WordPress Security For Beginners
•Transferir como PPTX, PDF•
3 gostaram•689 visualizações
Your online business is important. Learn the basic of securing your WordPress website and use the tips and tricks from this presentation. Part of the WP Meetup Presentation 10/10/2012
Recomendados
Mais conteúdo relacionado
Último
Último (20)
Destaque
Destaque (20)
WordPress Security For Beginners
- 1. WordPress Security For Beginners Amelia Smith - @MissAmeliaSmith #wpmelb
- 2. Your Online Business Is Important Just like any “Bricks and Mortar” store....... Keep your online business locked up at night! Amelia Smith - @MissAmeliaSmith #wpmelb
- 3. There is no magic silver bullet Set up a good maintenance routine…… People will return if you provide a safe environment Amelia Smith - @MissAmeliaSmith #wpmelb
- 4. Three Familiar Comments “I’m just starting out” “I don’t get much traffic yet” “My content isn’t worth stealing” Amelia Smith - @MissAmeliaSmith #wpmelb
- 5. “I’m Just Starting Out” Hackers don’t give you a grace period! Easy WP Guide http://thstuts.com/Olmjwy Amelia Smith - @MissAmeliaSmith #wpmelb
- 6. “I’m Just Starting Out” Are you learning BAD PRACTICES? Amelia Smith - @MissAmeliaSmith #wpmelb
- 7. “I Don’t Get Much Traffic” Opportunistic Attacks... when a hacker takes a bet on causing trouble without knowing the outcome. Amelia Smith - @MissAmeliaSmith #wpmelb
- 8. “I Don’t Get Much Traffic” It’s automatic, It’s systomatic, It’s hyyyyyyydromatic… Amelia Smith - @MissAmeliaSmith #wpmelb
- 9. “I Have Nothing Worth Stealing.” Don’t take it personally… …it’s all about the MONIES! Amelia Smith - @MissAmeliaSmith #wpmelb
- 10. “I Have Nothing Worth Pinching” What happens in Vegas…. ….actually gets redirected from your site! Amelia Smith - @MissAmeliaSmith #wpmelb
- 11. Put yourself into the visitors shoes. This is “The Situation” Amelia Smith - @MissAmeliaSmith #wpmelb
- 12. What would you think?? Amelia Smith - @MissAmeliaSmith #wpmelb
- 13. Local Environment Keep your local environment updated and connect securely… http://thstuts.com/Trnc93 Amelia Smith - @MissAmeliaSmith #wpmelb
- 14. WordPress Installation Change the prepopulated WordPress defaults when installing… Amelia Smith - @MissAmeliaSmith #wpmelb
- 15. WordPress Configuration Amelia Smith - @MissAmeliaSmith #wpmelb
- 16. Always Be Updating “78% of malware cases are attributed to outdated core application, plugins, modules or software”. (http://sucuri.net/) Amelia Smith - @MissAmeliaSmith #wpmelb
- 17. Recommended Themes (Thesis & Genesis) Amelia Smith - @MissAmeliaSmith #wpmelb
- 18. Choose Plugins Wisely Research your plugins and choose wisely.. Amelia Smith - @MissAmeliaSmith #wpmelb
- 19. Unused Plugins Delete Unused Plugins Amelia Smith - @MissAmeliaSmith #wpmelb
- 20. Recommended Plugins Log In Lockdown Amelia Smith - @MissAmeliaSmith #wpmelb
- 21. Recommended Plugins BackWPup Amelia Smith - @MissAmeliaSmith #wpmelb
- 22. Recommended Plugins Sucuri Sitecheck Malware Scanner Amelia Smith - @MissAmeliaSmith #wpmelb
- 23. Recommended Plugins Website Defender Amelia Smith - @MissAmeliaSmith #wpmelb
- 24. Managed WordPress Hosting Amelia Smith - @MissAmeliaSmith #wpmelb
- 25. Bonus Round Something for the Geeks…. Amelia Smith - @MissAmeliaSmith #wpmelb
- 26. Thank You…… Amelia Smith - @MissAmeliaSmith #wpmelb
Notas do Editor
- Online Business is very important.Most of us in the room use WordPress in some way for our online businessJust like a Bricks and mortar store – keep it locked up.Security is usually left out or skipped by beginners30,000ft view – not an exhaustive list of security measures
- No Site is ever 100% secure - No magic silver bulletStay informed and updatedSet up a good routine – learn and practiceResult is that you gain trust, credibility and a reputation with customers
- Three most common statementsI’m just starting outI don’t get much trafficThere’s nothing on my site worth pinching.
- At this stage you are likely to have low traffic, low content and low listDon’t think security affects youThere is a lot to learn as a beginner - Anthony Hortin’s Book – linkIt’s easy to ignore security as irrelevant
- Not a lot of beginner informationMost information are bad practices – creates a vicious circleBeginners aren’t shown what attacks look like or fix itConstant vulnerable source.
- What kind of attacks are there?Opportunistic attack – common variables and vulnerabilitiesBlanket attack.Not based on a site’s popularity
- Attacks are automated – there is no popularity criteriaEstablished and popular websites already have security deterrentsCopyblogger 250 log in fails a day – more secure than most sites.
- Your Traffic and potential traffic is worth pinchingHacker’s are after traffic more than your informationThe do it to make money
- Redirect from Google and search enginesPaid traffic clicks.Insert code into websiteIncrease rankings due to embedded links and redirects
- Here’s “The Situation”– not Mike Sorrentino.I have a site on SEO Tactics for beginnersGood, valuable informationDirect you to my websiteHere’s what you see…..
- What would you think of me – click away?I might have great info, but I’m about to infect you with MalwareWhat would your customer think of you?What do you think the losses are going to be?
- How Can we minimize the risks?Local Environment - computerUpdate software and antivirus – Avira for Mac linkFTP – sftp and credentialswp-config.php
- WordPress pre-population on installationObscure database name and table prefixDon’t use ‘admin’Combination password – numbers, letter, caps and symbols‘password’ and 12345 most used passwords
- Get rid of ‘admin’ profileChange to a nicknameReduce brute-force attack
- Update regularlyCore updates – WordPress versionBreaks my site?????Set up subdomainUpdate subdomain Maintenance routine
- Choose themes wiselyDon’t modify core filesUse Child ThemeThesis and GenesisBest code practices, reputable developers, respected, passionate about their product, big network and community
- Choose plugins wiselyChoose from repositoryLook for good descriptionsUpdatesChange LogSupport Tab
- Delete unused plugins!Files still exist even though not active
- Login lockdownMax login attemptsLockout timeLockout invalid username attempts
- Always have a backup!Set schedulesSet separate foldersSend to email, Dropbox, Amazon S3 or Rackspace
- SucuriScans for any malicious threat, redirects, spa, etcOnly highlights problemsSucuri website for services
- Website DefenderSuggests corrective measuresChange database name and table prefixProvides links to info
- Managed WordPress HostingPaid Service – a bit more expensive.Maintenance, security, updates, scans, performance
- Can do more technical stuff such as htaccess filesProtect wordpress files, block and redirect IP addressedMore technical if you get further advanced.Research on your own