a WAF?
bySucuri
 
Sucuri Webinar: Impacts of a website compromise
bySucuri
 
Sucuri Webinar: Tis the Season for Credit Card Scraping and Malware Trends
bySucuri
 
2018 Hacked Website Trends
bySucuri
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
bySucuri
 
Sucuri Webinar: Leveraging Sucuri's API
bySucuri
 
Webinar: CWAF for Mid Market/Enterprise Organizations
bySucuri
 
WordPress Security - Learning From Hacks
byTony Perez
 
Hacked - What do you do now?
byTony Perez
 
WordPress Security Begins With Good Posture
byTony Perez
 

Similar to Steps to Keep Your Site Clean

PDF
Why security matters
bySucuri
 
PPTX
Professional WordPress Security: Beyond Security Plugins
byChris Burgess
 
PPTX
Pubcon Vegas Session - WordPress Site Security Audits
byKristine Schachinger SEO and Online Marketing
 
PDF
Security Presentation for Boulder WordPress Meetup
byAngela Bowman
 
PDF
Head Slapping WordPress Security
byChris Burgess
 
PPTX
WordPress Security and Best Practices
byRobert Vidal
 
PPTX
Navigating Online Threats - Website Security for Everyday Website Owners
byTony Perez
 
PPTX
Word campktm speed-security
byDigamber Pradhan
 
PPTX
Understanding word press security wwc-4-7-17
byNicholas Batik
 
PPTX
WordPress Security 101
byShady A. Sharaf
 
PPTX
WordPress Security 2014 - The Basics of Security
byTony Perez
 
PPT
Secure All The Things!
byDougal Campbell
 
PPTX
Website Security - Latest and Greatest (WordPress 2014)
byTony Perez
 
PPTX
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri Security
byTony Perez
 
PPTX
Website Security - It Begins With Good Posture
byTony Perez
 
KEY
Higher Order WordPress Security
byDougal Campbell
 
PPTX
Word press website security
byTony Perez
 
PDF
WordPress Security Essentials
byAngela Bowman
 
PDF
The 7 Deadly Sins of WordPress Security
byJoseph Herbrandson
 
PPTX
The frustration with website security
bySucuri
 
Why security matters
bySucuri
 
Professional WordPress Security: Beyond Security Plugins
byChris Burgess
 
Pubcon Vegas Session - WordPress Site Security Audits
byKristine Schachinger SEO and Online Marketing
 
Security Presentation for Boulder WordPress Meetup
byAngela Bowman
 
Head Slapping WordPress Security
byChris Burgess
 
WordPress Security and Best Practices
byRobert Vidal
 
Navigating Online Threats - Website Security for Everyday Website Owners
byTony Perez
 
Word campktm speed-security
byDigamber Pradhan
 
Understanding word press security wwc-4-7-17
byNicholas Batik
 
WordPress Security 101
byShady A. Sharaf
 
WordPress Security 2014 - The Basics of Security
byTony Perez
 
Secure All The Things!
byDougal Campbell
 
Website Security - Latest and Greatest (WordPress 2014)
byTony Perez
 
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri Security
byTony Perez
 
Website Security - It Begins With Good Posture
byTony Perez
 
Higher Order WordPress Security
byDougal Campbell
 
Word press website security
byTony Perez
 
WordPress Security Essentials
byAngela Bowman
 
The 7 Deadly Sins of WordPress Security
byJoseph Herbrandson
 
The frustration with website security
bySucuri
 

More from Sucuri

PPTX
Sucuri Webinar: Sucuri Introduces the Sales Enablement Department
bySucuri
 
PPTX
Sucuri Webinar: Getting Started with Sucuri
bySucuri
 
PPTX
Webinar: eCommerce Compliance - PCI meets GDPR
bySucuri
 
PPTX
Webinar: 10 Consejos para Mejorar la Postura de Seguridad de tu Sitio Web
bySucuri
 
PPTX
Ecommerce Website Security
bySucuri
 
PPTX
Otimização de Websites para Ganho de Performance & Resiliência
bySucuri
 
PPTX
Guia de Segurança para WordPress
bySucuri
 
PPTX
Gambiarra e PHP. Por que você deveria usar um WAF?
bySucuri
 
PPTX
Segurança para Agências: Proteja seus Clientes
bySucuri
 
PPTX
Seguridad para Agencias de Desarrollo Web: Protege tus Clientes y tu Negocio
bySucuri
 
PPTX
WHDusa 2017: Bridging the Divide between Human Behavior & Security
bySucuri
 
PPTX
Sucuri Webinar: Beginner's Guide to CDNs
bySucuri
 
Sucuri Webinar: Sucuri Introduces the Sales Enablement Department
bySucuri
 
Sucuri Webinar: Getting Started with Sucuri
bySucuri
 
Webinar: eCommerce Compliance - PCI meets GDPR
bySucuri
 
Webinar: 10 Consejos para Mejorar la Postura de Seguridad de tu Sitio Web
bySucuri
 
Ecommerce Website Security
bySucuri
 
Otimização de Websites para Ganho de Performance & Resiliência
bySucuri
 
Guia de Segurança para WordPress
bySucuri
 
Gambiarra e PHP. Por que você deveria usar um WAF?
bySucuri
 
Segurança para Agências: Proteja seus Clientes
bySucuri
 
Seguridad para Agencias de Desarrollo Web: Protege tus Clientes y tu Negocio
bySucuri
 
WHDusa 2017: Bridging the Divide between Human Behavior & Security
bySucuri
 
Sucuri Webinar: Beginner's Guide to CDNs
bySucuri
 

Recently uploaded

PDF
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
PDF
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
PDF
Top 5 Snapchat Tracker Apps for Safe and Responsible Monitoring
byMichael Carter
 
PPTX
Types of Cryptograph Symmetric Ceaser cipher and also about Assymetric
byhamzaabdulqadeer11
 
PPT
html-forms in web development-courseICT.
bymadz33
 
PDF
classification of elements and periodicity.pdf
byaryanshreya2010
 
PPTX
CaseStudy-CloudMigration -For USE CASE -Customer Success Info -6-Aug-25.pptx
bywinlentech
 
PPTX
mc l2 Overview of Computer and Web-Technology.pptx
byavanikharde
 
PPT
Lecture_3 Network Securityyyeyeyyeeyyeywy.ppt
bysawsan202
 
PPTX
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
PDF
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
PPT
Memory Organization In Assembly Language
byumairmuhammad0409
 
PPTX
Computer Science Degree for College .pptx
byHanenek1
 
PPTX
Artificial Intelligence (AI) Technology Project Proposal _ by Slidesgo.pptx
byadhyaadi804
 
PDF
tokiohotellistening.pdf for tokiohotelfans
byrafaelgombos1234
 
PPT
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
PPTX
PRITHVI theater, A true artist. Newzfeaturez.pptx
bysc05digital
 
PDF
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
PDF
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
PPTX
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
Top 5 Snapchat Tracker Apps for Safe and Responsible Monitoring
byMichael Carter
 
Types of Cryptograph Symmetric Ceaser cipher and also about Assymetric
byhamzaabdulqadeer11
 
html-forms in web development-courseICT.
bymadz33
 
classification of elements and periodicity.pdf
byaryanshreya2010
 
CaseStudy-CloudMigration -For USE CASE -Customer Success Info -6-Aug-25.pptx
bywinlentech
 
mc l2 Overview of Computer and Web-Technology.pptx
byavanikharde
 
Lecture_3 Network Securityyyeyeyyeeyyeywy.ppt
bysawsan202
 
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
Memory Organization In Assembly Language
byumairmuhammad0409
 
Computer Science Degree for College .pptx
byHanenek1
 
Artificial Intelligence (AI) Technology Project Proposal _ by Slidesgo.pptx
byadhyaadi804
 
tokiohotellistening.pdf for tokiohotelfans
byrafaelgombos1234
 
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
PRITHVI theater, A true artist. Newzfeaturez.pptx
bysc05digital
 
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 

Steps to Keep Your Site Clean

  • 1.
    Steps to a CleanSafe Site Jen Fisher, Product Support Analyst S U C U R I W E B I N A R
  • 2.
    Jen Fisher Product SupportAnalyst Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R
  • 3.
    Tweet #AskSucuri to@SucuriSecurity In this webinar you will learn: • What website security is and how to approach the subject when making your own plan • The various access points that most websites have • Simple ways to approach website security security • Intermediate ways to approach security • A few ways to increase your general security online
  • 4.
    Why is websitesecurity important? Accounted for 90% of all websites cleaned by Sucuri in 2018. Authorities detected only 11% of infected sites in 2018, a 6% drop from 2017. Increased by 14% to 51.3%, from 37% in Q3 2016. Increased to 56.4%, from 47% in 2017. WordPress Blacklist SEO Spam General Malware Ecommerce Outdated software continues to be the greatest vulnerability to these targets.
  • 5.
    What is websitesecurity? • Applied: to content via restrictions • Environmental: linked to security of hardware and work environments • Tangential: related to all accounts and individuals who may interact with content • Flexible: a compromise between existing risks and the level of time and interaction that you want to have • Active: Security is also a practice!
  • 6.
    Tweet #AskSucuri to@SucuriSecurity Can’t I just buy a service? Tweet #AskSucuri to @SucuriSecurity
  • 7.
    Tweet #AskSucuri to@SucuriSecurity Direct Points of Access What do we need to secure? Clients with hacked sites frequently ask "how did the intruder get in?“ Most sites can be accessed: • Via the hosting account • Via the control panel • Via an FTP, SFTP, or SSH connection • Via your CMS management panel, such as WP Admin • Via the database • Via the internet, publicly
  • 8.
    Tweet #AskSucuri to@SucuriSecurity Direct Points of Access How they do they get in? Tangentially, we also need to consider the ways that these elements can be accessed: • Email, for password recovery purposes • Your computer or device and the security there • The browser used on your computer or device • The way your data is being sent (HTTPS) • The security of the server on which your content is stored
  • 9.
    Tweet #AskSucuri to@SucuriSecurity Update, Update, Update Preventing the #1 cause of hacks As we mentioned earlier, outdated site elements are the number one cause of website infections. Updating your CMS isn’t the only thing you can do to avoid risks, however! Updates can be applied to: • Content Management Systems • Plugins • Themes • Extensions • Server-side platforms and security
  • 10.
    Tweet #AskSucuri to@SucuriSecurity Protecting Your Website Applying updates is helpful, but a fully updated site may still be at risk. Consider: • Avoiding pirated plugins & themes • Removing content that isn't in use • Limiting, monitoring, and auditing access regularly • Using 2FA wherever possible • Using strong random passwords (password managers) • Using only one security plugin • Using non-standard usernames • Applying an SSL
  • 11.
    Tweet #AskSucuri to@SucuriSecurity Have a “Plan B” Website security plan If your site is compromised, how can you most effectively react to mitigate the issue? Consider in advance of a compromise: • Points of access • Individuals with access • How you will update all passwords • How updated access can be sent securely • Will a backup save the day? • Assistance resources available to you
  • 12.
    Tweet #AskSucuri to@SucuriSecurity Intermediate options • Disallow PHP execution via .htaccess • Disallow file editing in wp-config.php via .htaccess (Sucuri plugin is a good free option) • IP-based limitations to WP-Admin pages • Limited access to wp_includes, images, and uploads folders • Restrict upload capabilities • Avoid renaming file extensions (ie: wp_config.php.bak), voiding restrictions
  • 13.
    Tweet #AskSucuri to@SucuriSecurity Fun security for fun internet users! • Use a script blocker • Antivirus programs with active protection • 2-factor authentication • Password managers • Be aware of social engineering & phishing risks • Discuss security requirements • Send sensitive info securely If you’re ever unsure, ask! Most online service providers will have documentation related to security, and the best of those will help formulate a security plan.
  • 14.
    Submit your questionsto us at any time by tweeting us @SucuriSecurity using the hashtag #AskSucuri

Editor's Notes

  • #4 During this presentation, we'll discuss the ins and outs of website security! Using good security practices whether you're an internet user or a website owner is a great way to do your part to keep the entire web environment as clean and safe as possible. There are quite a few ways to increase your site’s security that are free, and relatively simple for anyone to apply
  • #5 These are blatantly Tony’s stats. - Roughly 33% of all sites on the internet use Wordpress as a CMS - In 2018, 90% of all sites cleaned by Sucuri were Wordpress sites - Can't rely on blacklisting - in 2018 blakclisting authorities detected only 11% of infected sites Rates of infection are on the rise You may be wondering….
  • #6 * here, we’ll fix the common malware definition * I’ll show you three common ways where malware hides * I’ll try to deobfuscate this magic word little bit And in the end of this webinar I’ll tell you something about… * * So what is malware >
  • #7 A lot of people buy a security solution and think they have mitigated *all* risks. When asking the question "is my site secure" please consider the subject to be a gradient rather than a simple "yes" or "no" question! A paid security service may be for you if: - Security isn't something you can find much time for - Site availability & brand reputation is of the utmost importance - You're new to the subject of security, and would like support to account for potentials as you learn Most paid services will not be able to address *all* security potentials, so it's important to also consider some basic security questions even if you have services through Sucuri or another website security service provider. On to the real content!
  • #8 Now that we've generally outlined what website security is, how do we begin to make things more secure? Outline the ways in which your site be accessed. What do we need to secure? When clients come to us with hacked sites, a frequent question that we see is "how did the intruder get in?" Most sites have multiple points of access, so we typically can't pinpoint a single security flaw. When thinking about security, it can be helpful to begin by listing all of the ways that your site files can be reached! Most sites can be accessed: - Via the hosting account - Via the control panel - Via an FTP, SFTP, or SSH connectiom - Via your CMS management panel, such as WP Admin - Via the database* This gets a little more in-depth, and we'll talk about this and public access security after we cover some basics - Publicly, via the internet
  • #9 Tangentially, we also need to consider the ways that *these* elements can be accessed: - Email, for password recovery purposes - Your computer or device and the security there - The browser used on your computer or device - The way your data is being sent (HTTPS) - The security of the server on which your content is stored
  • #10 As we mentioned earlier, outdated site elements are the number one cause of website infections. Updating your CMS isn’t the only thing you can do to avoid risks, however! Updates can be applied to: Content Management Systems Plugins Themes Extensions Server-side platforms and security
  • #11 Applying updates is helpful, but a fully updated site may still be at risk. Consider: Avoiding pirated plugins & themes Removing content that isn't in use Limiting, monitoring, and auditing access regularly Using 2FA wherever possible Using strong random passwords (password managers) Using only one security plugin Using non-standard usernames Applying an SSL. This won’t impact the security of your site, but it will increase safety for your visitors
  • #12 If your site is compromised, how can you most effectively react to mitigate the issue? This may vary from site to site, but often your host or developer can help to implement a plan for the worst-case scenario. - Keep backups! Outside of your hosting environment, if possible - Use an access management system (such as a password manager) to easily track access, update passwords easily, and share and revoke access securely
  • #13 ***beef these out a bit*** -Disallow file editing in WP-Config * - .htaccess limitations* - disable PHP execution in Uploads, WP-Includes (Plugin is a good free option: https://wordpress.org/plugins/sucuri-scanner/) - Avoid renaming wp-config to remove the file extension. (solidify details from Ben) - Put htaccess in wp includes, images, uploads folders. - No upload capabilities unless theyre secured (certain extensions)
  • #14 Script blockers Antivirus programs with active protection Be aware of and discuss the risks of social engineering or phishing * email addresses * links *phone and email requests -Discuss your security requirements Send information in secure ways If you’re ever unsure, ask! Most online service providers will have documentation related to security, and the best of those will be able to discuss security with you directly to help formulate a plan