Click here to load reader

WordCamp St. Louis 2011 WordPress Security Presentation

  • View
    848

  • Download
    3

Embed Size (px)

DESCRIPTION

The slides from the presentation I gave at WordCamp Fayetteville on Guest Blogging.

Text of WordCamp St. Louis 2011 WordPress Security Presentation

WordPress Security Presentation

WORDPRESS SECURITYTips and Tricks to Secure Your Site

A LITTLE ABOUT

ANDY CROFFORDCONTACT INFO

Email: [email protected]

Twitter: @andycrofford

WEBSITES

AppTa.co - http://appta.co

TechKing - http://testking.com/techking

Mobile Orchard - http://mobileorchard.com

ThemeFuse - http://theme fuse.com

HTTP://J.MP/WORDCAMPSTLSlides available for download

#WCSTLSEC#hashtag

WHY IS WORDPRESS SECURITY IMPORTANT?

YOU VALUE YOUR SITE AND ITS CONTENTS

WHY IS WORDPRESS INSECURE?

IT IS OPEN SOURCE AND ANYONE HAS ACCESS TO THE CODE

PLUGINS CAN LEAVE THE DOOR OPEN

SO WHAT CAN YOU DO?

1. KEEP WORDPRESS UP TO DATE

2. UPDATE PLUGINS REGULARLY

3. DO NOT USE ADMIN AS YOUR USERNAME

4. USE A SECURE PASSWORD

CHECK YOUR PASSWORD STRENGTH AT:

HTTP://WWW.PASSWORDMETER.COM

5. KEEP YOUR THEME UPDATED

6. RESTRICT ACCESS TO THE ADMIN LOGIN PAGE BY IP ADDRESS

.HTACCESSAuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to whitelistallow from xxx.xxx.xxx.xxx

Replace xxx.xxx.xxx.xxx with your IP address.

.HTACCESSAuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to whitelistallow from xxx.xxx.xxx.*

Replace xxx.xxx.xxx.* with your IP address.

7. MOVE YOUR WP-CONFIG.PHP FILE

8. CHANGE THE WORDPRESS TABLE PREFIX

UPDATE $TABLE_PREFIX

9. USE SECRET KEYS

SECRET KEY GENERATOR

https://api.wordpress.org/secret-key/1.1/salt

SECURE KEYS

10. HIDE LOGIN ERROR MESSAGES

HIDE LOGIN ERRORS

add_filter('login_errors', create_function('$a', "return null;"));

11. BACKUP, BACKUP, BACKUP

UTILIZE SECURITY PLUGINS

1. LOGIN LOCK DOWNhttp://j.mp/wp-lockdown

2. STEALTH LOGINhttp://j.mp/wp-stealth

3. ADMIN SSLhttp://j.mp/wp-adminssl

4. BACKWPUPhttp://j.mp/backwpup

PAID BACKUP SERVICES

VaultPress - http://www.vaultpress.com

Backup Buddy - http://j.mp/wp-backup buddy

QUESTIONS?

WORDCAMP

GET 6 MONTHS FREE SHARED HOSTING FROM SITE5 (WWW.SITE5.COM)

Search related