do less work by securing your wordpress site from hackers
DESCRIPTION
Save yourself from future headaches by making sure the sites you create are secure. This guideline was created to following the Pareto principle! I started by looking for the 20 percent of efforts that would account for 80 percent of the results! Its so simple that it seems a bit more like 1% effort for 95% results! You will learn the basics of securing your site in this presentation!TRANSCRIPT
![Page 1: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/1.jpg)
Do Less Work
By Securing Your WordPress Site From Hackers
Thomas Howard
![Page 2: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/2.jpg)
Wordpress Statistics• 60+ Million Wordpress
Sites• 22% of top 10 million
websites powered by WP• 73% of the 40,000 top
WP sites running vulnerable version
• Basic Vulnerabilities found in 50 Top WP Plugins
22%
78%
Top 10 Million Sites
WordpressNot-Word-press
![Page 3: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/3.jpg)
The 80/20 Rule of WP Security
• Pareto Principle - Roughly 80% of the effects come from 20% of the causes
• How can we prevent the most amount of attacks with the least amount of work?
![Page 4: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/4.jpg)
WordPress Attack Vectors
41%
29%
22%
8%
Attack Vectors
HostingThemePluginPassword
• 41% were hacked through a security vulnerability on their hosting platform
• 29% were hacked via a security issue in the WordPress theme they were using
• 22% were hacked via a security issue in the WordPress plugins they were using
• 8% were hacked because they had a weak password
![Page 5: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/5.jpg)
Hosting
• Use a trusted host!• Laughing Squid or A
Small Orange for cheap shared hosting
• Get off shared hosting!• Better yet, use
WP Engine and skip the rest of these slides!
![Page 6: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/6.jpg)
Themes
• DON’T use free themes!• Use a trusted source for
themes:– Wordpress.org– Themeforest– WooThemes
• Use a secure theme framework:– Genesis– Thesis
10%
10%
80%
Free Themes on Google
Safe
Questionable
Infected
![Page 7: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/7.jpg)
Secure the WP Installation
• Easiest Way – Use a Security Plugin– iThemes Security
(formally Better WP Security
– Wordfence• Examples using iThemes
Security
![Page 8: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/8.jpg)
Secure DatabaseDon’t use standard wp_ table prefix
![Page 9: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/9.jpg)
Force Secure Passwords
![Page 10: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/10.jpg)
Limit Login Attempts
![Page 11: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/11.jpg)
Change Admin Username & User ID=1
![Page 12: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/12.jpg)
Other Useful (and easy) Tweaks• Enable HackRepair.com's blacklist
feature• Enable 404 detection• Protect System Files• Disable Directory Browsing• Filter Request Methods• Filter Suspicious Query Strings in
the URL• Filter Non-English Characters
(only for English only sites)• Filter Long URL Strings• Remove File Writing Permissions• Disable PHP in Uploads
• Remove WordPress Generator Meta Tag
• Remove the Windows Live Writer header.
• Remove the RSD (Really Simple Discovery) header.
• Reduce Comment Spam (also you should be using Akismet or Disable Comments)
• Display Random Version• Disable XMLRPC (unless use
trackbacks or Jetpack)• Disables a user's author page if
their post count is 0.
![Page 13: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/13.jpg)
Backups!
• Setup automatic backups!
• iThemes Security allows you to schedule backups to be stored on the server and emailed
• Backup Buddy is awesome
• So is ManageWP
![Page 14: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/14.jpg)
Updates!
• Good news! The latest WP automatically updates for security patches!
• Make modifications safely, use child themes.
• Test new updates on development site.
![Page 15: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/15.jpg)
Summary
1. Hosting2. Themes3. Plugins4. Core5. Backup6. Update
![Page 16: Do less work by securing your WordPress site from hackers](https://reader034.vdocument.in/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/16.jpg)
Questions?
Learn more atMakeWP.com/wp-security-talk