Beginners Security WordCamp North Canton

Michele Butcher

CantSpeakGeek.com WPSecurityLock.com

@michele_butcher

Michele ButcherWordPress Specialist, Site Cleaner, and Trainer for WP Security Lock

WordPress Evangelist for InMotion Hosting

Geek behind Can’t Speak Geek

Beginners and Intermediate WordPress Instructor

Why is security important?

Many do not think security is important until it is too late.

Every single day hackers find new ways to get your information.

Todays features are tomorrow’s vulnerabilities.

Stop them before they stop you

Why do hackers hack?Make bank

build a zombie army

Share their nasty code with the world

Get your information

They are bored

They want to see if they can do it

But…Why are they hacking me?

There is rarely ever a targeted hacking attack.

Typically all sites are considered targets. The big and the small.

And how do they get in?They guess your login information

Denial of Service Attack (DDoS)

Through a file in a theme, plugin, or anything on your server where they found an exploit

Through your FTP and/or cPanel configuration

Here is the only scary thing I will say

in this talk

You are NEVER 100% secure

A test site or a site that might get 5 visitors a day can be hacked.

It happened to me and it can happen to you.

Don’t Let Security

Make you like this guy!

There are some simple steps to keep

the hackers out

WordPress Security Basics 101

Never ever never use “admin” as a username or “password” as

password. NEVER!!!!Any questions?

Adm1n and Pa55w0rd do not count either!

Always use SFTP“S” is for safe!!!

Only give users the access they need

Just because they want to be an admin does not mean they should.

Guest bloggers should rarely every be anything more than a contributor.

If it is a temporary login, delete the user when the job is done

If they do have posts, you can convert them to different users or make them a subscriber with limited access.

Set up file detection

Many security plugins like iThemes Security and WordFence will alert you when files have been changed

Only keep the theme you are using and one backup theme on

your site.

The more themes that are on a site, the more open chances you have to a vulnerability

Only keep the plugins you have active on your site.

An uninstalled plugin is not a potential vulnerability.

Use the plugins repo favorites option to keep a list of your favorite plugins

Security PluginsiThemes Security (Free and Pro version

Securi Firewall

WordFence Security

Jetpack with Brute Protect and Vault Press

Always make backups!Backup Buddy, UpDraftPlus, BackWPUp

Always save to someplace OTHER than your server

Save them to Dropbox, AWS, email, or your local machine

Have them scheduled to be made daily or at least weekly

Malware Scanning? Do I need it?

If you suspect an issue scan your site!

Google Webmaster Tools

VirusTotal

iThemes Security Pro

Sucuri Scanner

What else can I do to protect my site?

Update! Update! Update!

Update core. Update themes update plugins!

The biggest reasons of updates is typically security or feature related.

The biggest source of nearly all hacks is due to lack of updating.

If you use Envato products (ThemeForest and CodeCanyon)

always check the box in the downloads to be notified of updates.That is the only way you will know if any of their products

need to be updated.

This is why the RevSlider infection was so widespread. Many did not even know the plugin was built into their theme.

Don't ever let your site get too lonely.

That is when the zombies come.

Nobody wants the zombies to come

If the unthinkable happens and you do get hacked, it is not the

end of the world.It can and will be fixed.

Who can clean my hacked website?

Well I can!

And so can Securi and HackRepair

Great! Are there any other ways I can be secure?

Always use complex passwords

Never email passwords

Never use the same password twice

Use a Password KeeperLast Pass

One Password

KeePass

If a login has a Two-Factor Authentication,

USE IT!

Anti-virus!

Use it on all the things.

Yes, even a Mac!

Be conscious when using public WiFi

Use a VPN if you use Public WiFi

Torguard

Site Social

Hide My Ass

Update! Update! Update!

No one wants to lose their information stored on their computer.

Back everything up and back it up often!

Bitcasa Carobinte External Harddrives

Questions?

Thank you!!!

Michele Butcher

CantSpeakGeek.com WPSecurityLock.com

@michele_butcher