WordPress Security


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

WordPress Security

  1. 1. SecurityConsiderations For W ordP ress Presented by Suzette Franck
  2. 2. When Should You Consider Security?➔ Every Step of the Process!!!➔ Buying Domain – Keys To The Kingdom➔ Hosting➔ PCI Compliance (Credit Cards)➔ Updates and Maintenance➔ Privacy Policy➔ Sharing Of Information & Credentials
  3. 3. Secure Hosting➔ Reputation: Godaddy vs. WPEngine➔ Cost: Shared Hosting, VPS, Dedicated Server, Managed Hosting➔ Support: Self-Supporting vs. Managed Hosting (Back-ups?)➔ Software: O/S, cPanel, WHM, Plesk, Apache or NginX➔ Performance: Speed, Scalability, Upgradability
  4. 4. Hosting Questions➔ Are SFTP or SSH Offered?➔ Are PHP (5.2.4+) & MySQL (5.0+) at Latest Versions?➔ Do They Have 24/7 Phone Support?➔ How Have They Handled Past Security Breaches And Down Times?➔ Is There An Uptime Guarantee?➔ Do They Do Backups? How Often?
  5. 5. Making WordPress More Secure➔ Update Core When Updates Available ASAP ➔ .1 Upgrades Are Security & Bug Fixes ➔ 1. Upgrades Are New Features➔ Carefully Update Plugins (Backup First!)➔ Use SFTP or SSH, not FTP➔ Use Strong Passwords
  6. 6. Account B P est ractices➔ Delete Default “Admin” Account➔ Unique Accounts for Each Person➔ No Sharing Of Accounts and Passwords➔ Do Not Store Your Credentials In Clear Text (No Stickies, Excel, or Notepad)➔ Principle of Least Privilege/Role Based Access Controls➔ Always Use Strong Passwords
  7. 7. WordPress Roles➔ Super Admin - Network Administration (Multi-User Sites)➔ Administrator - Access To All➔ Editor - Other Users Posts➔ Author - Own Posts Only➔ Contributor - Submit But Not Publish➔ Subscriber - Manage Their Own Profile*Members Plugin - Add and Change Roles
  8. 8. Strong Passwords➔ a=4 e=3 s=5 i=1 o=0 Is Not Secure!!!!➔ Combination of Uppercase and Lowercase Letters, Numbers & Special Characters➔ Passwords Should Be Pass Phrases (8-15 characters minimum)➔ Change Passwords Often & Never Share (like a Tooth Brush!)➔ Use A Password Manager (i.e. LastPass or KeePass)
  9. 9. P Data Security Standard CI➔ Follows Common Sense Best Security Practices➔ Handled Through The Payment Processor That Accepts Credit Cards (PayPal or 3 rd Party Shopping Cart)➔ Requires Credit Card and Client Information To Be Stored And Transmitted Securely (HTTPS/SSL)➔ Strong Secure Passwords Changed Often
  10. 10. Privacy Policy➔ If You Are Collecting Any Information on Your Website, You Should Have One➔ Type of Collected Information, Intents➔ Shows Commitment to Data Security➔ How to Contact You & Update Information➔ Third Party Apps Such as Mailchimp, Constant Contact, PayPal Have Their Own Privacy Policies
  11. 11. Ive Been Hacked!!!➔ Stay Calm, Breathe➔ Isolate the Infection – Take Site Offline➔ Change All Passwords➔ Update Clients – Phone Calls Are Best➔ Cure The Problem or Hand Off➔ Restore Service➔ Analyze Cause and Prevent Future Infections
  12. 12. Security Resourceshttp://sucuri.nethttp://codex.wordpress.org/Security_FAQhttp://codex.wordpress.org/Hardening_WordPresshttps://www.pcisecuritystandards.orghttp://en.wikipedia.org/wiki/Privacy_policyhttp://blog.shareaholic.com/2012/09/wordpress-host-guide/http://www.coppa.org/http://www.hhs.gov/hipaafaq/about/190.html
  13. 13. Questions and Answers Twitter: @suzettework suzette@kussner.com http://suzettefranck.com