wordcamp st. louis 2011 wordpress security presentation
Post on 18-Oct-2014
853 views
DESCRIPTION
The slides from the presentation I gave at WordCamp Fayetteville on Guest Blogging.TRANSCRIPT
WORDPRESS SECURITYTips and Tricks to Secure Your Site
A LITTLE ABOUT
ANDY CROFFORDCONTACT INFO
Email: [email protected]
Twitter: @andycrofford
WEBSITES
AppTa.co - http://appta.co
TechKing - http://testking.com/techking
Mobile Orchard - http://mobileorchard.com
ThemeFuse - http://theme fuse.com
HTTP://J.MP/WORDCAMPSTLSlides available for download
#WCSTLSEC#hashtag
WHY IS WORDPRESS SECURITY IMPORTANT?
YOU VALUE YOUR SITE AND ITS CONTENTS
WHY IS WORDPRESS INSECURE?
IT IS OPEN SOURCE AND ANYONE HAS ACCESS TO THE CODE
PLUGINS CAN LEAVE THE DOOR OPEN
SO WHAT CAN YOU DO?
1. KEEP WORDPRESS UP TO DATE
2. UPDATE PLUGINS REGULARLY
3. DO NOT USE ADMIN AS YOUR USERNAME
4. USE A SECURE PASSWORD
CHECK YOUR PASSWORD STRENGTH AT:
HTTP://WWW.PASSWORDMETER.COM
5. KEEP YOUR THEME UPDATED
6. RESTRICT ACCESS TO THE ADMIN LOGIN PAGE BY IP ADDRESS
.HTACCESSAuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to whitelistallow from xxx.xxx.xxx.xxx
Replace xxx.xxx.xxx.xxx with your IP address.
.HTACCESSAuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to whitelistallow from xxx.xxx.xxx.*
Replace xxx.xxx.xxx.* with your IP address.
7. MOVE YOUR WP-CONFIG.PHP FILE
8. CHANGE THE WORDPRESS TABLE PREFIX
UPDATE $TABLE_PREFIX
9. USE SECRET KEYS
SECRET KEY GENERATOR
https://api.wordpress.org/secret-key/1.1/salt
SECURE KEYS
10. HIDE LOGIN ERROR MESSAGES
HIDE LOGIN ERRORS
add_filter('login_errors', create_function('$a', "return null;"));
11. BACKUP, BACKUP, BACKUP
UTILIZE SECURITY PLUGINS
1. LOGIN LOCK DOWNhttp://j.mp/wp-lockdown
2. STEALTH LOGINhttp://j.mp/wp-stealth
3. ADMIN SSLhttp://j.mp/wp-adminssl
4. BACKWPUPhttp://j.mp/backwpup
PAID BACKUP SERVICES
• VaultPress - http://www.vaultpress.com
• Backup Buddy - http://j.mp/wp-backup buddy
QUESTIONS?
WORDCAMP
GET 6 MONTHS FREE SHARED HOSTING FROM SITE5 (WWW.SITE5.COM)