WP Adelaide - Wordpress Security (2012-03-27)
28
WORDPRESS SECURITY
-
Upload
avioli -
Category
Technology
-
view
358 -
download
2
description
A brief talk about WP security, presented by me (Evo). Likely topics include Preventing most of the hacking attempts, htaccess, File and Directories permissions, remotely monitoring WP installations and some harmfull plugins.
Transcript of WP Adelaide - Wordpress Security (2012-03-27)
WORDPRESS SECURITY
CORE AND PLUGINS
CORE AND PLUGINS
• Always update the core (test first)
CORE AND PLUGINS
• Always update the core (test first)
• If possible, update all plugins
CORE AND PLUGINS
• Always update the core (test first)
• If possible, update all plugins
•Monitor website update status (wpremote.com)
FILE PERMISSIONS
FILE PERMISSIONS
• SSH, FTP or a Control Panel’s File Manager?
FILE PERMISSIONS
• SSH, FTP or a Control Panel’s File Manager?
• Folders – 0755, files – 0644
FILE PERMISSIONS
• SSH, FTP or a Control Panel’s File Manager?
• Folders – 0755, files – 0644
• Be careful with plugins setting directly permissions
FILE PERMISSIONS
• SSH, FTP or a Control Panel’s File Manager?
• Folders – 0755, files – 0644
• Be careful with plugins setting directly permissions
• Safe WP uploads (WP Filesystem API)
FILE PERMISSIONS
• SSH, FTP or a Control Panel’s File Manager?
• Folders – 0755, files – 0644
• Be careful with plugins setting directly permissions
• Safe WP uploads (WP Filesystem API)
FILE PERMISSIONS
• SSH, FTP or a Control Panel’s File Manager?
• Folders – 0755, files – 0644
• Be careful with plugins setting directly permissions
• Safe WP uploads (WP Filesystem API)
.HTACCESS
.HTACCESS
• Perishable Press (http://perishablepress.com/5g-blacklist-2012/)
.HTACCESS
• Perishable Press (http://perishablepress.com/5g-blacklist-2012/)
•HTML5 Boilerplate (http://html5boilerplate.com/)
.HTACCESS
• Perishable Press (http://perishablepress.com/5g-blacklist-2012/)
•HTML5 Boilerplate (http://html5boilerplate.com/)
• Custom .htaccess (advanced)
.HTACCESS
• Perishable Press (http://perishablepress.com/5g-blacklist-2012/)
•HTML5 Boilerplate (http://html5boilerplate.com/)
• Custom .htaccess (advanced)
• Check logs (advanced)
HARMFUL PLUGINS
HARMFUL PLUGINS
• Be very cautious of plugins that upload files (even images) and bypassing WP’s Filesystem API
HARMFUL PLUGINS
• Be very cautious of plugins that upload files (even images) and bypassing WP’s Filesystem API
•One that does bypass it is Wordpress Download Monitor (by Mike Jolley)
OTHER THINGS TO KEEP IN MIND
OTHER THINGS TO KEEP IN MIND
• 24h monitoring site live status (http://uptimerobot.com/)
OTHER THINGS TO KEEP IN MIND
• 24h monitoring site live status (http://uptimerobot.com/)
• Keep file and DB backups
OTHER THINGS TO KEEP IN MIND
• 24h monitoring site live status (http://uptimerobot.com/)
• Keep file and DB backups
•Make sure your passwords to the DB and WP are safe:
OTHER THINGS TO KEEP IN MIND
• 24h monitoring site live status (http://uptimerobot.com/)
• Keep file and DB backups
•Make sure your passwords to the DB and WP are safe:
• Capitals and lowercase letters, Numbers and Symbols
OTHER THINGS TO KEEP IN MIND
• 24h monitoring site live status (http://uptimerobot.com/)
• Keep file and DB backups
•Make sure your passwords to the DB and WP are safe:
• Capitals and lowercase letters, Numbers and Symbols
• At least eight characters long
OTHER THINGS TO KEEP IN MIND
• 24h monitoring site live status (http://uptimerobot.com/)
• Keep file and DB backups
•Make sure your passwords to the DB and WP are safe:
• Capitals and lowercase letters, Numbers and Symbols
• At least eight characters long
• If possible don’t use words that are found in the dictionary
Q?
