Download - WP Adelaide - Wordpress Security (2012-03-27)

Transcript
Page 1: WP Adelaide - Wordpress Security (2012-03-27)

WORDPRESS SECURITY

Page 2: WP Adelaide - Wordpress Security (2012-03-27)

CORE AND PLUGINS

Page 3: WP Adelaide - Wordpress Security (2012-03-27)

CORE AND PLUGINS

• Always update the core (test first)

Page 4: WP Adelaide - Wordpress Security (2012-03-27)

CORE AND PLUGINS

• Always update the core (test first)

• If possible, update all plugins

Page 5: WP Adelaide - Wordpress Security (2012-03-27)

CORE AND PLUGINS

• Always update the core (test first)

• If possible, update all plugins

•Monitor website update status (wpremote.com)

Page 6: WP Adelaide - Wordpress Security (2012-03-27)

FILE PERMISSIONS

Page 7: WP Adelaide - Wordpress Security (2012-03-27)

FILE PERMISSIONS

• SSH, FTP or a Control Panel’s File Manager?

Page 8: WP Adelaide - Wordpress Security (2012-03-27)

FILE PERMISSIONS

• SSH, FTP or a Control Panel’s File Manager?

• Folders – 0755, files – 0644

Page 9: WP Adelaide - Wordpress Security (2012-03-27)

FILE PERMISSIONS

• SSH, FTP or a Control Panel’s File Manager?

• Folders – 0755, files – 0644

• Be careful with plugins setting directly permissions

Page 10: WP Adelaide - Wordpress Security (2012-03-27)

FILE PERMISSIONS

• SSH, FTP or a Control Panel’s File Manager?

• Folders – 0755, files – 0644

• Be careful with plugins setting directly permissions

• Safe WP uploads (WP Filesystem API)

Page 11: WP Adelaide - Wordpress Security (2012-03-27)

FILE PERMISSIONS

• SSH, FTP or a Control Panel’s File Manager?

• Folders – 0755, files – 0644

• Be careful with plugins setting directly permissions

• Safe WP uploads (WP Filesystem API)

Page 12: WP Adelaide - Wordpress Security (2012-03-27)

FILE PERMISSIONS

• SSH, FTP or a Control Panel’s File Manager?

• Folders – 0755, files – 0644

• Be careful with plugins setting directly permissions

• Safe WP uploads (WP Filesystem API)

Page 13: WP Adelaide - Wordpress Security (2012-03-27)

.HTACCESS

Page 14: WP Adelaide - Wordpress Security (2012-03-27)

.HTACCESS

• Perishable Press (http://perishablepress.com/5g-blacklist-2012/)

Page 15: WP Adelaide - Wordpress Security (2012-03-27)

.HTACCESS

• Perishable Press (http://perishablepress.com/5g-blacklist-2012/)

•HTML5 Boilerplate (http://html5boilerplate.com/)

Page 16: WP Adelaide - Wordpress Security (2012-03-27)

.HTACCESS

• Perishable Press (http://perishablepress.com/5g-blacklist-2012/)

•HTML5 Boilerplate (http://html5boilerplate.com/)

• Custom .htaccess (advanced)

Page 17: WP Adelaide - Wordpress Security (2012-03-27)

.HTACCESS

• Perishable Press (http://perishablepress.com/5g-blacklist-2012/)

•HTML5 Boilerplate (http://html5boilerplate.com/)

• Custom .htaccess (advanced)

• Check logs (advanced)

Page 18: WP Adelaide - Wordpress Security (2012-03-27)

HARMFUL PLUGINS

Page 19: WP Adelaide - Wordpress Security (2012-03-27)

HARMFUL PLUGINS

• Be very cautious of plugins that upload files (even images) and bypassing WP’s Filesystem API

Page 20: WP Adelaide - Wordpress Security (2012-03-27)

HARMFUL PLUGINS

• Be very cautious of plugins that upload files (even images) and bypassing WP’s Filesystem API

•One that does bypass it is Wordpress Download Monitor (by Mike Jolley)

Page 21: WP Adelaide - Wordpress Security (2012-03-27)

OTHER THINGS TO KEEP IN MIND

Page 22: WP Adelaide - Wordpress Security (2012-03-27)

OTHER THINGS TO KEEP IN MIND

• 24h monitoring site live status (http://uptimerobot.com/)

Page 23: WP Adelaide - Wordpress Security (2012-03-27)

OTHER THINGS TO KEEP IN MIND

• 24h monitoring site live status (http://uptimerobot.com/)

• Keep file and DB backups

Page 24: WP Adelaide - Wordpress Security (2012-03-27)

OTHER THINGS TO KEEP IN MIND

• 24h monitoring site live status (http://uptimerobot.com/)

• Keep file and DB backups

•Make sure your passwords to the DB and WP are safe:

Page 25: WP Adelaide - Wordpress Security (2012-03-27)

OTHER THINGS TO KEEP IN MIND

• 24h monitoring site live status (http://uptimerobot.com/)

• Keep file and DB backups

•Make sure your passwords to the DB and WP are safe:

• Capitals and lowercase letters, Numbers and Symbols

Page 26: WP Adelaide - Wordpress Security (2012-03-27)

OTHER THINGS TO KEEP IN MIND

• 24h monitoring site live status (http://uptimerobot.com/)

• Keep file and DB backups

•Make sure your passwords to the DB and WP are safe:

• Capitals and lowercase letters, Numbers and Symbols

• At least eight characters long

Page 27: WP Adelaide - Wordpress Security (2012-03-27)

OTHER THINGS TO KEEP IN MIND

• 24h monitoring site live status (http://uptimerobot.com/)

• Keep file and DB backups

•Make sure your passwords to the DB and WP are safe:

• Capitals and lowercase letters, Numbers and Symbols

• At least eight characters long

• If possible don’t use words that are found in the dictionary

Page 28: WP Adelaide - Wordpress Security (2012-03-27)

Q?