staying connected: securing your wordpress website
TRANSCRIPT
![Page 1: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/1.jpg)
STAYINGCONNECTED:
Securing Your WordPress Website
![Page 2: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/2.jpg)
About Me
● Designer / Developer /Consultant at SixFour Web Design
● SixFour Web Design specializes in helping Small Businesses and Non-Profits maximize their Web Presence
● We Believe “Even Small Businesses Deserve a Nice Website”
![Page 3: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/3.jpg)
Some WordPress Background and what it means for Security
● Increasingly, WordPress powers the internet● Over 20% of all websites are WordPress based and
over 60% of websites that use a CMS use WordPress
![Page 4: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/4.jpg)
![Page 5: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/5.jpg)
![Page 6: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/6.jpg)
![Page 7: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/7.jpg)
![Page 8: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/8.jpg)
![Page 9: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/9.jpg)
![Page 10: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/10.jpg)
![Page 11: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/11.jpg)
Some WordPress Background and what it means for Security
● Increasingly, WordPress powers the internet● Over 20% of all websites are WordPress based and
over 60% of websites that use a CMS use WordPress*
● “There are no viruses for Mac's”● That's because only pretentious, hipster designers use
them (just kidding (not really))
● It's ALMOST too easy to use● One-Click-Installs, themes and plugins have
democratized the internet. Ease of Use ≠ Set and Forget
*W3techs monthly technology survey – http://w3techs.com/technologies/overview/content_management/all/
![Page 12: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/12.jpg)
Why Do They Want To Hack My Little Site?
● Most times, it's not for the content or data on your site, but what your site can do– Drive by Downloads/Malicious Downloads– Email Spam– SEO Spam– Access your server for malicious tasks (botnets)– Hactivism - your politics are not mine
![Page 13: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/13.jpg)
![Page 14: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/14.jpg)
So, How Can I Protect My Site
● Practice good hygiene● Take advantage of tools and best practices● Don't put your head in the sand. Take Action!
Do Something!
![Page 15: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/15.jpg)
The Three Steps To SecuringA WordPress Site
● Manage Site Owner Behaviors● Don't be your worst enemy. Do things that make your
site more secure
● Control User Behaviors● Don't let others intentionally or unintentionally
compromise your site
● Frustrate The Bad Guys● Frustrate, because as long as you're connected to the
internet, you can't guarantee you wont get hacked.
![Page 16: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/16.jpg)
Managing Site OwnerBehavior
● Skip the One-Click-Install● It's not hard to do it from scratch -
https://codex.wordpress.org/Installing_WordPress
● Keep WordPress Core and Plugins Updated● Use a “Safe” Theme and Plugins, from the
WordPress repository or from known vendors
![Page 17: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/17.jpg)
Managing Site OwnerBehavior
● Don't use admin or other easily guessed user names
● Make sure your own password is strong
![Page 18: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/18.jpg)
Archer – Mole Hunthttps://youtu.be/UduILWi2p6s
![Page 19: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/19.jpg)
Managing Site OwnerBehavior
● Don't use admin or other easily guessed user names
● Make sure your own password is strong● Don't underpay for hosting● Backup your website regularly- database and
content and keep copies off-site● Keep your computer's antivirus up to date
![Page 20: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/20.jpg)
Controlling User Behavior
● Require the use of strong passwords● Require complex passwords, especially if you allow
people to sign up as subscribers, contributors, or members
● Given the chance, people would use "1" as their password
● Remove unnecessary users● Do they still work here?
● Manage user roles appropriately● Do they really need Admin access?
![Page 21: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/21.jpg)
Frustrate The Bad Guys
● Limit brute force attacks● Use two factor authentication● Scan your site regularly for Malware● Use the salts● Use .htaccess to protect your site● or, Use a security plugin
![Page 22: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/22.jpg)
Security Plugins
![Page 23: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/23.jpg)
Additional Resources
● Hardening WordPress● http://codex.wordpress.org/Hardening_WordPress
● Reducing Comment Spam● https://github.com/splorp/wordpress-comment-
blacklist
![Page 24: Staying Connected: Securing Your WordPress Website](https://reader030.vdocument.in/reader030/viewer/2022032623/55d061acbb61ebbd6f8b45e7/html5/thumbnails/24.jpg)
Questions & Contact Info
@sixfourweb on Twitter
Connect with me on LinkedIn (bit.ly/raymitchell) – Let me know we met at #WCAVL
Visit sixfourweb.com and unsuckywebsite.com