Download - WordPress Security
![Page 1: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/1.jpg)
![Page 2: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/2.jpg)
Do you use the same password on
multiple sites?
![Page 3: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/3.jpg)
If you don’t follow password best practices, your hacked
WordPress account could lead to other compromised accounts
![Page 4: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/4.jpg)
What’s at risk?
• Redirect visitors to a completely different website
• Compromise shared hosting server and infect other sites
• Phish for sensitive info• Hijack links• Blacklisted by Google and other search engines• And more…
![Page 5: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/5.jpg)
![Page 6: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/6.jpg)
Things you can do
• Keep your core, themes & plugins updated• Remove unused themes & plugins from
server• Remove the WP version number• Select a good username• Never write as an Administrator• Create & use a strong password• Secure WordPress further
![Page 7: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/7.jpg)
Keep up-to-date
• The majority of hacked WordPress sites are not updated!
• Before ever making updates, ensure you backup your database AND content
• Use a plugin like Backup Buddy to automate the task or other free options
• Update WordPress, themes & plugins
![Page 8: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/8.jpg)
Clean up your house
• Remove unused themes (twentyten, etc)
• Remove inactive plugins from WordPress and the server
• Don’t keep .sql files (or other backups) stored on your server
![Page 9: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/9.jpg)
Remove the WP version number
http://www.wpbeginner.com/wp-tutorials/the-right-way-to-remove-wordpress-version-number/
![Page 10: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/10.jpg)
Select a good username
• Never use ‘admin’ or ‘administrator’ as your username
• Never use the sitename as your username
• If you have one of these, get rid of it…now
• Your personal name is OK, but your password needs to be strong
![Page 11: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/11.jpg)
Never write as an Admin user
• In no time at all a username can be determined
• If a post is written as an admin, half the job is already done
![Page 12: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/12.jpg)
Create & use a strong password
• Your birthdate, wedding anniversary, or dates of birth of your children or spounse
• Your name, username, company name, names of your children
• Your SIN number
• Only numbers or letters
• A short, easy to remember password
• The word ‘password’• No words found in a
dictionary*
When creating a password, do NOT use:
![Page 13: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/13.jpg)
Create & use a strong password
• At least 10 characters• A mix of numbers, upper and lower case letters
and special characters• A password you have never used before• Consider ‘salting’ your password• Have a system or mnemonic
When creating a password, do use:
![Page 14: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/14.jpg)
Create & use a strong passwordConsider a multi-word combo password
Credit: http://xkcd.com/936/
![Page 15: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/15.jpg)
Create & use a strong password
• More likely to be remembered
• Words must be random
• Words must not relate
• Upper & lower cases still matter
• Add a number or two
• Special character as well
Consider a multi-word combo password
![Page 16: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/16.jpg)
Create & use a strong password
DO NOT store your password in an obvious place!
• NOT on a sticky note on your monitor
• NOT in your daily planner
Use a Password Keeper
• LastPass.com
• AgileBits.com/OnePassword
![Page 17: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/17.jpg)
Create & use a strong password
Don’t panic, password recovery is built in!
![Page 18: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/18.jpg)
Create & use a strong password
Password Generator
• www.StrongPasswordGenerator.com
• www.random.org/passwords/
Test your password
• www.PasswordMeter.com
• www.grc.com/haystack.htm
![Page 19: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/19.jpg)
Secure WordPress further
Four free plugins you can use to secure WP• Limit login attempts• Better WP security• Wordfence• WP-Security scan
All are located in the WordPress plugin repository
![Page 20: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/20.jpg)
Resources
Sucuri.net
• $89.99/year
• Malware cleanup, monitoring and more
Duo Security
• Free*
• Add two-factor sign in for your installation
![Page 21: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/21.jpg)
Next steps?
• Implement this stuff!!
• Start with the basics– A strong password– A good username– Writing with an editor username
![Page 22: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/22.jpg)
WordCamp Calgary 2013• Tickets on sale April 24
• $40 for two-day conference
• http://2013.calgary.wordcamp.org
![Page 23: WordPress Security](https://reader035.vdocument.in/reader035/viewer/2022062704/5562ec93d8b42ad26c8b514e/html5/thumbnails/23.jpg)