WordPress Customization and Security
-
Upload
joe-casabona -
Category
Technology
-
view
1.109 -
download
2
Transcript of WordPress Customization and Security
![Page 1: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/1.jpg)
Joe Casabona
• Web Developer. Writer. Nerd*. – *Computer, Device, Star Wars
• Yankee Fan
• Responsive Design with WordPress– Out Dec 2013– www.rwdwp.com– Discount Code for 35% off: RWDWP
site: Casabona.org | twitter: @jcasabona | email: [email protected] slides/resources: casabona.org/blogcon-13
![Page 2: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/2.jpg)
Phil Erbhttp://philerb.comTwitter: @philerb
Systems Admin & ProgrammerUniversity of Scranton
Co-Founder & Director of TechnologySolve the Net
Lover of WordPress
![Page 3: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/3.jpg)
WordPress Theme Customization
![Page 4: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/4.jpg)
Themes: A Primer
• A WordPress Theme:– Provides control over the look and presentation of
the material on your website.
• The Codex!– Your best friend during development– codex.wordpress.org
![Page 5: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/5.jpg)
Important Files
Tip: Don’t Modify the Core!
![Page 6: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/6.jpg)
style.css
• Includes Theme Definition /*Theme Name: Millennium FlightsTheme URI: http://www.milenniumflights.comDescription: A custom theme for Millennium Flights, Inc.Version: 1.0Author: Joe CasabonaAuthor URI: http://www.casabona.orgTags: blue, white, two-column, flexible-width*/
• Keep Common Classes in mine (rwdwp.com/12)
• RWD Tip: Put all CSS in One File
![Page 7: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/7.jpg)
functions.php
• Place misc PHP functions, code, and variables• Considered a “plugin” file for your theme• Remember “Separation of Concerns”– Themes should only effect display, not content or
functionality • Uses: Actions, Filters, side-wide functions• RWD Tip: Use this file for server-side
detection
![Page 8: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/8.jpg)
index.php
• The backbone of WordPress themes
• Everything that doesn’t have its own template file will use index.php
• Used to display a list of posts or content.
• DO NOT remove The Loop from this page
![Page 9: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/9.jpg)
header.php and footer.php
• Template Files to use throughout the theme
• get_header() and get_footer()
• wp_head() and wp_footer()
![Page 10: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/10.jpg)
The WordPress Hierarchy
![Page 11: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/11.jpg)
wphierarchy.com
![Page 12: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/12.jpg)
Template Files
• Sophisticated Display Controls• Only required files: style.css and index.php• Custom templates down to the single post
level• Example: Custom Post Type named“classes”
single-classes.php single.php index.php
![Page 13: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/13.jpg)
Page Templates
• Naming Convention– page-no-sidebar.php
<?php/*Template Name: No Sidebar*/
?>
![Page 14: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/14.jpg)
The Loop
![Page 15: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/15.jpg)
Defined
• The Loop is used by WordPress to display each of your posts. Using the Loop, WordPress processes each of the posts to be displayed on the current page and formats them according to how they match specified criteria within the Loop tags. Any HTML or PHP code placed in the Loop will be repeated on each post
![Page 16: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/16.jpg)
Essentially…
• The Loop has functions to: – Make sure that you have posts to display– Display those posts.
<?php if (have_posts()) : ?><?php while (have_posts()) : the_post(); ?>
//print post information using template tags<?php endwhile; ?>
<?php else : ?>print “No posts found.”;
<?php endif; ?>
![Page 17: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/17.jpg)
Template Tags
• Functions in WordPress designed to print information about the Current Post
• Some tags include:– the_title(), the_time(), the_content(),
the_excerpt(), the_category(), the_tags(), the_permalink()
![Page 18: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/18.jpg)
If time permits…
Let’s Look at a Live Theme!
![Page 19: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/19.jpg)
Securing Your WordPress Site
![Page 20: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/20.jpg)
Source: Torque.io - WordPress Core is Secure – Stop Telling People Otherwise
![Page 21: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/21.jpg)
Yes … but …
The code may be secure, but there are always things to improve
![Page 22: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/22.jpg)
Backup ALL the Things
My hosting provider does that,why should I?
![Page 23: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/23.jpg)
How do I backup WordPress?
Services– ValutPress
Plugins– BackupBuddy– BackWPUp
The good old fashioned way mysqldump -udbuser mydb > db.sql zip -r backup.zip /webfolder/ db.sql
![Page 24: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/24.jpg)
Backup Best Practices
Create a backup schedule that makes sense for your site.
Get an off-site copy
Test your backups
![Page 25: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/25.jpg)
Secure the Server
To the extent that you can
![Page 26: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/26.jpg)
Use strong passwords
FTP, SSH, and control panels will get hackers access to your sites
![Page 27: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/27.jpg)
Use SFTP instead of FTP,if possible
![Page 28: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/28.jpg)
Understand file permissions
“777” makes everything work …for other people too.
![Page 29: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/29.jpg)
Install an SSL certificate
![Page 30: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/30.jpg)
Securing Core
![Page 31: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/31.jpg)
Secure the login process
Wait, my password is sent over the Internet in plain text???
![Page 32: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/32.jpg)
Don’t use “admin”
![Page 33: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/33.jpg)
Stronger Authentication
Use strong passwordsForce Strong Passwords
Limit the number of bad loginsLogin Lockdown
Use multi-factor authenticationGoogle AuthetnicatorDuo Two-Factor Authentication
![Page 34: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/34.jpg)
Always use SSL encryptionfor login forms and personal info
![Page 35: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/35.jpg)
No SSL? Passwords are Plain Text!
![Page 36: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/36.jpg)
Only give users theaccess they need
This includes YOU
Don’t always run as admin
![Page 37: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/37.jpg)
Don’t let your databasebe predictable
Change the database table prefix
![Page 38: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/38.jpg)
Plugins, Themes, and Updates
![Page 39: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/39.jpg)
Only use trusted sources
![Page 40: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/40.jpg)
DON’T Google “free WordPress themes”
Only one of these is trustworthy
Source: WPMU.org - Why You Should Never Search For Free WordPress Themes
![Page 41: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/41.jpg)
Keep core, plugins, andthemes up to date
![Page 42: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/42.jpg)
Security Services, Plugins & Tools
![Page 43: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/43.jpg)
Security Tools
Sucuri Site scanner, monitoring, and security plugin
Better WP Security
Wordfence
![Page 44: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/44.jpg)
Updates and Management
ManageWP
InfiniteWP
WP Remote
![Page 45: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/45.jpg)
Use a good hosting provider!
![Page 46: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/46.jpg)
Keep Yourself Secure Too!
![Page 47: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/47.jpg)
If your computer is hacked,your site could be next!
Install OS and application updates
Run antivirus software
Use encrypted protocols (HTTPS, SFTP)
Use strong passwords for everything
![Page 48: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/48.jpg)
Keep your ear to theWordPress community
The products and the issues are ever evolving.
![Page 49: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/49.jpg)
Where to get the news
WPSecure.net
Sucuri’s blog
WP Updates Notifier plugin
Check out more on the NEPAWPResources page
![Page 50: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/50.jpg)
Questions? Comments? Statements of Disgust?
![Page 51: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/51.jpg)
References & Links
• VaultPresshttp://vaultpress.com/
• BackupBuddyhttp://ithemes.com/purchase/backupbuddy/
• BackWPUphttp://wordpress.org/plugins/backwpup/
• Codex: Administration over SSLhttp://codex.wordpress.org/Administration_Over_SSL
![Page 52: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/52.jpg)
References & Links
• How to Change the WordPress Databasehttp://www.wpbeginner.com/wp-tutorials/how-to-change-the-wordpress-database-prefix-to-improve-security/
• Login Lockdownhttp://wordpress.org/plugins/login-lockdown/
• Force Strong Passwordshttp://wordpress.org/plugins/force-strong-passwords/
• Google Authetnicatorhttp://wordpress.org/plugins/google-authenticator/
• Duo Two-Factor Authenticationhttp://wordpress.org/plugins/duo-wordpress/
![Page 53: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/53.jpg)
References & Links
• WPMU.org: Why You Should Never Search For Free WordPress Themeshttp://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/
• Sucurihttp://www.sucuri.net/http://wordpress.org/plugins/sucuri-scanner/
• Better WP Securityhttp://wordpress.org/plugins/better-wp-security/
• Wordfencehttp://wordpress.org/plugins/wordfence/
![Page 54: WordPress Customization and Security](https://reader036.fdocuments.in/reader036/viewer/2022081513/554bcc0ab4c9058f6c8b4756/html5/thumbnails/54.jpg)
References & Links
• WPSecure.nethttp://wpsecure.net/
• WP Updates Notifierhttp://wordpress.org/plugins/wp-updates-notifier/
• Sucuri bloghttp://blog.sucuri.net/category/wordpress