Word press security basics

of 23/23
WordPress Security Basics East Bay WordPress Meetup 6/20/10 Sallie Goetsch
  • date post

    29-Jan-2015
  • Category

    Technology

  • view

    106
  • download

    0

Embed Size (px)

description

June

Transcript of Word press security basics

  • 1. WordPress Security Basics
    East Bay WordPress Meetup 6/20/10
    Sallie Goetsch

2. Wait! Isnt WordPress Secure?
3. Secure Host
Dedicated Server
VPS
Reliable Shared Hosting (NOT Network Solutions).
A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.
Matt Mullenweg
4. Basics
Back Up!
Update WordPress
Update Plugins
5. Check Your File Permissions
6. Move wp-config.php
Up one directory (WP will look for it there automatically)
Best when you can move wp-config.php out of the public_html (or analagous) directory
Dont do this with nested WP installs!
7. wp-config.php: Unique Keys
8. Username & Password
Never use admin for your admin account
Use a strong password
9. Database Table Name
Change from wp_ to something-else_ (or just choose something else to start with)
10. Bonus: .htaccess
(Only works for static IP addresses)
AuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to Whitelistallow from xxx.xxx.xxx.xxx
11. Plugins
AntiVirus for WP
Automatic WordPress Backup
Secure WordPress
ServerBuddy
ThemeAuthenticity Checker
WordPress DB Backup
WP Exploit Scanner
WordPress File Monitor
WordPress Firewall
WP Security Scan
12. AntiVirus
http://wpantivirus.com/
13. Automatic WordPress Backup
http://www.webdesigncompany.net/automatic-wordpress-backup/
14. Secure WordPress
http://wordpress.org/extend/plugins/secure-wordpress/
15. ServerBuddy
http://pluginbuddy.com/free-wordpress-plugins/serverbuddy/
16. Theme Authenticity Checker
http://builtbackwards.com/projects/tac/
17. WordPress Database Backup
http://austinmatzko.com/wordpress-plugins/wp-db-backup/
18. WordPress Exploit Scanner
http://ocaoimh.ie/exploit-scanner/
19. WordPress File Monitor
http://mattwalters.net/projects/wordpress-file-monitor/
20. WordPress Firewall
http://www.seoegghead.com/software/wordpress-firewall.seo
21. WordPress Firewall Notification
22. WordPress Security Scan
http://semperfiwebdesign.com/plugins/wp-security-scan/
23. http://www.meetup.com/Eastbay-WordPress-Meetup/