wordpress security
TRANSCRIPT
Why do I need to secure my site?
• WordPress is a popular target for hackers• A hacked site is inaccessible• A hacked site redirects to malware• A hacked site is expensive and time-
consuming to clean
Securing Your Site (Beginners)
• Keep WordPress & plugins updatedCaution: Turn off all plugins before updating
WordPress• Remove inactive and outdated plugins• Activate Akismet to stop spam• Choose the right hosting provider
Securing Your Site (Beginners)
Add Security Plugins:Login Lockdown
Secure WordPress
WP-Security Scan
Ultimate Security Check
WP-File Monitor
Exploit Scanner
Maximum Security Plugin
WP-Malwatch
WordPress AntiVirus
Securing Your Site (Intermediate)
• Change the wp_ table prefixhttp://www.seoegghead.com/software/wordpress-table-rename.seo
• Disable anonymous ftp in cPanel• Change “admin” name in wp_users table using
phpMyAdmin• Move your .htaccess file to wp-admin directory• Delete the wp-admin/install.php• Delete the readme.html
Securing Your Site (Advanced)
• Disable directory views with .htaccess fileOptions –Indexes
• Verify and fix file/folder permissions• Add secret keys to wp-config.php
http://api.wordpress.org/secret-key/1.1/
Backing Up Your Site
Manual Backups
1) Download theme
2) Download plugins folder
3) Download uploads folder
4) Download wp-config.php
5) Export database sql file using phpMyAdmin
Backing Up Your Site
• Automated cPanel BackupsYourdomainname.com/cpanel
Files->Backup Wizard
• Automated Backups using PluginsoWP-DBManager (content & database)oWordpress Database Backup (database only)oAutomatic Wordpress Backup (content & database
to S3) http://aws.amazon.com/s3/
oBackupBuddy (premium plugin - content & database)
Restoring Your Site
Manual Restore1) Delete old WordPress files & directories (do not uninstall)
2) Upload new WordPress files from fresh WP zip file (do not install, just upload)
3) Upload your theme backup
4) Upload plugins folder backup
5) Upload uploads folder backup
6) Upload wp-config.php backup
7) Delete old tables in database but keep the database, then import backup sql file using phpMyAdmin
Restoring Your Site
• Automated cPanel RestorecPanelFilesBackupsRestore
• Automated Restore using PluginsoWP-DBManager (database restore)oAutomatic WordPress Backup (content & database
restore)oBackupBuddy (content & database restore)
Happy Blogging With WordPress
• Now that your site is secure and backed up, you can relax and enjoy your site.
Carole BondsAgentEvolution