View
1.000
Download
2
Category
Tags:
Preview:
DESCRIPTION
Since WordPress enjoys the position of being one of the most widely used web platforms, it is also one of the most attacked. From installation to operation there are fairly easy, and must-do steps to make sure your site is as secure as possible. In this two part session, we will cover everything from file permissions and user accounts to script injection and backup procedures to protect your blog from hacking or downtime. The first part of the session will be delivered at this user group meetup.
Citation preview
Charleston WordPressCharleston WordPress
http://wpchs.orghttp://wpchs.org Twitter: @wpchsTwitter: @wpchs
Our PartnersOur Partners
#wpchswpchs
Thank you to . . .
WordPress Setup and Security
WordPress Setup and Security
Michael Carnell - @carnellmMichael Carnell - @carnellm
Let’s Talk HostingLet’s Talk Hosting
The Not So GoodThe Not So Good
GoDaddy - common back end database that isn’t secured well and suffers from performance overload, poor support
Brinkster - has been hacked numerous times
FreeHostia - slow, free account is very limited, always pushing the upsell
For the Good TimesFor the Good Times
DreamHost - Not always the cheapest, but good and good support. But watch CPU usage as they will cut off processes.
MediaTemple - Again, not cheap, but very stable and secure. Monitors scripts.
BlueHost
HostGator
The Basic RulesThe Basic RulesDo your research - http://www.michaelcarnell.com/hosting
Check their own support forums
Is there a free trial or money back guarantee?
None of this really applies to WordPress.com
If you are hosting yourself, that is a different set of issues
The Dirty Detailsfor WordPress
The Dirty Detailsfor WordPress
Install CorrectlyInstall Correctly
While installing (most will use OneClick) . . .
Consider your directory? Do you use the standard? Root?
Consider altering the database name if your install allows.
Make database username and password long and cryptic. Store them away not to be used.
Don’t user redundant info - admin name same as username, same as blog name, etc...
Double Check the InstallDouble Check the InstallFile level tasks to be done via FTP . . .
Delete ..\wp-admin\install.php
In wp-config.php, add the optional security keys - http://api.wordpress.org/secret-key/1.1/
Add index.php, a blank file to all plugin and theme directories if it isn’t already there
Check the file directory privileges (if you are comfortable)
Post Install SetupPost Install SetupCreate new admin user with strong password
Change Admin password and make a subscriberWhy not delete??
Make your main admin’s display name different from login name
Change setting to allow editing by outside packages if wanted - but know what you are doing
Change “permalink” structure (thank you WP 3.3!)
Demo Time Again....
After Setup Before LiveAfter Setup Before LiveThemes ... not this session!
Plugins that you should have:
Askimet - AntiSpam, comes with the install
Block Bad Queries - blocks code injection through queries
Search Meter - What are your visitors looking for, but also shows extraneous search injections
SecureWordPress - basically a security audit
AntiVirus or another such
Demo Time Again!
Simple Backup for WPSimple Backup for WPYour content is your responsibility, not your hosts.
Great a GMail account or use your current one with custom address such as “yourname+backups@gmail.com”
Make a filter that auto files away all email coming in to that address.
Database - WP-DB-Backup
Images & Themes - WordPress Backup
Michael Carnellhttp://www.MichaelCarnell.com
@carnellm on Twitter
Slides and further info available on...
Sophisticated Secure Websiteshttp://www.DesignTechWeb.com
Q & AQ & A
Some Other BusinessSome Other BusinessWordPress 3.3 is Out! (Wanna demo?)
CiviCRM now working with WordPress in Alpha
WordCamp Atlanta - February 3 & 4 http://2012.atlanta.wordcamp.org
Next Meeting, January 10 -
Until then, don’t forget the updates on WPChs.org
Charleston WordPressCharleston WordPress
http://wpchs.orghttp://wpchs.org Twitter: @wpchsTwitter: @wpchs
Our PartnersOur Partners
#wpchswpchs
Thank you to . . .
Recommended