WordPress Security
-
Upload
wordpressbackup -
Category
Services
-
view
56 -
download
1
description
Transcript of WordPress Security
blogVAULT
http://blogvault.net
WordPress SecurityAKSHAT CHOUDHARY
FOUNDER, BLOGVAULT
Why?SITES GET HACKED!
Why will some one hack a Site?FUN AND PROFIT
Fun: Because they can
Profit: To make money
SEOAffiliate ScamRedirect to a different sitePolitical defacementUse host for hacks
How?
VULNERABILITIES!
Where?WORDPRESS CORE
PLUGINS
THEMES
How do I know if I have been hacked?
Browser warning
Google Search Warning
Sucuri SiteCheck - Free Tool
Inspect FileshtaccessJavascript FilesUnknown PHP filesExisting PHP files
What to do when my site gets hacked?
Recover from Backup
MOST RELIABLE METHOD
Use Sucuri
NOT FOOLPROOF, COSTS MONEY
Talk to an expert
DIFFICULT JOB. DON'T TAKE LIGHTLY.
Change Password
Change Authentication keys
REMOVES EXISTING SESSIONS.
Prevention is better than Cure
Update Wordpress / Plugins / Themes
Change Database Prefix
PREVENT SQL INJECTION ATTACKS
Disable File Editor
DEFINE('DISALLOW_FILE_EDIT', TRUE);
Make Folders / Files Readonly
Prevent File Execution
ADDHANDLER CGI-SCRIPT .PHP .PL .PY .JSP .ASP .HTM .SHTML .SH .CGI
Use SSL / Google Authenticator
Set Authentication Keys
define('AUTH_KEY', 'put your unique phrase here');define('SECURE_AUTH_KEY', 'put your unique phrase here');define('LOGGED_IN_KEY', 'put your unique phrase here');define('NONCE_KEY', 'put your unique phrase here');define('AUTH_SALT', 'put your unique phrase here');define('SECURE_AUTH_SALT', 'put your unique phrase here');define('LOGGED_IN_SALT', 'put your unique phrase here');define('NONCE_SALT', 'put your unique phrase here');
Security by ObscurityREMOVE ADMIN USER / HIDE WORDPRESS VERSION / ...
Automatic BackupsE.G. USE BLOGVAULT
What makes a good backup solution?
Complete - Database + FilesOffsite - Local backup is as good as noneRegular BackupHistory of backupTest the RestoreSecure Backup
blogVAULT
Thank you
http://blogvault.net
We are Hiring!