blogVAULT

http://blogvault.net

WordPress SecurityAKSHAT CHOUDHARY

FOUNDER, BLOGVAULT

Why?SITES GET HACKED!

Why will some one hack a Site?FUN AND PROFIT

Fun: Because they can

Profit: To make money

SEOAffiliate ScamRedirect to a different sitePolitical defacementUse host for hacks

How?

VULNERABILITIES!

Where?WORDPRESS CORE

PLUGINS

THEMES

How do I know if I have been hacked?

Browser warning

Google Search Warning

Sucuri SiteCheck - Free Tool

Inspect FileshtaccessJavascript FilesUnknown PHP filesExisting PHP files

What to do when my site gets hacked?

Recover from Backup

MOST RELIABLE METHOD

Use Sucuri

NOT FOOLPROOF, COSTS MONEY

Talk to an expert

DIFFICULT JOB. DON'T TAKE LIGHTLY.

Change Password

Change Authentication keys

REMOVES EXISTING SESSIONS.

Prevention is better than Cure

Update Wordpress / Plugins / Themes

Change Database Prefix

PREVENT SQL INJECTION ATTACKS

Disable File Editor

DEFINE('DISALLOW_FILE_EDIT', TRUE);

Make Folders / Files Readonly

Prevent File Execution

ADDHANDLER CGI-SCRIPT .PHP .PL .PY .JSP .ASP .HTM .SHTML .SH .CGI

Use SSL / Google Authenticator

Set Authentication Keys

define('AUTH_KEY', 'put your unique phrase here');define('SECURE_AUTH_KEY', 'put your unique phrase here');define('LOGGED_IN_KEY', 'put your unique phrase here');define('NONCE_KEY', 'put your unique phrase here');define('AUTH_SALT', 'put your unique phrase here');define('SECURE_AUTH_SALT', 'put your unique phrase here');define('LOGGED_IN_SALT', 'put your unique phrase here');define('NONCE_SALT', 'put your unique phrase here');

Security by ObscurityREMOVE ADMIN USER / HIDE WORDPRESS VERSION / ...

Automatic BackupsE.G. USE BLOGVAULT

What makes a good backup solution?

Complete - Database + FilesOffsite - Local backup is as good as noneRegular BackupHistory of backupTest the RestoreSecure Backup

blogVAULT

Thank you

http://blogvault.net

We are Hiring!