I Have My WordPress Site…Now What?

@michele_butcher

• WordPress Specialist, Site Cleaner, and Trainer for WP Security Lock

• WordPress Evangelist for InMotion Hosting

• Geek behind Can’t Speak Geek

• Beginners and Intermediate WordPress Instructor

Michele Butcher

Websites are not build them and forget them!

Learn the steps to care for your site once the designer/

developer turns it over to you.

If you are writing your own content, be comfortable with

the dashboard when you make the decision to do it alone.

Ask for tutorials or search the web to learn before you try to do it alone.

There are simple steps everyone with a WordPress

site SHOULD do.

The first thing to remember is that if you do not click save

at the end, it did not happen.

Save and save often

Equally important is backups.

• Always save to someplace OTHER than your server

• Save them to Dropbox, AWS, email, or your local machine

• Have them scheduled to be made daily or at least weekly

Backup and backup often!

• Backup Buddy

• UpDraftPlus

• BackWPUp

Backup Plugins I recommend

Updates are important!Update core. Update themes update plugins!

The biggest reasons of updates is typically security or feature related.

The biggest source of nearly all hacks is due to lack of updating.

When you see the little red circle beside the Dashboard button means

you have updates needing to be done

Always make a backup before you update for safe measures.

When it comes to updating if you use Envato products (ThemeForest and

CodeCanyon) always check the box in the downloads to be notified of updates.

That is the only way you will know if any of their products need to be updated.

This is why the RevSlider infection was so widespread. Many did not even know the plugin was built into their theme.

Security is an important piece of maintenance.

It is more important to secure all the things BEFORE something happens!

Many have yet to learn this!Every single day hackers find new ways to get your information.

Todays features are tomorrow’s vulnerabilities.

Stop them before they stop you

• They guess your login information

• Denial of Service Attack (DDoS)

• Through a file in a theme, plugin, or anything on your server where they found an exploit

• Through your FTP and/or cPanel configuration

How do they get in?

There are some simple steps to keep the hackers

out of your website.

Never ever never use “admin” as a username or “password” as

password on any of the things. NEVER!!!!

Any questions?

Adm1n and Pa55w0rd do not count either!

Only give users the access they need

Just because they want to be an admin does not mean they should.

Guest bloggers should rarely every be anything more than a contributor.

Sometimes they do not need access to all the things

If it is a temporary login, delete the user when they are done

doing all of their thingsIf they do have posts, you can convert them to different users

or make them a subscriber with limited access.

Set up file detection to make sure nothing ever

sneaks in.Many security plugins like iThemes Security and

WordFence will alert you when files have been changed

• iThemes Security (Free and Pro version

• Sucuri Firewall

• WordFence Security

• Jetpack with Brute Protect and Vault Press

Security Plugins I recommend

Only keep the plugins and themes you have active on

your site.An uninstalled plugin or theme is not a potential vulnerability.

Use the plugins repo favorites option to keep a list of your favorite plugins

Malware Scanning? Do I need it?

• Google Webmaster Tools

• Sucuri Scanner (Built in iThemes Security now)

• VirusTotal

If you feel your site could be infected, first do a malware scan. There are also plugins that can scan your site manually.

When you decide to make changes to your site there

are some things to consider.

Do your due diligence when looking at new themes and plugins. Do not pick one just because it is shiny and pretty.

Do not add every theme you think is pretty when you decide to change a theme.

Only keep the theme you are using and one backup theme on your site.

The more themes that are on a site, the more open chances you have to a vulnerability

Miscellaneous things your designer or

developer might not have told you

SEO…

SEO Plugins can aid in your ranking on search engines

• Yoast SEO • All in One SEO

Don't ever let your site get too lonely.

No one knows your website better than you do. Check on the front end just as much as your backend.

If you have questions take to the web

There are many resources you have at your fingertips that can help you do more with your website.

• codex.WordPress.org • WordPress forums for themes, plugins, and core • Twitter • Facebook • Third Party websites

There is more than just WordPress specific

maintenance you should do.

Always use complex passwords on all

logins.

Never use the same password on all logins.

This is just bad practices!

Never email passwords! Put them in a text document or use a password manager to

send them.

• Last Pass

• One Password

• KeePass

Use a Password Keeper for all your things

If any login has a Two-Factor Authentication

option, USE IT!

Two-Factor all the things

Use an Anti-virus on any computer you use

Use it on all the things.

Yes, even a Mac!

Be conscious when using public WiFi

• Torguard

• Site Social

• Hide My Ass

Use a VPN for all the public WiFi’s

Update! Update! Update!

Update all the things!

Back everything up and back it up often!

No one wants to lose their information stored on their computer.

Bitcasa Caronbinte External Harddrives

Questions?

Thank you!!!

Michele Butcher

CantSpeakGeek.com WPSecurityLock.com

@michele_butcher

Slides can be found at http://mlb.pw/your-site