Word press security basics

WordPress Security Basics

East Bay WordPress Meetup 6/20/10Sallie Goetsch

Wait! Isn’t WordPress Secure?

Secure Host• Dedicated Server• VPS• Reliable Shared Hosting (NOT

Network Solutions).

“A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.”

Matt Mullenweg

Basics

• Back Up!• Update WordPress• Update Plugins

Check Your File Permissions

Move wp-config.php

• Up one directory (WP will look for it there automatically)

• Best when you can move wp-config.php out of the public_html (or analagous) directory

• Don’t do this with nested WP installs!

wp-config.php: Unique Keys

Username & Password

• Never use “admin” for your admin account

• Use a strong password

Database Table Name

Change from wp_ to something-else_ (or just choose something else to start with)

Bonus: .htaccess(Only works for static IP addresses)AuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to Whitelistallow from xxx.xxx.xxx.xxx

Plugins

• AntiVirus for WP• Automatic

WordPress Backup• Secure WordPress• ServerBuddy• Theme

Authenticity Checker

• WordPress DB Backup

• WP Exploit Scanner

• WordPress File Monitor

• WordPress Firewall

• WP Security Scan

AntiVirus

http://wpantivirus.com/

Automatic WordPress Backup

http://www.webdesigncompany.net/automatic-wordpress-backup/

Secure WordPress

http://wordpress.org/extend/plugins/secure-wordpress/

ServerBuddy

http://pluginbuddy.com/free-wordpress-plugins/serverbuddy/

Theme Authenticity Checker

http://builtbackwards.com/projects/tac/

WordPress Database Backup

http://austinmatzko.com/wordpress-plugins/wp-db-backup/

WordPress Exploit Scanner

http://ocaoimh.ie/exploit-scanner/

WordPress File Monitor

http://mattwalters.net/projects/wordpress-file-monitor/

WordPress Firewall

http://www.seoegghead.com/software/wordpress-firewall.seo

WordPress Firewall Notification

WordPress Security Scan

http://semperfiwebdesign.com/plugins/wp-security-scan/

http://www.meetup.com/Eastbay-WordPress-Meetup/

Word press security basics

Technology

Transcript of Word press security basics

Teaching Word Press

Guia word press

Basics of Word Processing

Basics of Microsoft Word

Word Lesson 1 Microsoft Word Basics

Word Press

WORD BASICS &

Word 2010 Basics

Pasewark & Pasewark Microsoft Office Word: Basics 1 INTRODUCTION Lesson 1 – Microsoft Word Word Basics.

Word press training

Mac Word Basics

Word tutorial - Word basics

Word Lesson 1: Word Basics

Word Press Basics

Pasewark & Pasewark Microsoft Office 2003 BASICS 1 MICROSOFT WORD Lesson 1 — Word Basics.

· b. ICDL Application Basics: Basics of Word Processing, Spreadsheet, Presentation Word Processing Basics utJunu Spreadsheet—Basics L61iu Presentation Basics

MS Word Basics Training

Word press templates

Unit 3: Microsoft Word and Basics of Word processing · Microsoft Word and Basics of Word Processing 53 Unit 3: Microsoft Word and Basics of Word processing Introduction A word processor

Extending word press