Have you secured your WordPress blog against hackers who are out to use your site for illicit purposes? If not, you risk losing your content, your rankings, maybe even your business. Implement the tips in this presentation to confound anyone who tries to hack your site!
1. SECURING WORDPRESS
Presented by
Jeff K. Hoffman
VP of R&D, MyLeadSystemPRO
http://facebook.com/jeff.k.hoffman
2. WHY DO HACKERS HACK?
• Easy SEO
• Malware Distribution
• Entertainment & Peer Recognition
3. HOW DO HACKERS HACK?
• Bots - like the Google Bot, but Evil.
• Widely available, frequently updated.
• Viral spread
4. BEFORE YOU BEGIN
• Backup your site!
• Implement one tip and test, then another and test, etc.
• If it’s over your head, just skip it (or, hire help.)
5. SECURE YOUR SERVER
• Your blog is only as secure as your Web Host.
• Ifa hacker gets into your hosting account (via FTP, SSH, etc.),
they win before they even worry about hacking WordPress.
• Use strong passwords. (StrongPasswordGenerator.com)
• Ask your Web Host how to best secure your account.
6. PERMISSIONS
• In general...
• Files should be 644.
• Folders should be 755.
• /wp-content/uploads/ should be 775.
• /wp-content/themes/ should be 775 for Theme Editor.
9. DEFY CONVENTION
• Change admin username
• Never post as admin!
• Move wp-config.php
• Change database table prefix**
• In wp-config.php
• In your database
10. USE SECRET KEYS
Edit wp-config.php...
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
11. CLEAN UP
• After WordPress is installed, delete /wp-admin/install.php
• Delete unused/inactive plugins & themes