Download - Word press security basics

Transcript
Page 1: Word press security basics

WordPress Security Basics

East Bay WordPress Meetup 6/20/10Sallie Goetsch

Page 2: Word press security basics

Wait! Isn’t WordPress Secure?

Page 3: Word press security basics

Secure Host• Dedicated Server• VPS• Reliable Shared Hosting (NOT

Network Solutions).

“A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.”

Matt Mullenweg

Page 4: Word press security basics

Basics

• Back Up!• Update WordPress• Update Plugins

Page 5: Word press security basics

Check Your File Permissions

Page 6: Word press security basics

Move wp-config.php

• Up one directory (WP will look for it there automatically)

• Best when you can move wp-config.php out of the public_html (or analagous) directory

• Don’t do this with nested WP installs!

Page 7: Word press security basics

wp-config.php: Unique Keys

Page 8: Word press security basics

Username & Password

• Never use “admin” for your admin account

• Use a strong password

Page 9: Word press security basics

Database Table Name

Change from wp_ to something-else_ (or just choose something else to start with)

Page 10: Word press security basics

Bonus: .htaccess(Only works for static IP addresses)AuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to Whitelistallow from xxx.xxx.xxx.xxx

Page 11: Word press security basics

Plugins

• AntiVirus for WP• Automatic

WordPress Backup• Secure WordPress• ServerBuddy• Theme

Authenticity Checker

• WordPress DB Backup

• WP Exploit Scanner

• WordPress File Monitor

• WordPress Firewall

• WP Security Scan

Page 12: Word press security basics

AntiVirus

http://wpantivirus.com/

Page 13: Word press security basics

Automatic WordPress Backup

http://www.webdesigncompany.net/automatic-wordpress-backup/

Page 14: Word press security basics

Secure WordPress

http://wordpress.org/extend/plugins/secure-wordpress/

Page 15: Word press security basics

ServerBuddy

http://pluginbuddy.com/free-wordpress-plugins/serverbuddy/

Page 16: Word press security basics

Theme Authenticity Checker

http://builtbackwards.com/projects/tac/

Page 17: Word press security basics

WordPress Database Backup

http://austinmatzko.com/wordpress-plugins/wp-db-backup/

Page 18: Word press security basics

WordPress Exploit Scanner

http://ocaoimh.ie/exploit-scanner/

Page 19: Word press security basics

WordPress File Monitor

http://mattwalters.net/projects/wordpress-file-monitor/

Page 20: Word press security basics

WordPress Firewall

http://www.seoegghead.com/software/wordpress-firewall.seo

Page 21: Word press security basics

WordPress Firewall Notification

Page 22: Word press security basics

WordPress Security Scan

http://semperfiwebdesign.com/plugins/wp-security-scan/