Embed Size (px)
DESCRIPTION
Wordpress security and backups are often overlooked, but you need to have them in place before your site gets compromised. The steps to secure and backup a site are simple, so make sure you don't lose all your hard work.
Citation preview
Wordpress SecurityClaire Jordan - Spearmint Digital
Why Wordpress Security
● Wordpress is open source
● So is Apache and Linux
● Open source = free, but everyone can see
the code
● Hackers don’t specifically attack your site -
look for vulnerable sites on the internet
Your Server
● Home of your site, security starts here
● VPS vs Shared Hosting
● Use SSH or SFTP to connect
Install Wordpress Correctly
● Don’t use fantastico
● wordpress.org and do a manual install
Replace Security Keys
● It’s like changing your locks
● Setup authentication keys and salts
● Generate new keys at:
http://api.wordpress.org/secret-key/1.1/salt
● Copy and paste into wp-config.php
● Can do on existing site, will just make users
login again.
Replace Security Keys
Change the Table Prefix
● Change table prefixes
● default uses wp_ wp1_ wp2_
● If a new website, do this in wp-config.php
● If existing website it’s harder
● Good tutorial at:
http://wpbeginner.com/wp-tutorials/how-to-change-the-
wordpress-database-prefix-to-improve-security
● Can also do with a plugin
Get Rid of Comment Spam
● Install Akismet
● Shows your site is well managed
● No more spam!
Use Quality Themes and Plugins
● Bad theme or plugin = dangerous code
● Good themes - eg. studiopress, woothemes
● Good plugins - look at reviews
● Limit number of plugins
● Delete anything not in use
Update Everything
● Update wordpress core, plugins and theme
● Updates patch known vulnerabilities
● Check your site often
Good Username and Password
● Hackers only need 2 pieces of info, don’t
give them the first one
● Unique username and password
Good Username and Password
● If you need to change username
http://youtu.be/1R0X-zrtF1k
● Get a good password
www.strongpasswordgenerator.com
● Use a non-admin user for posting, show
author's real name
Limit Login Attempts
● Don’t want hackers to be able to try guess
the password
Backup Your Site
● A few good plugins:○ Vaultpress - backups immediately $15/month
○ Backupbuddy - easy to use, good support, $80 for a
license
○ BackWPup - free plugin, can choose where to
backup to
Suggested Backup Routine
● Using BackWPup
● Backup to dropbox
● Backup everything (theme, files, database,
plugin list)
● Have 3 jobs, 1 for daily, 1 for weekly and 1
for monthly
● Runs each day at 3am
More Security
● Lots more things you can do
● A few examples:○ blank .html files
○ custom .htaccess files
○ limit access to your IP address
○ secure files with passwords
● Security can always be taken to the next
level
Security Plugin
● Install Better WP Security
● Backup your blog
● Needs to change core files
● Use one click protection
● Go through the system status
Security Plugin
● Good tutorial:
http://www.wpbrix.com/wordpress/how-to-secure-
wordpress-with-better-wp-security
