Your online business is important. Learn the basic of securing your WordPress website and use the tips and tricks from this presentation.
Part of the WP Meetup Presentation 10/10/2012
2. Your Online Business Is Important
Just like any “Bricks
and Mortar”
store.......
Keep your online
business locked up
at night!
Amelia Smith - @MissAmeliaSmith #wpmelb
3. There is no magic silver bullet
Set up a good
maintenance
routine……
People will return if
you provide a safe
environment
Amelia Smith - @MissAmeliaSmith #wpmelb
4. Three Familiar Comments
“I’m just starting out”
“I don’t get much traffic
yet”
“My content isn’t worth
stealing”
Amelia Smith - @MissAmeliaSmith #wpmelb
5. “I’m Just Starting Out”
Hackers don’t give you a
grace period!
Easy WP Guide
http://thstuts.com/Olmjwy
Amelia Smith - @MissAmeliaSmith #wpmelb
6. “I’m Just Starting Out”
Are you learning
BAD PRACTICES?
Amelia Smith - @MissAmeliaSmith #wpmelb
7. “I Don’t Get Much Traffic”
Opportunistic Attacks...
when a hacker takes a
bet on causing trouble
without knowing the
outcome.
Amelia Smith - @MissAmeliaSmith #wpmelb
8. “I Don’t Get Much Traffic”
It’s automatic,
It’s systomatic,
It’s
hyyyyyyydromatic…
Amelia Smith - @MissAmeliaSmith #wpmelb
9. “I Have Nothing Worth Stealing.”
Don’t take it
personally…
…it’s all about the
MONIES!
Amelia Smith - @MissAmeliaSmith #wpmelb
10. “I Have Nothing Worth Pinching”
What happens in
Vegas….
….actually gets
redirected from your site!
Amelia Smith - @MissAmeliaSmith #wpmelb
11. Put yourself into the visitors shoes.
This is
“The Situation”
Amelia Smith - @MissAmeliaSmith #wpmelb
12. What would you think??
Amelia Smith - @MissAmeliaSmith #wpmelb
13. Local Environment
Keep your local
environment updated
and connect securely…
http://thstuts.com/Trnc93
Amelia Smith - @MissAmeliaSmith #wpmelb
14. WordPress Installation
Change the
prepopulated WordPress
defaults when
installing…
Amelia Smith - @MissAmeliaSmith #wpmelb
16. Always Be Updating
“78% of malware cases are attributed to outdated core
application, plugins, modules or software”. (http://sucuri.net/)
Amelia Smith - @MissAmeliaSmith #wpmelb
Online Business is very important.Most of us in the room use WordPress in some way for our online businessJust like a Bricks and mortar store – keep it locked up.Security is usually left out or skipped by beginners30,000ft view – not an exhaustive list of security measures
No Site is ever 100% secure - No magic silver bulletStay informed and updatedSet up a good routine – learn and practiceResult is that you gain trust, credibility and a reputation with customers
Three most common statementsI’m just starting outI don’t get much trafficThere’s nothing on my site worth pinching.
At this stage you are likely to have low traffic, low content and low listDon’t think security affects youThere is a lot to learn as a beginner - Anthony Hortin’s Book – linkIt’s easy to ignore security as irrelevant
Not a lot of beginner informationMost information are bad practices – creates a vicious circleBeginners aren’t shown what attacks look like or fix itConstant vulnerable source.
What kind of attacks are there?Opportunistic attack – common variables and vulnerabilitiesBlanket attack.Not based on a site’s popularity
Attacks are automated – there is no popularity criteriaEstablished and popular websites already have security deterrentsCopyblogger 250 log in fails a day – more secure than most sites.
Your Traffic and potential traffic is worth pinchingHacker’s are after traffic more than your informationThe do it to make money
Redirect from Google and search enginesPaid traffic clicks.Insert code into websiteIncrease rankings due to embedded links and redirects
Here’s “The Situation”– not Mike Sorrentino.I have a site on SEO Tactics for beginnersGood, valuable informationDirect you to my websiteHere’s what you see…..
What would you think of me – click away?I might have great info, but I’m about to infect you with MalwareWhat would your customer think of you?What do you think the losses are going to be?
How Can we minimize the risks?Local Environment - computerUpdate software and antivirus – Avira for Mac linkFTP – sftp and credentialswp-config.php
WordPress pre-population on installationObscure database name and table prefixDon’t use ‘admin’Combination password – numbers, letter, caps and symbols‘password’ and 12345 most used passwords
Get rid of ‘admin’ profileChange to a nicknameReduce brute-force attack
Update regularlyCore updates – WordPress versionBreaks my site?????Set up subdomainUpdate subdomain Maintenance routine
Choose themes wiselyDon’t modify core filesUse Child ThemeThesis and GenesisBest code practices, reputable developers, respected, passionate about their product, big network and community
Choose plugins wiselyChoose from repositoryLook for good descriptionsUpdatesChange LogSupport Tab
Delete unused plugins!Files still exist even though not active
Always have a backup!Set schedulesSet separate foldersSend to email, Dropbox, Amazon S3 or Rackspace
SucuriScans for any malicious threat, redirects, spa, etcOnly highlights problemsSucuri website for services
Website DefenderSuggests corrective measuresChange database name and table prefixProvides links to info
Managed WordPress HostingPaid Service – a bit more expensive.Maintenance, security, updates, scans, performance
Can do more technical stuff such as htaccess filesProtect wordpress files, block and redirect IP addressedMore technical if you get further advanced.Research on your own