3. Blog Security: WordPress
WordPress Security: Google 11,800,000
Very Popular Platform
Prime Target for Hackers
SEO: Search Engine Optimization
Traffic Redirection
Links to Pharmacy / Adult sites
Graphics Replacement
Ad / Affiliate Redirection
Many others…
4. Blog Security: WordPress
You are on their hit list!
Game… Like you play Guitar Hero…
Always run the latest versions
Backdoor entry points
Passwords for users are downloaded
Open Source Software
Backups are essential
Frequent updates are essential
Many others…
5. Blog Security: WordPress
Monitor log files
Block probers if you can
Delete meta tag that displays WP version
“Powered by WordPress”
Private site or hosted?
WordPress.com
What is your Time worth?
What is your Blog worth?
6. Blog Security: WordPress
Turn off Open Registration
WP 2.5+ has better password encryption
Use a Strong admin password!
Limit Search on your server
Protect Directories from public browsing
Drop the version string in Meta Tags
7. Blog Security: WordPress
Limitwp-admin access by IP address
Protect using .htaccess
Protect your MySQL database
Use SSH/Shell access, not FTP
Use SFTP uploads if you can
Use VPN if you can
Never use Telnet!
8. Hosting Platform?
Use Linux / Apache if you can
Do NOT use Microsoft Windows
Automattic PollDaddy migration
PollDaddy .NET / SQL to PHP/MySQL
Automattic has 1,200 servers in use
Per Matt’s Blog - Stable and Scalable
10. WordPress: Internals
PHP – Must be kept updated
MySQL – Must be kept updated
OpenSource Software more secure
Security Through Transparency
Millions of people looking at it
Often fixed quickly
11. WordPress: Look For?
The Obvious
PlugIns that you did not install
header.php changes
Search Engine redirection (hard to detect)
Spammers may hide text
View HTML Source Code
Google records your “bad” content
13. If You Get Hacked?
Justa matter of time
Change ALL passwords
Backup databases
Update software quickly
Shut down site. Maybe…
Email to security@wordpress.com
14. WordPress: Plugins / Widgets
Only use what you can trust
Watch for suspicious activity
WP Security Scan
File Permissions
Database Security
XSS vulnerabilities
Many others…
16. Advertising On Your Blog
Google AdWords / AdSense
Others ???
Affiliate Programs
Be Careful…
WordPress Plugins
$5000 per Week? Slim Chance
Should you $$$ to Advertise?
18. Best Practices
Software Up To Date!
Backup Databases
Directory Protection Codes
File Protection Codes
Remove Install Files
Remove Version #
Layered Software
Do NOT use Microsoft Windows!