Do less work by securing your WordPress site from hackers
-
Upload
thomas-howard -
Category
Internet
-
view
170 -
download
1
description
Transcript of Do less work by securing your WordPress site from hackers
![Page 1: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/1.jpg)
Do Less Work
By Securing Your WordPress Site From Hackers
Thomas Howard
![Page 2: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/2.jpg)
Wordpress Statistics• 60+ Million Wordpress
Sites• 22% of top 10 million
websites powered by WP• 73% of the 40,000 top
WP sites running vulnerable version
• Basic Vulnerabilities found in 50 Top WP Plugins
22%
78%
Top 10 Million Sites
WordpressNot-Word-press
![Page 3: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/3.jpg)
The 80/20 Rule of WP Security
• Pareto Principle - Roughly 80% of the effects come from 20% of the causes
• How can we prevent the most amount of attacks with the least amount of work?
![Page 4: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/4.jpg)
WordPress Attack Vectors
41%
29%
22%
8%
Attack Vectors
HostingThemePluginPassword
• 41% were hacked through a security vulnerability on their hosting platform
• 29% were hacked via a security issue in the WordPress theme they were using
• 22% were hacked via a security issue in the WordPress plugins they were using
• 8% were hacked because they had a weak password
![Page 5: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/5.jpg)
Hosting
• Use a trusted host!• Laughing Squid or A
Small Orange for cheap shared hosting
• Get off shared hosting!• Better yet, use
WP Engine and skip the rest of these slides!
![Page 6: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/6.jpg)
Themes
• DON’T use free themes!• Use a trusted source for
themes:– Wordpress.org– Themeforest– WooThemes
• Use a secure theme framework:– Genesis– Thesis
10%
10%
80%
Free Themes on Google
Safe
Questionable
Infected
![Page 7: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/7.jpg)
Secure the WP Installation
• Easiest Way – Use a Security Plugin– iThemes Security
(formally Better WP Security
– Wordfence• Examples using iThemes
Security
![Page 8: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/8.jpg)
Secure DatabaseDon’t use standard wp_ table prefix
![Page 9: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/9.jpg)
Force Secure Passwords
![Page 10: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/10.jpg)
Limit Login Attempts
![Page 11: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/11.jpg)
Change Admin Username & User ID=1
![Page 12: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/12.jpg)
Other Useful (and easy) Tweaks• Enable HackRepair.com's blacklist
feature• Enable 404 detection• Protect System Files• Disable Directory Browsing• Filter Request Methods• Filter Suspicious Query Strings in
the URL• Filter Non-English Characters
(only for English only sites)• Filter Long URL Strings• Remove File Writing Permissions• Disable PHP in Uploads
• Remove WordPress Generator Meta Tag
• Remove the Windows Live Writer header.
• Remove the RSD (Really Simple Discovery) header.
• Reduce Comment Spam (also you should be using Akismet or Disable Comments)
• Display Random Version• Disable XMLRPC (unless use
trackbacks or Jetpack)• Disables a user's author page if
their post count is 0.
![Page 13: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/13.jpg)
Backups!
• Setup automatic backups!
• iThemes Security allows you to schedule backups to be stored on the server and emailed
• Backup Buddy is awesome
• So is ManageWP
![Page 14: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/14.jpg)
Updates!
• Good news! The latest WP automatically updates for security patches!
• Make modifications safely, use child themes.
• Test new updates on development site.
![Page 15: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/15.jpg)
Summary
1. Hosting2. Themes3. Plugins4. Core5. Backup6. Update
![Page 16: Do less work by securing your WordPress site from hackers](https://reader034.fdocuments.net/reader034/viewer/2022051815/53f91fd38d7f7253318b4aaa/html5/thumbnails/16.jpg)
Questions?
Learn more atMakeWP.com/wp-security-talk