Chris Burgess, profile picture
Uploaded byChris Burgess
4,612 views

WordPress Security Basics - Melbourne WordPress User Meetup

The document outlines essential WordPress security practices, emphasizing that while absolute security is unattainable, several measures can significantly reduce risks, primarily by addressing common human errors. Key recommendations include maintaining regular updates of WordPress core, themes, and plugins, implementing strong password management, utilizing backup solutions, and employing security hardening techniques. Resources for further learning and tools for enhancing WordPress security are also provided.

Embed presentation

Download to read offline
WordPress Security Basics Chris Burgess @chrisburgess
Bad News There is no such thing as absolute security. Nothing is 100% secure.
Good News There are many things we can do to drastically reduce the risks.
Context is everything…
“Most successful WordPress hack attacks are typically the result of human error, be it a configuration error or failing to maintain WordPress, such as keeping core and all plugins up to date, or installing insecure plugins etc.” - Robert Abela (@robertabela)
Source: http://www.wpwhitesecurity.com/wordpress-security/statistics-highlight-main-source-wordpress-vulnerabilities/
Overview Take Security Seriously Updates Themes and Plugins Passwords Backups and Maintenance Hardening WordPress and SSL will be covered in the following presentations
Take Security Seriously
Defense in Depth
Source: http://wptavern.com/
Keep WordPress Updated
Updates •  “Patch early and patch often” •  This is another good reason to have a testing/ staging environment
Use Reputable Plugins
Use Reputable Themes
Trust
The Weakest Link
Password Management •  LastPass, 1Password, Roboform, KeePass, Dashlane •  Secret Server, LastPass Enterprise, PassPack •  Use Two-factor authentication wherever possible
Perform Regular Backups and Maintenance
Prepare for Problems
Backup Options •  Server Level Backups – cPanel/Plesk – Replication – Snapshots •  Backup Services •  Backup Plugins •  Manual Backups •  Exports
Hardening WordPress
Hardening WordPress •  All in one plugins: Sucuri, Wordfence, iThemes Security •  Or you can take a more modular approach, but choose wisely •  Security Services •  Manual Hardening
Google Search Console (formerly Webmaster Tools)
How can I learn more?
Verizon DBIR http://news.verizonenterprise.com/2015/04/2015-data-breach-report-info/
Resources •  https://wordpress.org/about/security/ •  https://wordpress.org/news/category/ security/ •  http://codex.wordpress.org/ Hardening_WordPress •  http://codex.wordpress.org/ Brute_Force_Attacks#Protect_Your_Server
Thanks! Chris Burgess @chrisburgess

More Related Content

PDF
Identifying a Compromised WordPress Site
byChris Burgess
 
PPTX
Installing WordPress The Right Way
byChris Burgess
 
PDF
WordPress SEO Tips
byChris Burgess
 
PPTX
Managing WordPress
bySteven Watts
 
PDF
40 of the Most Popular WordPress Plugins
byChris Burgess
 
PDF
Emergency WordPress Troubleshooting
byTiffany Bridge
 
PPTX
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
byMeagan Hanes
 
PDF
8 Ways to Hack a WordPress website
bySiteGround.com
 
Identifying a Compromised WordPress Site
byChris Burgess
 
Installing WordPress The Right Way
byChris Burgess
 
WordPress SEO Tips
byChris Burgess
 
Managing WordPress
bySteven Watts
 
40 of the Most Popular WordPress Plugins
byChris Burgess
 
Emergency WordPress Troubleshooting
byTiffany Bridge
 
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
byMeagan Hanes
 
8 Ways to Hack a WordPress website
bySiteGround.com
 

What's hot

PDF
WordPress Server Security
byPeter Baylies
 
PPT
WordPress and the Enterprise
byPrasad Ajinkya
 
PDF
Securing your WordPress site in 5 easy pieces
byKevin Koehler
 
PPTX
20 tips to Improving Your WordPress Site...for Beginners
byTRB Design, Inc.
 
PPT
WebHosting Performance / WordPress - Pubcon Vegas - Hendison
bySearch Commander, Inc.
 
KEY
10 Ways to Secure WordPress
byJeremy Green
 
PDF
Word press security checklist
bySanjay Dabhoya
 
PPTX
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
byBrian Layman
 
PPT
Blog World 2010 - How to Keep Your Blog from Being Hacked
byBrian Layman
 
PPTX
Let’s write a plugin
byBrian Layman
 
PPTX
20 Tips to Improving WordPress Website - for Beginners-Aus-2017
byTRB Design, Inc.
 
PPTX
Building Secure WordPress Sites
byCatch Themes
 
PPTX
WordPress Basics
byKyrie Tompkins
 
PPTX
Managing Multisite: Lessons from a Large Network
byWilliam Earnhardt
 
PPT
WordCamp Philippines 2009: WordPress In The Wild
byrebelpixel
 
KEY
Word Camp Ph 2009 Word Press In The Wild
byrebelpixel
 
PPTX
Getting started with WordPress development
bySteve Mortiboy
 
PDF
8 Simple Ways to Hack Your Joomla
bySiteGround.com
 
PPTX
Sucuri Webinar: Beginner's Guide to CDNs
bySucuri
 
PDF
Your Site Has Been Hacked, Now What?
byMichele Butcher-Jones
 
WordPress Server Security
byPeter Baylies
 
WordPress and the Enterprise
byPrasad Ajinkya
 
Securing your WordPress site in 5 easy pieces
byKevin Koehler
 
20 tips to Improving Your WordPress Site...for Beginners
byTRB Design, Inc.
 
WebHosting Performance / WordPress - Pubcon Vegas - Hendison
bySearch Commander, Inc.
 
10 Ways to Secure WordPress
byJeremy Green
 
Word press security checklist
bySanjay Dabhoya
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
byBrian Layman
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
byBrian Layman
 
Let’s write a plugin
byBrian Layman
 
20 Tips to Improving WordPress Website - for Beginners-Aus-2017
byTRB Design, Inc.
 
Building Secure WordPress Sites
byCatch Themes
 
WordPress Basics
byKyrie Tompkins
 
Managing Multisite: Lessons from a Large Network
byWilliam Earnhardt
 
WordCamp Philippines 2009: WordPress In The Wild
byrebelpixel
 
Word Camp Ph 2009 Word Press In The Wild
byrebelpixel
 
Getting started with WordPress development
bySteve Mortiboy
 
8 Simple Ways to Hack Your Joomla
bySiteGround.com
 
Sucuri Webinar: Beginner's Guide to CDNs
bySucuri
 
Your Site Has Been Hacked, Now What?
byMichele Butcher-Jones
 

Viewers also liked

PDF
Accelerated Mobile Pages (AMP)
byChris Burgess
 
PPTX
SEO Training at Envatotalks
byChris Burgess
 
PPTX
WordPress SEO Basics - Melbourne WordPress Meetup
byChris Burgess
 
PDF
Tori Cushing - Actionable SEO Insights - SMX 2015
byVictoria Cushing
 
PDF
Head Slapping WordPress Security
byChris Burgess
 
PPTX
How to achieve mind-blowing Content Marketing ROI
byJeremy Cabral
 
PDF
Paid Traffic with WordPress PPC Hacks - by Peter Mead for BigDigital 2016
byPeter Mead
 
PDF
Mobile Visibility to the Max - 2016 Edition #BigDigitalADL
byAleyda Solís
 
PDF
Harnessing The Power Of Archetypes For Your Digital Marketing
byGianluca Fiorelli
 
PDF
Writing the Right Content at #SMS2016
byAleyda Solís
 
PDF
Negotiating crawl budget with googlebots
byDawn Anderson MSc DigM
 
PDF
Keeping Things Lean & Mean: Crawl Optimisation - Search Marketing Summit AU
byJason Mun
 
PDF
Build on Chassis: Introduction to a Solid Development Workflow
byJapheth Thomson
 
PDF
Web Performance Optimisation
byChris Burgess
 
PDF
Final cbd slides
byJennifer Jeavons
 
PDF
WordPress Menus - Melbourne User Meetup
byChris Burgess
 
PDF
Contributing to WordPress: Why it's Important to Your Business
byKel
 
PDF
Recurring Revenue Roadmap Keynote
byTroy Dean
 
PDF
WordPress, Domain Names and Web Hosting Basics
byChris Burgess
 
PDF
Instagram for tour operators
byIn Marketing We Trust
 
Accelerated Mobile Pages (AMP)
byChris Burgess
 
SEO Training at Envatotalks
byChris Burgess
 
WordPress SEO Basics - Melbourne WordPress Meetup
byChris Burgess
 
Tori Cushing - Actionable SEO Insights - SMX 2015
byVictoria Cushing
 
Head Slapping WordPress Security
byChris Burgess
 
How to achieve mind-blowing Content Marketing ROI
byJeremy Cabral
 
Paid Traffic with WordPress PPC Hacks - by Peter Mead for BigDigital 2016
byPeter Mead
 
Mobile Visibility to the Max - 2016 Edition #BigDigitalADL
byAleyda Solís
 
Harnessing The Power Of Archetypes For Your Digital Marketing
byGianluca Fiorelli
 
Writing the Right Content at #SMS2016
byAleyda Solís
 
Negotiating crawl budget with googlebots
byDawn Anderson MSc DigM
 
Keeping Things Lean & Mean: Crawl Optimisation - Search Marketing Summit AU
byJason Mun
 
Build on Chassis: Introduction to a Solid Development Workflow
byJapheth Thomson
 
Web Performance Optimisation
byChris Burgess
 
Final cbd slides
byJennifer Jeavons
 
WordPress Menus - Melbourne User Meetup
byChris Burgess
 
Contributing to WordPress: Why it's Important to Your Business
byKel
 
Recurring Revenue Roadmap Keynote
byTroy Dean
 
WordPress, Domain Names and Web Hosting Basics
byChris Burgess
 
Instagram for tour operators
byIn Marketing We Trust
 

Similar to WordPress Security Basics - Melbourne WordPress User Meetup

PDF
WordCamp Finland 2015 - WordPress Security
byTiia Rantanen
 
PDF
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
byStuartJDavidson.com
 
PPTX
Understanding word press security wwc-4-7-17
byNicholas Batik
 
PDF
WordPress Hardening: Strategies to Secure & Protect Your Website
byReliqusConsulting
 
PDF
A Guide To Secure WordPress Website – A Complete Guide.pdf
byHost It Smart
 
PDF
Word press beirut 9th meetup march
byFadi Nicolas Zahhar
 
PPTX
WordPress Security
byNathan Platt
 
PPT
Secure All The Things!
byDougal Campbell
 
PPTX
WordPress Security - What to do, What NOT to do
byWordPress Trivandrum
 
PPTX
Securing your WordPress website - New Port Richey WP Meetup
byOyster Bay Marauders LLC
 
PPTX
How To Lock Down And Secure Your Wordpress
byChelsea O'Brien
 
PDF
WordPress Security 101 - WordCamp Nairobi 2019
bystk_jj
 
PPTX
Professional WordPress Security: Beyond Security Plugins
byChris Burgess
 
PDF
WordPress Security Essentials
byAngela Bowman
 
PPTX
WordPress.org & Optimizing Security for your WordPress sites
byGovLoop
 
PPTX
Making & Keeping WordPress Secure
byChad Warner
 
PDF
WordPress Security - 12 WordPress Security Fundamentals
byfindingsimple
 
PDF
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
byAcodez IT Solutions
 
PDF
Beginning WordPress Security WordCamp North Canton 2015
byMichele Butcher-Jones
 
PDF
WordPress Security Presentation
byAndrew Paton
 
WordCamp Finland 2015 - WordPress Security
byTiia Rantanen
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
byStuartJDavidson.com
 
Understanding word press security wwc-4-7-17
byNicholas Batik
 
WordPress Hardening: Strategies to Secure & Protect Your Website
byReliqusConsulting
 
A Guide To Secure WordPress Website – A Complete Guide.pdf
byHost It Smart
 
Word press beirut 9th meetup march
byFadi Nicolas Zahhar
 
WordPress Security
byNathan Platt
 
Secure All The Things!
byDougal Campbell
 
WordPress Security - What to do, What NOT to do
byWordPress Trivandrum
 
Securing your WordPress website - New Port Richey WP Meetup
byOyster Bay Marauders LLC
 
How To Lock Down And Secure Your Wordpress
byChelsea O'Brien
 
WordPress Security 101 - WordCamp Nairobi 2019
bystk_jj
 
Professional WordPress Security: Beyond Security Plugins
byChris Burgess
 
WordPress Security Essentials
byAngela Bowman
 
WordPress.org & Optimizing Security for your WordPress sites
byGovLoop
 
Making & Keeping WordPress Secure
byChad Warner
 
WordPress Security - 12 WordPress Security Fundamentals
byfindingsimple
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
byAcodez IT Solutions
 
Beginning WordPress Security WordCamp North Canton 2015
byMichele Butcher-Jones
 
WordPress Security Presentation
byAndrew Paton
 

More from Chris Burgess

PPTX
Getting Started with Google Data Studio
byChris Burgess
 
PPTX
WordPress Hosting Basics
byChris Burgess
 
PDF
Improving the WordPress Ecosystem with Tide
byChris Burgess
 
PPTX
Deep Dive Into Yoast SEO 7
byChris Burgess
 
PPTX
Bootstrapping eCommerce with WordPress and WooCommerce
byChris Burgess
 
PDF
WordPress and SSL
byChris Burgess
 
PDF
Choosing the Right WordPress Theme
byChris Burgess
 
PDF
SEO Basics for Bloggers
byChris Burgess
 
PDF
WordPress Themes Demystified
byChris Burgess
 
PDF
Introduction to SEO and SEO for WordPress
byChris Burgess
 
Getting Started with Google Data Studio
byChris Burgess
 
WordPress Hosting Basics
byChris Burgess
 
Improving the WordPress Ecosystem with Tide
byChris Burgess
 
Deep Dive Into Yoast SEO 7
byChris Burgess
 
Bootstrapping eCommerce with WordPress and WooCommerce
byChris Burgess
 
WordPress and SSL
byChris Burgess
 
Choosing the Right WordPress Theme
byChris Burgess
 
SEO Basics for Bloggers
byChris Burgess
 
WordPress Themes Demystified
byChris Burgess
 
Introduction to SEO and SEO for WordPress
byChris Burgess
 

Recently uploaded

PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
final.pdf
byomarbishtawi04
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
final.pdf
byomarbishtawi04
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Workflow and decision Automation with Flowable
bychakib ch
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
apidays New York 2025 | AI in Application Security
byapidays
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 

WordPress Security Basics - Melbourne WordPress User Meetup