WordPress Security is like a HHAM Sandwich
-
Upload
red8-interactive -
Category
Business
-
view
2.472 -
download
2
description
Transcript of WordPress Security is like a HHAM Sandwich
![Page 1: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/1.jpg)
WORDPRESS SECURITY IS LIKE A HHAM SANDWICH
![Page 2: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/2.jpg)
JAMES HIPKINInvolved in advertising and marketing for many years
Started in traditional advertising
Moved over to direct marketing
Been involved with digital for over ten years
Currently an owner and the Managing Director at Red8 Interactive
![Page 3: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/3.jpg)
More than 20% of websites are using WordPress
This makes WordPress a target for hackers
NOT IF, BUT WHEN
Without protection, it’s not a question of if, but when
![Page 4: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/4.jpg)
SO HOW CAN YOU BE PROTECTED?
![Page 5: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/5.jpg)
THINK HHAM SANDWICH
Hosting
Hardening
Access
Maintenance
![Page 6: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/6.jpg)
SOME CONTEXTYou don’t need to follow every recommendation presented here to be secure—there isn’t a silver bullet, but do something
![Page 7: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/7.jpg)
SOME CONTEXTNo site is immune to hacking, no matter what you do, a dedicated individual, if they have the skills, can gain access to virtually any site
![Page 8: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/8.jpg)
SOME CONTEXT
“…but my site doesn’t get much traffic.”
![Page 9: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/9.jpg)
HOSTING
![Page 10: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/10.jpg)
The trouble with sharing
- Because shared servers must support many applications, server software is often out of date, which means hackers can exploit security holes in old software, holes that were plugged by yet to be implemented updates
- Shared hosts are concerned about security, but their solutions are generic, they aren’t designed specifically for WordPress
HOSTING
![Page 11: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/11.jpg)
MANAGED WP HOSTS
It’s all about commitment—since the server is only supporting one application, WordPress:
- Server software is kept up-to-date
- Security precautions are specific
- WordPress updates are automatic
- Backups and security scans are automatic
- Quality control over plugins—known vectors and server thrashers aren’t allowed
![Page 12: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/12.jpg)
MANAGED WP HOSTS
But wait, there’s more…managed WP hosts perform better, they’re optimized to support WordPress’ specific requirements
![Page 13: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/13.jpg)
MANAGED WP HOSTS
We use WP Engine
Others you can consider :
- Pagely
- Pressable
- Synthesis
![Page 14: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/14.jpg)
HARDENING
![Page 15: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/15.jpg)
HARDENINGMake it hard for the hackers’ bots and they will move on
Recommendations can be added individually, which may require a developer
Many are included options in the iThemes Security plugin
![Page 16: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/16.jpg)
HARDENINGShut down the theme and plugin Editor
- Disallow the theme and plugin editor by adding the following to wp-config.php: define( 'DISALLOW_FILE_EDIT', true );
![Page 17: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/17.jpg)
HARDENINGSet permissions on your wp-content and themes directories to 755
Set permissions on files to 644
![Page 18: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/18.jpg)
HARDENINGHackers will try to add a .php file via wp-includes and/or wp-content/uploads/ folders. To disable PHP execution in these directories:
- Create a file in a text editor, call it .htaccess and add the following code: <Files *.php> deny from all</Files>
- Use FTP to place this file in the folders
![Page 19: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/19.jpg)
HARDENINGChange the database prefix
- In the WP-config.php file change the file prefix from “wp_” to “wp_randomlettersandnumbers_”
- Or “randomlettersandnumbers_”
- This is best accomplished during the initial install of WordPress
- Or use iThemes Security or the Change DB Prefix plugin on an older site
![Page 20: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/20.jpg)
HARDENINGUse the Disable Comments plugin to turn off post comments if they aren’t required, which closes several attack vectors
Use a third party like Disqus to manage comments so they are off the server
![Page 21: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/21.jpg)
HARDENINGInstall iThemes Security for one-stop shop security (some setup required)
![Page 22: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/22.jpg)
HARDENINGInstall the BruteProtect plugin to block brute force attacks
Limit Login Attempts is another choice, but it’s best in combination with other measures
![Page 23: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/23.jpg)
ACCESS
![Page 24: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/24.jpg)
ACCESS
You need ten Admins? Really?
• Use the User Role Editor plugin to create a custom user role, Manager or Web Master, with the same capabilities as an Admin but without the ability to add or delete plugins and themes, two common vectors for hackers
![Page 25: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/25.jpg)
ACCESSU/P: admin/password123? Really?
- Delete the admin user if it exists
- Use the Enforce Strong Passwords plugin to, well, enforce strong passwords
![Page 26: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/26.jpg)
ACCESSConsider two-factor authentication using the Google Authenticator plugin
Or Rublon is an excellent plugin for two-factor authentication
![Page 27: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/27.jpg)
ACCESSLogin Security Solution is another good choice
Or install CLEF, it replaces passwords with a simple, encrypted authentication using your smart phone
![Page 28: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/28.jpg)
ACCESSForce administration over SSL—this is important if the dashboard will be accessed by multiple users over public WiFi networks
- Install an SSL certificate and add the following to the wp-config.php file:
• require_once(ABSPATH . 'wp-settings.php');define('FORCE_SSL_LOGIN', true); define('FORCE_SSL_ADMIN', true);
![Page 29: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/29.jpg)
ACCESSConsider adding a firewall to the site
- Among other benefits, Cloud Flare and Sucuri will block malicious attacks before they reach your server
- While not a 100% solution—a firewall can block access to software vulnerabilities before they can be fixed via updates
![Page 30: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/30.jpg)
ACCESSSecure your WiFi
“Over three hours, he revealed 23 Wi-Fi hotspots, more than a third of which were open to snoops or used crackable WEP instead of the more modern WPA encryption.”
Coco, modeling the WarKitteh collar. Photo credit: Gene Bransfield
![Page 31: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/31.jpg)
ACCESSFor a less industrial strength, but still effective solution consider Cloak, a personal VPN service for Apple devices
![Page 32: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/32.jpg)
MAINTENANCE
![Page 33: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/33.jpg)
MAINTENANCE
Seriously, keep all WordPress software up to date
Keep WordPressand plugins up to date
![Page 34: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/34.jpg)
MAINTENANCE
Delete all unused plugins and themes—this is very important, old plugins and themes are a common vector for hackers
![Page 35: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/35.jpg)
MAINTENANCEIf it’s not provided by the host, install a backup plugin
- BackupBuddy and VaultPress are good choices
- Store backups in a remote location
![Page 37: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/37.jpg)
MAINTENANCESeriously, keep WordPress, themes and plugins up to date
!
!
And back the site up frequently to a remote location
![Page 38: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/38.jpg)
THIS?
![Page 39: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/39.jpg)
Do these things and the chances you will be hacked are greatly reduced
OR THIS…
FOLLOW THESE RECOMMENDATIONS AND THE CHANCES OF GETTING HACKED WILL BE GREATLY REDUCED
![Page 40: WordPress Security is like a HHAM Sandwich](https://reader035.fdocuments.net/reader035/viewer/2022081403/554be198b4c90556328b470f/html5/thumbnails/40.jpg)
THANK YOU!
Red8 Interactive San Francisco, CA St. Louis, MO !James Hipkin [email protected] 415.789.3685
The slides are available on SlideShare:http://www.slideshare.net/Red8Interactive/hham-for-wp-security