Laura Hartwig, profile picture
Uploaded byLaura Hartwig
PPTX, PDF151 views

Word press security 101 2018

This document provides a guide to securing WordPress sites in 9 steps: 1) Choose a good host, 2) Keep your site updated, 3) Use strong usernames and passwords, 4) Remove unwanted users, 5) Use security plugins, 6) Backups, 7) Get notified of issues, 8) Protect your own security, and 9) Know what to do if hacked. WordPress powers many websites but this open source software is a target, so site owners must choose a security level based on resources and site value. Regular backups, software updates, and password protection are key to prevention, while monitoring and incident response plans can address any issues.

Embed presentation

Download to read offline
WordPress Security 101 A guide by Laura Hartwig
Laura Hartwig I’ve been a WordPress Developer since 2011 and find it important to keep my clients sites secure. It’s much easier to prevent your site from getting hacked rather than try to recover your site after it’s been hacked.
Am I a Target?
YES
Why? ➔ WordPress Powers nearly 30% off all websites. This is good and bad. ➔ Server Space Hackers want to store files on your server and connect it into a botnet. ➔ Because they can Many hackers like to hack sites just to see if they can. It’s a thrill similar to hunting or leveling up on a computer game.
First Law of Website Security ➔ Nothing is unhackable
Chart credit: WordFence
Chart credit: WordFence
Level of Security ➔ Your level of security will depend on resources vs. value The reality is that you are not going to spend a lot of time and money on a website that you don’t value. Adding security measures is a pain, like locking your doors, so you will need to decide what level of protection is worth it.
What can you do?
1. Choose a Good Host ➔ Latest PHP Version ➔ Use HTTPS ➔ SFTP (Not FTP) ➔ Private Server At least don’t host multiple sites on your server ➔ Use a CDN Like Cloudflare (free)
2. Keep Your Site Updated ➔ Update Core, Plugins & Themes Be wary of themes plugins that haven’t been tested. (Esp Free) ➔ Remove unused themes & plugins ➔ Use services like ManageWP if you have a lot of sites. But be wary of updates breaking your site. ➔ Don’t leave old files on your site Esp not old sites
3. Use Strong Usernames & Passwords ➔ Don’t use “admin” ➔ At least 14 characters ➔ !@#$%^ ➔ That means everyone!
4. Remove Unwanted Users ➔ Everyone should not be Admin ➔ What is the default user role? ➔ People who no longer work for you ➔ Use Adminimize to control access ➔ Use unique usernames Remember that nicknames can be different.
5. Use Security Plugins ➔ Change Login URL Don’t use /wp-admin ➔ Limit Login Attempts And notes about if it’s wrong username or password. ➔ Two Factor Authentication It’s a pain, but it works ➔ Captcha Prevents brute force attacks
6. Backups ➔ Hosting Backups Good hosts will do them automatically ➔ Backup Plugin Updraft or Backup Buddy ➔ Schedule Backups Backups are no good if not done. How often you need to backup depends on how often you update your site. ➔ Send them somewhere Download to your computer or file hosting service.
7. Get Notified ➔ Google Console Will let you know if your site has been hacked. This is actually too late, but a good idea if you rarely check into your site. Once Google knows, your site will be blacklisted. This will hurt your visitors and your ranking. ➔ Use a Malware Scanner Sucuri or WordFence
8. Your Own Security ➔ Strong password for your email ➔ Don’t email passwords WordPress will automatically email passwords or use a service like 1ty.me ➔ Don’t keep passwords on your computer or in your browser Except LastPass ➔ Use Virus protection on your computer and update your browsers ➔ Turn off your computer at night
9. If You Get Hacked ➔ Use your backup But make sure it has not been compromised. ➔ Sucuri.net Fixing hacked sites is what they do and they can get your site up fairly quickly, but it will cost you. ➔ Read their blog if you are really interested in security
Good luck! I hope you will make some changes right away to make your site more secure. Presentation: Slidshare.net/laura-hartwig Contact me: LauraHartwigDesign@gmail.com

More Related Content

PDF
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
byAcodez IT Solutions
 
PPTX
How to Resolve Recurring WordPress Problems?
byRasin Bekkevold
 
PDF
Identifying a Compromised WordPress Site
byChris Burgess
 
PPT
WebHosting Performance / WordPress - Pubcon Vegas - Hendison
bySearch Commander, Inc.
 
PDF
Its just a flesh wound
byBrett Gravois
 
PDF
How to install wordpress
byDeepanshu Kapoor
 
PDF
Javascript issues and tools in production for developers
byMichael Haberman
 
PPTX
Sucuri Webinar: Beginner's Guide to CDNs
bySucuri
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
byAcodez IT Solutions
 
How to Resolve Recurring WordPress Problems?
byRasin Bekkevold
 
Identifying a Compromised WordPress Site
byChris Burgess
 
WebHosting Performance / WordPress - Pubcon Vegas - Hendison
bySearch Commander, Inc.
 
Its just a flesh wound
byBrett Gravois
 
How to install wordpress
byDeepanshu Kapoor
 
Javascript issues and tools in production for developers
byMichael Haberman
 
Sucuri Webinar: Beginner's Guide to CDNs
bySucuri
 

What's hot

PPTX
Optimizing your WordPress website
bymwfordesigns
 
PPT
Security 101
byRed Gate Software
 
PDF
Word press security checklist
bySanjay Dabhoya
 
PPTX
Care and feeding of your website
byShawn DeWolfe
 
PDF
WordPress Security Basics
byRyan Plas
 
PDF
Basic Plugin Recommendations to get your WordPress Website Started
byNile Flores
 
PDF
Should you be using WordPress as your web platform?
byNigel Harding
 
PPT
Why wordpress is not completely safe
byBrainwork Technologies
 
PPTX
Building Secure WordPress Sites
byCatch Themes
 
PPTX
Word camp pune 2013 security
byGaurav Singh
 
PDF
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
byOtto Kekäläinen
 
PDF
WordPress Security Basics - Melbourne WordPress User Meetup
byChris Burgess
 
PPT
Website Backup
byMatt Foley
 
PPTX
Word campktm speed-security
byDigamber Pradhan
 
ODP
Drupal Security for Coders and Themers - XSS and CSRF
byknaddison
 
PPTX
4.comment base hacking
byAkhilesh Kant
 
PPTX
Wordpress tutorial
byMarita Santander
 
PDF
Technical SEO for WordPress - 2017 edition
byOtto Kekäläinen
 
PPTX
D3LDN17 - Recruiting the Browser
byImperva Incapsula
 
PPT
Hari 4 6 sep 12
bymatjenin2013
 
Optimizing your WordPress website
bymwfordesigns
 
Security 101
byRed Gate Software
 
Word press security checklist
bySanjay Dabhoya
 
Care and feeding of your website
byShawn DeWolfe
 
WordPress Security Basics
byRyan Plas
 
Basic Plugin Recommendations to get your WordPress Website Started
byNile Flores
 
Should you be using WordPress as your web platform?
byNigel Harding
 
Why wordpress is not completely safe
byBrainwork Technologies
 
Building Secure WordPress Sites
byCatch Themes
 
Word camp pune 2013 security
byGaurav Singh
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
byOtto Kekäläinen
 
WordPress Security Basics - Melbourne WordPress User Meetup
byChris Burgess
 
Website Backup
byMatt Foley
 
Word campktm speed-security
byDigamber Pradhan
 
Drupal Security for Coders and Themers - XSS and CSRF
byknaddison
 
4.comment base hacking
byAkhilesh Kant
 
Wordpress tutorial
byMarita Santander
 
Technical SEO for WordPress - 2017 edition
byOtto Kekäläinen
 
D3LDN17 - Recruiting the Browser
byImperva Incapsula
 
Hari 4 6 sep 12
bymatjenin2013
 

Similar to Word press security 101 2018

PPTX
WordPress security
byShelley Magnezi
 
PPTX
WordPress Security - WordPress Meetup Copenhagen 2013
byThor Kristiansen
 
PDF
WordPress Security Presentation
byAndrew Paton
 
PDF
Security Presentation for Boulder WordPress Meetup
byAngela Bowman
 
PDF
WordPress Security Essentials
byAngela Bowman
 
PDF
A Guide To Secure WordPress Website – A Complete Guide.pdf
byHost It Smart
 
PPT
Tips to improve word press security ppt
byCheap SSL Coupon Code
 
PDF
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
byStuartJDavidson.com
 
PPTX
Understanding word press security wwc-4-7-17
byNicholas Batik
 
PDF
Word press beirut 9th meetup march
byFadi Nicolas Zahhar
 
PDF
ResellerClub Ctrl+F5 - WordPress Security session
byPratik Jagdishwala
 
PPTX
Making & Keeping WordPress Secure
byChad Warner
 
PDF
Your WordPress Site is and is not Hacked - You don't know until you check
byAngela Bowman
 
PPTX
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
byBrian Layman
 
PDF
Prevent Hacking: 10 Steps to Secure your WordPress Site
byDr. Rachna Jain
 
PPT
Is your Wordpress safe enough?
bysaidmurat
 
PPT
Blog World 2010 - How to Keep Your Blog from Being Hacked
byBrian Layman
 
PPTX
WordPress Security 101
byShady A. Sharaf
 
PPTX
How WordPress Sites Get Hacked
byAndrew Marks
 
PPTX
WordPress Security and Best Practices
byRobert Vidal
 
WordPress security
byShelley Magnezi
 
WordPress Security - WordPress Meetup Copenhagen 2013
byThor Kristiansen
 
WordPress Security Presentation
byAndrew Paton
 
Security Presentation for Boulder WordPress Meetup
byAngela Bowman
 
WordPress Security Essentials
byAngela Bowman
 
A Guide To Secure WordPress Website – A Complete Guide.pdf
byHost It Smart
 
Tips to improve word press security ppt
byCheap SSL Coupon Code
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
byStuartJDavidson.com
 
Understanding word press security wwc-4-7-17
byNicholas Batik
 
Word press beirut 9th meetup march
byFadi Nicolas Zahhar
 
ResellerClub Ctrl+F5 - WordPress Security session
byPratik Jagdishwala
 
Making & Keeping WordPress Secure
byChad Warner
 
Your WordPress Site is and is not Hacked - You don't know until you check
byAngela Bowman
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
byBrian Layman
 
Prevent Hacking: 10 Steps to Secure your WordPress Site
byDr. Rachna Jain
 
Is your Wordpress safe enough?
bysaidmurat
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
byBrian Layman
 
WordPress Security 101
byShady A. Sharaf
 
How WordPress Sites Get Hacked
byAndrew Marks
 
WordPress Security and Best Practices
byRobert Vidal
 

More from Laura Hartwig

PPTX
WordPress 101
byLaura Hartwig
 
PPTX
WooCommerce Workshop: Bring Your Laptop
byLaura Hartwig
 
PPTX
Websites 101
byLaura Hartwig
 
PPTX
Customizing WordPress Themes
byLaura Hartwig
 
PPTX
Woocommerce 101
byLaura Hartwig
 
PPTX
Favorite WordPress Plugins 2016
byLaura Hartwig
 
PPTX
Customizing Your WordPress Theme Using Firebug and Basic CSS
byLaura Hartwig
 
PPTX
Website content
byLaura Hartwig
 
PDF
How to Start a WordPress Meetup in Your Town
byLaura Hartwig
 
WordPress 101
byLaura Hartwig
 
WooCommerce Workshop: Bring Your Laptop
byLaura Hartwig
 
Websites 101
byLaura Hartwig
 
Customizing WordPress Themes
byLaura Hartwig
 
Woocommerce 101
byLaura Hartwig
 
Favorite WordPress Plugins 2016
byLaura Hartwig
 
Customizing Your WordPress Theme Using Firebug and Basic CSS
byLaura Hartwig
 
Website content
byLaura Hartwig
 
How to Start a WordPress Meetup in Your Town
byLaura Hartwig
 

Recently uploaded

PPTX
Analysis Intelligence in Cyber Protection.pptx
byOmar Fernandez
 
PPTX
Human Aspects of Information Security: The People Factor.pptx
byOmar Fernandez
 
PDF
diznijevi junaci na paradi panini album.pdf
byStefanFilipovic9
 
PPTX
Social media app presentation snapgram.pptx
byrayessafa21
 
PPTX
A QUIZ ABOUT THE HISTORY OF MICROSOFT WORD
byzoenadiajara1
 
PDF
galakticki fudbal galactic football.pdf...
byStefanFilipovic9
 
PDF
WAN-IFRA World Press Trends 2025-26 key insights
byDamian Radcliffe
 
PPTX
Introduction to Multi-dimentional array.pptx
byOmar Fernandez
 
PDF
GTI Solution Overview.pdf useful for security solution
by33fastfast
 
PPTX
How Big Brands are Taking Your Traffic in Alberta [Data Inside].pptx
byVisibility Drip
 
Analysis Intelligence in Cyber Protection.pptx
byOmar Fernandez
 
Human Aspects of Information Security: The People Factor.pptx
byOmar Fernandez
 
diznijevi junaci na paradi panini album.pdf
byStefanFilipovic9
 
Social media app presentation snapgram.pptx
byrayessafa21
 
A QUIZ ABOUT THE HISTORY OF MICROSOFT WORD
byzoenadiajara1
 
galakticki fudbal galactic football.pdf...
byStefanFilipovic9
 
WAN-IFRA World Press Trends 2025-26 key insights
byDamian Radcliffe
 
Introduction to Multi-dimentional array.pptx
byOmar Fernandez
 
GTI Solution Overview.pdf useful for security solution
by33fastfast
 
How Big Brands are Taking Your Traffic in Alberta [Data Inside].pptx
byVisibility Drip
 

Word press security 101 2018

  • 1.
  • 2.
    Laura Hartwig I’ve beena WordPress Developer since 2011 and find it important to keep my clients sites secure. It’s much easier to prevent your site from getting hacked rather than try to recover your site after it’s been hacked.
  • 3.
    Am I aTarget?
  • 4.
  • 5.
    Why? ➔ WordPress Powers nearly30% off all websites. This is good and bad. ➔ Server Space Hackers want to store files on your server and connect it into a botnet. ➔ Because they can Many hackers like to hack sites just to see if they can. It’s a thrill similar to hunting or leveling up on a computer game.
  • 6.
    First Law of WebsiteSecurity ➔ Nothing is unhackable
  • 7.
  • 8.
  • 9.
    Level of Security ➔Your level of security will depend on resources vs. value The reality is that you are not going to spend a lot of time and money on a website that you don’t value. Adding security measures is a pain, like locking your doors, so you will need to decide what level of protection is worth it.
  • 10.
  • 11.
    1. Choose a GoodHost ➔ Latest PHP Version ➔ Use HTTPS ➔ SFTP (Not FTP) ➔ Private Server At least don’t host multiple sites on your server ➔ Use a CDN Like Cloudflare (free)
  • 12.
    2. Keep YourSite Updated ➔ Update Core, Plugins & Themes Be wary of themes plugins that haven’t been tested. (Esp Free) ➔ Remove unused themes & plugins ➔ Use services like ManageWP if you have a lot of sites. But be wary of updates breaking your site. ➔ Don’t leave old files on your site Esp not old sites
  • 14.
    3. Use Strong Usernames& Passwords ➔ Don’t use “admin” ➔ At least 14 characters ➔ !@#$%^ ➔ That means everyone!
  • 15.
    4. Remove Unwanted Users ➔Everyone should not be Admin ➔ What is the default user role? ➔ People who no longer work for you ➔ Use Adminimize to control access ➔ Use unique usernames Remember that nicknames can be different.
  • 16.
    5. Use Security Plugins ➔Change Login URL Don’t use /wp-admin ➔ Limit Login Attempts And notes about if it’s wrong username or password. ➔ Two Factor Authentication It’s a pain, but it works ➔ Captcha Prevents brute force attacks
  • 19.
    6. Backups ➔ HostingBackups Good hosts will do them automatically ➔ Backup Plugin Updraft or Backup Buddy ➔ Schedule Backups Backups are no good if not done. How often you need to backup depends on how often you update your site. ➔ Send them somewhere Download to your computer or file hosting service.
  • 20.
    7. Get Notified ➔Google Console Will let you know if your site has been hacked. This is actually too late, but a good idea if you rarely check into your site. Once Google knows, your site will be blacklisted. This will hurt your visitors and your ranking. ➔ Use a Malware Scanner Sucuri or WordFence
  • 21.
    8. Your OwnSecurity ➔ Strong password for your email ➔ Don’t email passwords WordPress will automatically email passwords or use a service like 1ty.me ➔ Don’t keep passwords on your computer or in your browser Except LastPass ➔ Use Virus protection on your computer and update your browsers ➔ Turn off your computer at night
  • 22.
    9. If YouGet Hacked ➔ Use your backup But make sure it has not been compromised. ➔ Sucuri.net Fixing hacked sites is what they do and they can get your site up fairly quickly, but it will cost you. ➔ Read their blog if you are really interested in security
  • 23.
    Good luck! I hopeyou will make some changes right away to make your site more secure. Presentation: Slidshare.net/laura-hartwig Contact me: LauraHartwigDesign@gmail.com