-
Beginners Security WordCamp North Canton
Michele Butcher
CantSpeakGeek.com WPSecurityLock.com
@michele_butcher
-
Michele ButcherWordPress Specialist, Site Cleaner, and Trainer
for WP Security Lock
WordPress Evangelist for InMotion Hosting
Geek behind Cant Speak Geek
Beginners and Intermediate WordPress Instructor
-
Why is security important?
-
Many do not think security is important until it is too
late.
Every single day hackers find new ways to get your
information.
Todays features are tomorrows vulnerabilities.
Stop them before they stop you
-
Why do hackers hack?Make bank
build a zombie army
Share their nasty code with the world
Get your information
They are bored
They want to see if they can do it
-
ButWhy are they hacking me?
There is rarely ever a targeted hacking attack.
Typically all sites are considered targets. The big and the
small.
-
And how do they get in?They guess your login information
Denial of Service Attack (DDoS)
Through a file in a theme, plugin, or anything on your server
where they found an exploit
Through your FTP and/or cPanel configuration
-
Here is the only scary thing I will say
in this talk
-
You are NEVER 100% secure
-
A test site or a site that might get 5 visitors a day can be
hacked.
It happened to me and it can happen to you.
-
Dont Let Security
Make you like this guy!
-
There are some simple steps to keep
the hackers out
-
WordPress Security Basics 101
-
Never ever never use admin as a username or password as
password. NEVER!!!!Any questions?
Adm1n and Pa55w0rd do not count either!
-
Always use SFTPS is for safe!!!
-
Only give users the access they need
Just because they want to be an admin does not mean they
should.
Guest bloggers should rarely every be anything more than a
contributor.
-
If it is a temporary login, delete the user when the job is
done
If they do have posts, you can convert them to different users
or make them a subscriber with limited access.
-
Set up file detection
Many security plugins like iThemes Security and WordFence will
alert you when files have been changed
-
Only keep the theme you are using and one backup theme on
your site.
The more themes that are on a site, the more open chances you
have to a vulnerability
-
Only keep the plugins you have active on your site.
An uninstalled plugin is not a potential vulnerability.
Use the plugins repo favorites option to keep a list of your
favorite plugins
-
Security PluginsiThemes Security (Free and Pro version
Securi Firewall
WordFence Security
Jetpack with Brute Protect and Vault Press
-
Always make backups!Backup Buddy, UpDraftPlus, BackWPUp
Always save to someplace OTHER than your server
Save them to Dropbox, AWS, email, or your local machine
Have them scheduled to be made daily or at least weekly
-
Malware Scanning? Do I need it?
If you suspect an issue scan your site!
Google Webmaster Tools
VirusTotal
iThemes Security Pro
Sucuri Scanner
-
What else can I do to protect my site?
-
Update! Update! Update!
Update core. Update themes update plugins!
The biggest reasons of updates is typically security or feature
related.
The biggest source of nearly all hacks is due to lack of
updating.
-
If you use Envato products (ThemeForest and CodeCanyon)
always check the box in the downloads to be notified of
updates.That is the only way you will know if any of their
products
need to be updated.
This is why the RevSlider infection was so widespread. Many did
not even know the plugin was built into their theme.
-
Don't ever let your site get too lonely.
That is when the zombies come.
Nobody wants the zombies to come
-
If the unthinkable happens and you do get hacked, it is not
the
end of the world.It can and will be fixed.
-
Who can clean my hacked website?
Well I can!
And so can Securi and HackRepair
-
Great! Are there any other ways I can be secure?
-
Always use complex passwords
-
Never email passwords
-
Never use the same password twice
-
Use a Password KeeperLast Pass
One Password
KeePass
-
If a login has a Two-Factor Authentication,
USE IT!
-
Anti-virus!
Use it on all the things.
Yes, even a Mac!
-
Be conscious when using public WiFi
-
Use a VPN if you use Public WiFi
Torguard
Site Social
Hide My Ass
-
Update! Update! Update!
-
No one wants to lose their information stored on their
computer.
Back everything up and back it up often!
Bitcasa Carobinte External Harddrives
-
Questions?
-
Thank you!!!
Michele Butcher
CantSpeakGeek.com WPSecurityLock.com
@michele_butcher
