SlideShare a Scribd company logo

WordPress Security

Ivan Storck
Ivan Storck

WordPress Security is important! An ounce of prevention is worth a pound of cure. Learn four critical steps to protect your WordPress web site.

1 of 12
WordPress Security Four Steps to Protect Your Website
Why Bother? • Hackers do illegal stuff with your site, and you may be liable. Phishing, Spam • Protect your hard-won SEO reputation • Protect yourself, your customers, and site visitors
4 Essential Steps 1. Backup 2. Protect / Tweak 3. Monitor 4. Analyze
Backups - No excuses • Use the cPanel backup wizard weekly • Automate with DBC Backup • Backup to the cloud with WP S3 Backups • Schedule depends on amount of content
Protect ✓ Ze’s Admin Update Notification http://wordpress.org/extend/plugins/zes-admin-update-notification/ ✓ Bulletproof Security http://wordpress.org/extend/plugins/bulletproof-security/ ✓ Hash Checker http://wordpress.org/extend/plugins/hashchecker/
Protect ✓ TAC - Theme Authenticity Checker http://wordpress.org/extend/plugins/tac/ ✓ Limit Login Attempts http://wordpress.org/extend/plugins/login-lockdown/ ✓ Secure WordPress http://wordpress.org/extend/plugins/secure-wordpress/
Tweak • File Permissions and location • command line: chmod 640 wp-config.php • Use cPanel File Manager • put wp-config.php one level above public_html (so it’s not publicly accessible) • Delete ‘admin’ user, use your own name • Change table prefix, something other than wp_ • Use phpMyAdmin in cPanel and this article: http://bit.ly/wp-prefix
Monitor • You can visually inspect your page every day, but why not automate it?! • ChangeDetection.com - FREE • http://site24x7.com/monitor-webpage- defacement.html
Analyze • Google Analyticator / Google Webmaster Tools • http://wordpress.org/extend/plugins/google-analyticator/ • Firefox User Agent Tool • https://addons.mozilla.org/en-US/firefox/addon/59/ • Safari: Develop Menu, User Agent: use one from http://www.useragentstring.com/ • Check log files for suspicious activity • cPanel - awstats
Sustainable Websites • Take responsibility for their presence on the internet, their affect on people, and on the earth • Don’t waste energy with spam • Don’t waste people’s time with spam links • Don’t install malware on people’s computers
SustainableWebsites.com • Secured cPanel servers • Easy backups • Automatic WordPress installation via Fantastico • Automatic notification of out-of-date scripts • Energy Efficient, Green Powered
Credits & etc Photos used with permission by Creative Commons License: http://creativecommons.org/licenses/by/2.0/deed.en Playmobil: http://www.flickr.com/photos/nedrichards/56919158/ Wind turbines: iStockPhoto.com Thanks WordPress community! Ross Chapman, Luke Fretwell, Mani Sheriar, Maiya Holliday, more customers These slides may go out of date but the four steps have less likelihood of doing so. Even so, following these steps may not guarantee your site against hacking and there is no implied warrantee to the fitness of the information in this document for your unique setup. Stay up to date on security via more sources than just this slideshow. © Sustainable Websites LLC Creative Commons License http://SustainableWebsites.com/contact +1-888-755-8436 93 S Jackson St #58069 Seattle WA 98103

Recommended

Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkManaging Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large Network
William Earnhardt
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
Peter Baylies
 
WordPress Multisite
WordPress MultisiteWordPress Multisite
WordPress Multisite
Brad Williams
 
Word camp2011 introwordpresssecurity
Word camp2011 introwordpresssecurityWord camp2011 introwordpresssecurity
Word camp2011 introwordpresssecurityDavid Wilemski
 
Understanding WordPress Multisite
Understanding WordPress MultisiteUnderstanding WordPress Multisite
Understanding WordPress Multisite
Ryan Imel
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
SiteGround.com
 
Getting started with WordPress development
Getting started with WordPress developmentGetting started with WordPress development
Getting started with WordPress development
Steve Mortiboy
 
Ithemes presentation
Ithemes presentationIthemes presentation
Ithemes presentation
Jason Yingling
 

Recommended

Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkManaging Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large Network
William Earnhardt
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
Peter Baylies
 
WordPress Multisite
WordPress MultisiteWordPress Multisite
WordPress Multisite
Brad Williams
 
Word camp2011 introwordpresssecurity
Word camp2011 introwordpresssecurityWord camp2011 introwordpresssecurity
Word camp2011 introwordpresssecurityDavid Wilemski
 
Understanding WordPress Multisite
Understanding WordPress MultisiteUnderstanding WordPress Multisite
Understanding WordPress Multisite
Ryan Imel
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
SiteGround.com
 
Getting started with WordPress development
Getting started with WordPress developmentGetting started with WordPress development
Getting started with WordPress development
Steve Mortiboy
 
Ithemes presentation
Ithemes presentationIthemes presentation
Ithemes presentation
Jason Yingling
 
How to be a Super Super-Admin - WCMTL 2014
How to be a Super Super-Admin - WCMTL 2014How to be a Super Super-Admin - WCMTL 2014
How to be a Super Super-Admin - WCMTL 2014
Richard Archambault
 
Multisite core concepts final
Multisite core concepts finalMultisite core concepts final
Multisite core concepts final
Umesh Chaudhary
 
Wordpress
WordpressWordpress
WordpressPriya Kumar
 
A crash course in scaling wordpress
A crash course in scaling wordpress A crash course in scaling wordpress
A crash course in scaling wordpress
GovLoop
 
Savannah
SavannahSavannah
SavannahAndrea Rennick
 
When to use WordPress MultiSite WordCamp Nepal 2012
When to use WordPress MultiSite WordCamp Nepal 2012When to use WordPress MultiSite WordCamp Nepal 2012
When to use WordPress MultiSite WordCamp Nepal 2012Utsav Singh Rathour
 
Utsav Singh Rathour: How, Why and Where to use WordPress multisite
Utsav Singh Rathour: How, Why and Where to use WordPress multisiteUtsav Singh Rathour: How, Why and Where to use WordPress multisite
Utsav Singh Rathour: How, Why and Where to use WordPress multisitewpnepal
 
WordPress Intermediate Workshop
WordPress Intermediate WorkshopWordPress Intermediate Workshop
WordPress Intermediate Workshop
The Toolbox, Inc.
 
WordCamp Boston WordPress plugins-8-2014
WordCamp Boston WordPress plugins-8-2014WordCamp Boston WordPress plugins-8-2014
WordCamp Boston WordPress plugins-8-2014
The Toolbox, Inc.
 
WordPress Fav Plugins & Security
WordPress Fav Plugins & SecurityWordPress Fav Plugins & Security
WordPress Fav Plugins & Security
The Toolbox, Inc.
 
WordPress and Multisite
WordPress and MultisiteWordPress and Multisite
WordPress and MultisiteAndrea Rennick
 
Wcmtl top-10-multisite
Wcmtl top-10-multisiteWcmtl top-10-multisite
Wcmtl top-10-multisiteAndrea Rennick
 
I Can Haz More Performanz?
I Can Haz More Performanz?I Can Haz More Performanz?
I Can Haz More Performanz?
Andy Melichar
 
WordPress Security Basics - Melbourne WordPress User Meetup
WordPress Security Basics - Melbourne WordPress User MeetupWordPress Security Basics - Melbourne WordPress User Meetup
WordPress Security Basics - Melbourne WordPress User Meetup
Chris Burgess
 
Piecing Together the WordPress Puzzle
Piecing Together the WordPress PuzzlePiecing Together the WordPress Puzzle
Piecing Together the WordPress Puzzle
Business Vitality LLC
 
WordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best PracticesWordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best Practices
Jonathan Hall
 
WordPress(The Big Picture)
WordPress(The Big Picture)WordPress(The Big Picture)
WordPress(The Big Picture)
Sandip Basnet
 
WordPress Multisite: What? Why? How?
WordPress Multisite: What? Why? How?WordPress Multisite: What? Why? How?
WordPress Multisite: What? Why? How?bcasel
 
2014 WordCamp Austin: Do's and Don'ts of WordPress Multisite
2014 WordCamp Austin: Do's and Don'ts of WordPress Multisite2014 WordCamp Austin: Do's and Don'ts of WordPress Multisite
2014 WordCamp Austin: Do's and Don'ts of WordPress Multisite
WPMU DEV
 
Speeding Up WordPress sites
Speeding Up WordPress sitesSpeeding Up WordPress sites
Speeding Up WordPress sites
Jason Yingling
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
Robert Vidal
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
Kayleigh Thorpe
 

More Related Content

What's hot

How to be a Super Super-Admin - WCMTL 2014
How to be a Super Super-Admin - WCMTL 2014How to be a Super Super-Admin - WCMTL 2014
How to be a Super Super-Admin - WCMTL 2014
Richard Archambault
 
Multisite core concepts final
Multisite core concepts finalMultisite core concepts final
Multisite core concepts final
Umesh Chaudhary
 
A crash course in scaling wordpress
A crash course in scaling wordpress A crash course in scaling wordpress
A crash course in scaling wordpress
GovLoop
 
When to use WordPress MultiSite WordCamp Nepal 2012
When to use WordPress MultiSite WordCamp Nepal 2012When to use WordPress MultiSite WordCamp Nepal 2012
When to use WordPress MultiSite WordCamp Nepal 2012Utsav Singh Rathour
 
Utsav Singh Rathour: How, Why and Where to use WordPress multisite
Utsav Singh Rathour: How, Why and Where to use WordPress multisiteUtsav Singh Rathour: How, Why and Where to use WordPress multisite
Utsav Singh Rathour: How, Why and Where to use WordPress multisitewpnepal
 
WordPress Intermediate Workshop
WordPress Intermediate WorkshopWordPress Intermediate Workshop
WordPress Intermediate Workshop
The Toolbox, Inc.
 
WordCamp Boston WordPress plugins-8-2014
WordCamp Boston WordPress plugins-8-2014WordCamp Boston WordPress plugins-8-2014
WordCamp Boston WordPress plugins-8-2014
The Toolbox, Inc.
 
WordPress Fav Plugins & Security
WordPress Fav Plugins & SecurityWordPress Fav Plugins & Security
WordPress Fav Plugins & Security
The Toolbox, Inc.
 
WordPress and Multisite
WordPress and MultisiteWordPress and Multisite
WordPress and MultisiteAndrea Rennick
 
Wcmtl top-10-multisite
Wcmtl top-10-multisiteWcmtl top-10-multisite
Wcmtl top-10-multisiteAndrea Rennick
 
I Can Haz More Performanz?
I Can Haz More Performanz?I Can Haz More Performanz?
I Can Haz More Performanz?
Andy Melichar
 
WordPress Security Basics - Melbourne WordPress User Meetup
WordPress Security Basics - Melbourne WordPress User MeetupWordPress Security Basics - Melbourne WordPress User Meetup
WordPress Security Basics - Melbourne WordPress User Meetup
Chris Burgess
 
Piecing Together the WordPress Puzzle
Piecing Together the WordPress PuzzlePiecing Together the WordPress Puzzle
Piecing Together the WordPress Puzzle
Business Vitality LLC
 
WordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best PracticesWordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best Practices
Jonathan Hall
 
WordPress(The Big Picture)
WordPress(The Big Picture)WordPress(The Big Picture)
WordPress(The Big Picture)
Sandip Basnet
 
WordPress Multisite: What? Why? How?
WordPress Multisite: What? Why? How?WordPress Multisite: What? Why? How?
WordPress Multisite: What? Why? How?bcasel
 
2014 WordCamp Austin: Do's and Don'ts of WordPress Multisite
2014 WordCamp Austin: Do's and Don'ts of WordPress Multisite2014 WordCamp Austin: Do's and Don'ts of WordPress Multisite
2014 WordCamp Austin: Do's and Don'ts of WordPress Multisite
WPMU DEV
 
Speeding Up WordPress sites
Speeding Up WordPress sitesSpeeding Up WordPress sites
Speeding Up WordPress sites
Jason Yingling
 

What's hot (20)

How to be a Super Super-Admin - WCMTL 2014
How to be a Super Super-Admin - WCMTL 2014How to be a Super Super-Admin - WCMTL 2014
How to be a Super Super-Admin - WCMTL 2014
 
Multisite core concepts final
Multisite core concepts finalMultisite core concepts final
Multisite core concepts final
 
Wordpress
WordpressWordpress
Wordpress
 
A crash course in scaling wordpress
A crash course in scaling wordpress A crash course in scaling wordpress
A crash course in scaling wordpress
 
Savannah
SavannahSavannah
Savannah
 
When to use WordPress MultiSite WordCamp Nepal 2012
When to use WordPress MultiSite WordCamp Nepal 2012When to use WordPress MultiSite WordCamp Nepal 2012
When to use WordPress MultiSite WordCamp Nepal 2012
 
Utsav Singh Rathour: How, Why and Where to use WordPress multisite
Utsav Singh Rathour: How, Why and Where to use WordPress multisiteUtsav Singh Rathour: How, Why and Where to use WordPress multisite
Utsav Singh Rathour: How, Why and Where to use WordPress multisite
 
WordPress Intermediate Workshop
WordPress Intermediate WorkshopWordPress Intermediate Workshop
WordPress Intermediate Workshop
 
WordCamp Boston WordPress plugins-8-2014
WordCamp Boston WordPress plugins-8-2014WordCamp Boston WordPress plugins-8-2014
WordCamp Boston WordPress plugins-8-2014
 
WordPress Fav Plugins & Security
WordPress Fav Plugins & SecurityWordPress Fav Plugins & Security
WordPress Fav Plugins & Security
 
WordPress and Multisite
WordPress and MultisiteWordPress and Multisite
WordPress and Multisite
 
Wcmtl top-10-multisite
Wcmtl top-10-multisiteWcmtl top-10-multisite
Wcmtl top-10-multisite
 
I Can Haz More Performanz?
I Can Haz More Performanz?I Can Haz More Performanz?
I Can Haz More Performanz?
 
WordPress Security Basics - Melbourne WordPress User Meetup
WordPress Security Basics - Melbourne WordPress User MeetupWordPress Security Basics - Melbourne WordPress User Meetup
WordPress Security Basics - Melbourne WordPress User Meetup
 
Piecing Together the WordPress Puzzle
Piecing Together the WordPress PuzzlePiecing Together the WordPress Puzzle
Piecing Together the WordPress Puzzle
 
WordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best PracticesWordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best Practices
 
WordPress(The Big Picture)
WordPress(The Big Picture)WordPress(The Big Picture)
WordPress(The Big Picture)
 
WordPress Multisite: What? Why? How?
WordPress Multisite: What? Why? How?WordPress Multisite: What? Why? How?
WordPress Multisite: What? Why? How?
 
2014 WordCamp Austin: Do's and Don'ts of WordPress Multisite
2014 WordCamp Austin: Do's and Don'ts of WordPress Multisite2014 WordCamp Austin: Do's and Don'ts of WordPress Multisite
2014 WordCamp Austin: Do's and Don'ts of WordPress Multisite
 
Speeding Up WordPress sites
Speeding Up WordPress sitesSpeeding Up WordPress sites
Speeding Up WordPress sites
 

Similar to WordPress Security

WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
Robert Vidal
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
Kayleigh Thorpe
 
Website essentials things every library website should have
Website essentials things every library website should haveWebsite essentials things every library website should have
Website essentials things every library website should have
Brian Pichman
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
Catch Themes
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and Security
Think Media Inc.
 
Vinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress siteVinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress sitewpnepal
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site
MuhammadUsaid2
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
Brian Layman
 
How WordPress Sites Get Hacked
How WordPress Sites Get HackedHow WordPress Sites Get Hacked
How WordPress Sites Get Hacked
Andrew Marks
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
SiteGround.com
 
WordCamp 2015
WordCamp 2015WordCamp 2015
WordCamp 2015
Luiza Libardi
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home Ownership
Denise (Dee) Teal
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Think Media Inc.
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress Troubleshooting
Tiffany Bridge
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
Angela Bowman
 
WCBos13 intermediate workshop
WCBos13 intermediate workshopWCBos13 intermediate workshop
WCBos13 intermediate workshop
Boston WordPress
 
WordPress Complete Tutorial
WordPress Complete TutorialWordPress Complete Tutorial
WordPress Complete Tutorial
OpenSource Technologies Pvt. Ltd.
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Brian Layman
 
20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners
TRB Design, Inc.
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web Design
Judy Wilson
 

Similar to WordPress Security (20)

WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
 
Website essentials things every library website should have
Website essentials things every library website should haveWebsite essentials things every library website should have
Website essentials things every library website should have
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and Security
 
Vinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress siteVinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress site
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
 
How WordPress Sites Get Hacked
How WordPress Sites Get HackedHow WordPress Sites Get Hacked
How WordPress Sites Get Hacked
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
WordCamp 2015
WordCamp 2015WordCamp 2015
WordCamp 2015
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home Ownership
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress Troubleshooting
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
 
WCBos13 intermediate workshop
WCBos13 intermediate workshopWCBos13 intermediate workshop
WCBos13 intermediate workshop
 
WordPress Complete Tutorial
WordPress Complete TutorialWordPress Complete Tutorial
WordPress Complete Tutorial
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
 
20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web Design
 

More from Ivan Storck

Testing intro
Testing introTesting intro
Testing intro
Ivan Storck
 
Bower and Ruby on Rails
Bower and Ruby on RailsBower and Ruby on Rails
Bower and Ruby on Rails
Ivan Storck
 
Render Or Redirect?
Render Or Redirect?Render Or Redirect?
Render Or Redirect?
Ivan Storck
 
Git
GitGit
Git
Ivan Storck
 
Cucumber exercise slides
Cucumber exercise slidesCucumber exercise slides
Cucumber exercise slidesIvan Storck
 
Rails Request Response Lifecycle
Rails Request Response LifecycleRails Request Response Lifecycle
Rails Request Response Lifecycle
Ivan Storck
 
Ruby at UW C4C
Ruby at UW C4CRuby at UW C4C
Ruby at UW C4C
Ivan Storck
 
Web Marketing at Business of Organics
Web Marketing at Business of OrganicsWeb Marketing at Business of Organics
Web Marketing at Business of Organics
Ivan Storck
 

More from Ivan Storck (9)

Testing intro
Testing introTesting intro
Testing intro
 
Bower and Ruby on Rails
Bower and Ruby on RailsBower and Ruby on Rails
Bower and Ruby on Rails
 
Render Or Redirect?
Render Or Redirect?Render Or Redirect?
Render Or Redirect?
 
Git
GitGit
Git
 
Cucumber exercise slides
Cucumber exercise slidesCucumber exercise slides
Cucumber exercise slides
 
Rails Request Response Lifecycle
Rails Request Response LifecycleRails Request Response Lifecycle
Rails Request Response Lifecycle
 
Ruby at UW C4C
Ruby at UW C4CRuby at UW C4C
Ruby at UW C4C
 
B O O 102107
B O O 102107B O O 102107
B O O 102107
 
Web Marketing at Business of Organics
Web Marketing at Business of OrganicsWeb Marketing at Business of Organics
Web Marketing at Business of Organics
 

Recently uploaded

DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
ViralQR
 

Recently uploaded (20)

DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
 

WordPress Security

  • 1. WordPress Security Four Steps to Protect Your Website
  • 2. Why Bother? • Hackers do illegal stuff with your site, and you may be liable. Phishing, Spam • Protect your hard-won SEO reputation • Protect yourself, your customers, and site visitors
  • 3. 4 Essential Steps 1. Backup 2. Protect / Tweak 3. Monitor 4. Analyze
  • 4. Backups - No excuses • Use the cPanel backup wizard weekly • Automate with DBC Backup • Backup to the cloud with WP S3 Backups • Schedule depends on amount of content
  • 5. Protect ✓ Ze’s Admin Update Notification http://wordpress.org/extend/plugins/zes-admin-update-notification/ ✓ Bulletproof Security http://wordpress.org/extend/plugins/bulletproof-security/ ✓ Hash Checker http://wordpress.org/extend/plugins/hashchecker/
  • 6. Protect ✓ TAC - Theme Authenticity Checker http://wordpress.org/extend/plugins/tac/ ✓ Limit Login Attempts http://wordpress.org/extend/plugins/login-lockdown/ ✓ Secure WordPress http://wordpress.org/extend/plugins/secure-wordpress/
  • 7. Tweak • File Permissions and location • command line: chmod 640 wp-config.php • Use cPanel File Manager • put wp-config.php one level above public_html (so it’s not publicly accessible) • Delete ‘admin’ user, use your own name • Change table prefix, something other than wp_ • Use phpMyAdmin in cPanel and this article: http://bit.ly/wp-prefix
  • 8. Monitor • You can visually inspect your page every day, but why not automate it?! • ChangeDetection.com - FREE • http://site24x7.com/monitor-webpage- defacement.html
  • 9. Analyze • Google Analyticator / Google Webmaster Tools • http://wordpress.org/extend/plugins/google-analyticator/ • Firefox User Agent Tool • https://addons.mozilla.org/en-US/firefox/addon/59/ • Safari: Develop Menu, User Agent: use one from http://www.useragentstring.com/ • Check log files for suspicious activity • cPanel - awstats
  • 10. Sustainable Websites • Take responsibility for their presence on the internet, their affect on people, and on the earth • Don’t waste energy with spam • Don’t waste people’s time with spam links • Don’t install malware on people’s computers
  • 11. SustainableWebsites.com • Secured cPanel servers • Easy backups • Automatic WordPress installation via Fantastico • Automatic notification of out-of-date scripts • Energy Efficient, Green Powered
  • 12. Credits & etc Photos used with permission by Creative Commons License: http://creativecommons.org/licenses/by/2.0/deed.en Playmobil: http://www.flickr.com/photos/nedrichards/56919158/ Wind turbines: iStockPhoto.com Thanks WordPress community! Ross Chapman, Luke Fretwell, Mani Sheriar, Maiya Holliday, more customers These slides may go out of date but the four steps have less likelihood of doing so. Even so, following these steps may not guarantee your site against hacking and there is no implied warrantee to the fitness of the information in this document for your unique setup. Stay up to date on security via more sources than just this slideshow. © Sustainable Websites LLC Creative Commons License http://SustainableWebsites.com/contact +1-888-755-8436 93 S Jackson St #58069 Seattle WA 98103

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. http://www.wptavern.com/top-5-wordpress-security-tips-you-most-likely-dont-follow\n
  8. \n
  9. Google Analytics is free and can tell you lots about what people are looking at on your site.\nGoogle Webmaster tools can alert you \n\n
  10. \n
  11. \n
  12. \n