2. ABOUT YOU
• Director of non-profit or charity
• Work for a charity
• Eager to deepen your
understanding of online marketing
• Want to increase effectiveness of
online marketing efforts – primarily
through your website
3. ABOUT LIAM
• Director + Owner,
LBDesign
• Online marketing +
design since 2000
• Work with non-profits in
the US, UK + Africa
• Keeping websites safe
since 2001
4. • A few stats about WordPress and
security
• Security tips for website managers
• Recommended plugins and services
WHAT WE’LL COVER
5. WHAT WE WON’T COVER
• The specifics of a securing the
website for any single organization
• How to configure security plugins,
tools and services
7. WORDPRESS STATS
• WordPress powers 25% of the top 1
million websites
• There are ~75 million websites
running WordPress
• 22% of all new US registered
domains launch on WordPress
10. • WordPress needs to be
up-to-date to be safe
• Some updates are now
automatic
• Take a back-up before
updating the software
• Example: Version 4.2.* is always
a security patch or bug fix
KEEP WORDPRESS UPDATED
11. • Out-of-date plugins
and theme are a
massive security risk
• Plugin update will
detail what changes are pending
• Example: Version 1.9.* is always
going to be a security patch or
bug fix
UPDATE PLUGINS + THEMES
12. • Use of “admin” as a
username = hackers
don’t need to guess
• Delete any instances
of “admin”
• Use unique usernames
and passwords
AVOID “ADMIN” USERNAME
13. • Only give access where access is
required
• Remove users who no longer need
access – or who have left the
organization
LIMIT USERS
14. • WordPress allows for
different permission
levels: administrator,
editor, author, etc.
• Only allow required
level of authority
LIMIT PERMISSIONS
15. • All websites can be hacked – if it’s
online it can be hacked
• Back-up: database, theme, uploads
and plugins
• Back-up regularly, depending on
your needs and schedule
• Send back-ups to a different server
or location
TAKE REGULAR BACK-UPS
16. • Service: VaultPress or CodeGuard
• Premium: BackupBuddy by iThemes
• Free: BackWPup
• Higher end web hosts often provide
daily back-ups as part of services
BACK-UP RESOURCES
17. • Website security relies heavily on
the web host
• WordPress specific hosting is a
great option
• Cheapest is rarely best … or
worthwhile
• With hosting, it’s often a case of pay
up front or pay more later
GOOD WEB HOSTING
20. • File permissions (CHMOD) should be
set to 644
• Folder permissions (CHMOD) should
be set to 755
• If a web host requires folder
permissions set to 777, change hosts
FILE/FOLDER PERMISSIONS
21. • When accessing the server to upload,
delete or edit files, connection should
be made via SFTP
USE SFTP
23. • For each service or account, use a
unique password
• Unique passwords help keep our
accounts secure in the event of a
hack
• Change passwords whenever a
service is hacked
USE UNIQUE PASSWORDS
24. • 1Password is a top
choice
• Use the software
across devices,
including on
computers, tablets and
smartphones
PASSWORD SOFTWARE
25. • Protecting your site is a must
• Keep WordPress, plugins and
themes up-to-date
• Back-up, back-up, back-up
• Manage users and permissions
• Use password management
software
KEY TAKE-AWAYS