WordPress Setup and Security - Updated
-
Upload
michael-carnell -
Category
Technology
-
view
345 -
download
1
description
Transcript of WordPress Setup and Security - Updated
WordPress Setup and Security
Michael Carnell - @carnellm http://www.DesignTechWeb.com
These slides are available at�http://www.MichaelCarnell.com/presentations�
or http://slideshare.net/carnellm
Wait! Before We Start • Your Domain Name!
• Domain Name Registrar!
• Need not be the same as your host (should not?)!
• Needs to be in YOUR name!
• Privacy? Depends on type of site and you!
• My preferred registrar these days is Hover.com!
Let’s Talk Hosting
The Not So Good " GoDaddy - common back end database that
isn’t secured well and suffers from performance overload, poor support!
" Brinkster - has been hacked numerous times!
" FreeHostia - slow, free account is very limited, always pushing the upsell!
" Doing it yourself …!
For the Good Times " DreamHost - Not always the cheapest, but
good and good support. But watch CPU usage as they will cut off processes.!
" MediaTemple - Again, not cheap, but very stable and secure. Monitors scripts.!
" BlueHost!
" HostGator!
The Basic Rules " Do your research - "
http://www.DesignTechWeb.com/hosting!
" Check their own support forums!
" Is there a free trial or money back guarantee?!
" If you are a high traffic site (really), you need a dedicated server!
" None of this really applies to WordPress.com!
The Dirty Details�for WordPress
Install Correctly " While installing (most will use OneClick) . . .!
" Consider your directory? Do you use the standard? Root?!
" Consider altering the database name if your install allows!
" Make database username and password long and cryptic. Store them away not to be used!
" Don’t user redundant info - admin name same as username, same as blog name, etc...!
Double Check the Install " File level tasks to be done via FTP . . .!
" Delete ..\wp-admin\install.php!
" In wp-config.php, add the optional security keys - "http://api.wordpress.org/secret-key/1.1/!
" Add index.php, a blank file to all plugin and theme directories if it isn’t already there!
" Check the file directory privileges (if you are comfortable)!
Post Install Setup " Create new admin user with strong password!
" Change Admin password and make a subscriber"Why not delete??!
" Make your main admin’s display name different from login name !
" Change setting to allow editing by outside packages if wanted - but know what you are doing!
" Change “permalink” structure (thank you WP 3.3!)!
" Demo Time Again....!
As You Build • Themes and Plug-ins : be safe!
• Consider the source!
• Always be suspicious!
• Again, do you research and ask around!
• Consider Search Engine Visibility (under Settings / Reading)!
• Put up a Coming Soon or Down for Maintenance screen!
• Understand your Discussion Settings!
Discussion Settings
Discussion Settings, part 2
Security Plugins You Need " Some more plugins that you should have:!
" Askimet - AntiSpam, comes with the install, you will just need key!
" Block Bad Queries - blocks code injection through queries!
" Search Meter - What are your visitors looking for, but also shows extraneous search injections!
" SecureWordPress - basically a security audit!
" AntiVirus or another such!
" Limit Login Attempts – Helps protect against dictionary attacks!
" Demo Time Again!!
Simple Backup for WP " Your content is your responsibility, not your host’s!
" Great a GMail account or use your current one with custom address such as “[email protected]”!
" Make a filter that auto files away all email coming in to that address!
" Database - WP-DB-Backup!
" Images & Themes - WordPress Backup !
" Doesn’t hurt to occasionally backup manually too!
Stay Up-To-Date " WordPress 3.5.1 is Out – 3.6 coming soon! !
" You will need to update your base software – unless your host does it for you or you are WordPress.com!
" You will also need to update both your plug-ins and themes.!" Test your plug-ins so you can rollback if they don’t
work!" Be careful of what theme updates will do to any
customizations you have made!" As always, backup first!
Michael Carnell!http://www.MichaelCarnell.com!
@carnellm on Twitter!
Slides available on"http://slideshare.net/carnellm"
and further info available on...!
Sophisticated Secure Websites!http://www.DesignTechWeb.com!
Q & A