WordPress Security Basics
East Bay WordPress Meetup 6/20/10Sallie Goetsch
Wait! Isn’t WordPress Secure?
Secure Host• Dedicated Server• VPS• Reliable Shared Hosting (NOT
Network Solutions).
“A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.”
Matt Mullenweg
Basics
• Back Up!• Update WordPress• Update Plugins
Check Your File Permissions
Move wp-config.php
• Up one directory (WP will look for it there automatically)
• Best when you can move wp-config.php out of the public_html (or analagous) directory
• Don’t do this with nested WP installs!
wp-config.php: Unique Keys
Username & Password
• Never use “admin” for your admin account
• Use a strong password
Database Table Name
Change from wp_ to something-else_ (or just choose something else to start with)
Bonus: .htaccess(Only works for static IP addresses)AuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to Whitelistallow from xxx.xxx.xxx.xxx
Plugins
• AntiVirus for WP• Automatic
WordPress Backup• Secure WordPress• ServerBuddy• Theme
Authenticity Checker
• WordPress DB Backup
• WP Exploit Scanner
• WordPress File Monitor
• WordPress Firewall
• WP Security Scan
Automatic WordPress Backup
http://www.webdesigncompany.net/automatic-wordpress-backup/
Secure WordPress
http://wordpress.org/extend/plugins/secure-wordpress/
ServerBuddy
http://pluginbuddy.com/free-wordpress-plugins/serverbuddy/
Theme Authenticity Checker
http://builtbackwards.com/projects/tac/
WordPress Database Backup
http://austinmatzko.com/wordpress-plugins/wp-db-backup/
WordPress File Monitor
http://mattwalters.net/projects/wordpress-file-monitor/
WordPress Firewall
http://www.seoegghead.com/software/wordpress-firewall.seo
WordPress Firewall Notification
WordPress Security Scan
http://semperfiwebdesign.com/plugins/wp-security-scan/
http://www.meetup.com/Eastbay-WordPress-Meetup/
Top Related