SlideShare una empresa de Scribd logo

WordPress Security

Marshall Stevenson
Marshall Stevenson

This was a 45 minute presentation given to the Calgary WordPress Meetup group on April 23, 2013 on WordPress Security along with additional tips and tricks on password best practices. Meetup: http://www.meetup.com/The-Calgary-WordPress-Meetup-Group/ Presenter: http://rexroar.com

Tecnología
1 de 23
Do you use the same password on multiple sites?
If you don’t follow password best practices, your hacked WordPress account could lead to other compromised accounts
What’s at risk? • Redirect visitors to a completely different website • Compromise shared hosting server and infect other sites • Phish for sensitive info • Hijack links • Blacklisted by Google and other search engines • And more…
Things you can do • Keep your core, themes & plugins updated • Remove unused themes & plugins from server • Remove the WP version number • Select a good username • Never write as an Administrator • Create & use a strong password • Secure WordPress further
Keep up-to-date • The majority of hacked WordPress sites are not updated! • Before ever making updates, ensure you backup your database AND content • Use a plugin like Backup Buddy to automate the task or other free options • Update WordPress, themes & plugins
Clean up your house • Remove unused themes (twentyten, etc) • Remove inactive plugins from WordPress and the server • Don’t keep .sql files (or other backups) stored on your server
Remove the WP version number http://www.wpbeginner.com/wp-tutorials/the-right-way-to-remove-wordpre
Select a good username • Never use ‘admin’ or ‘administrator’ as your username • Never use the sitename as your username • If you have one of these, get rid of it…now • Your personal name is OK, but your password needs to be strong
Never write as an Admin user • In no time at all a username can be determined • If a post is written as an admin, half the job is already done
Create & use a strong password When creating a password, do NOT use: • Your birthdate, • Only numbers or wedding anniversary, letters or dates of birth of • A short, easy to your children or remember password spounse • The word ‘password’ • Your name, • No words found in a username, company dictionary* name, names of your children • Your SIN number
Create & use a strong password When creating a password, do use: • At least 10 characters • A mix of numbers, upper and lower case letters and special characters • A password you have never used before • Consider ‘salting’ your password • Have a system or mnemonic
Create & use a strong password Consider a multi-word combo password Credit: http://xkcd.com/936/
Create & use a strong password Consider a multi-word combo password • More likely to be remembered • Words must be random • Words must not relate • Upper & lower cases still matter • Add a number or two • Special character as well
Create & use a strong password DO NOT store your password in an obvious place! • NOT on a sticky note on your monitor • NOT in your daily planner Use a Password Keeper • LastPass.com • AgileBits.com/OnePassword
Create & use a strong password Don’t panic, password recovery is built in!
Create & use a strong password Password Generator • www.StrongPasswordGenerator.com • www.random.org/passwords/ Test your password • www.PasswordMeter.com • www.grc.com/haystack.htm
Secure WordPress further Four free plugins you can use to secure WP • Limit login attempts • Better WP security • Wordfence • WP-Security scan All are located in the WordPress plugin repository
Resources Sucuri.net • $89.99/year • Malware cleanup, monitoring and more Duo Security • Free* • Add two-factor sign in for your installation
Next steps? • Implement this stuff!! • Start with the basics – A strong password – A good username – Writing with an editor username
WordCamp Calgary 2013 • Tickets on sale April 24 • $40 for two-day conference • http://2013.calgary.wordcamp.org
WordPress Security

Recomendados

NEPA BlogCon 2013 - WordPress Customization & Security
NEPA BlogCon 2013 - WordPress Customization & SecurityNEPA BlogCon 2013 - WordPress Customization & Security
NEPA BlogCon 2013 - WordPress Customization & SecurityMichelle Davies (Hryvnak)
 
WordPress Customization and Security
WordPress Customization and SecurityWordPress Customization and Security
WordPress Customization and SecurityJoe Casabona
 
Installing WordPress The Right Way
Installing WordPress The Right WayInstalling WordPress The Right Way
Installing WordPress The Right WayChris Burgess
 
The Basics of WordPress
The Basics of WordPressThe Basics of WordPress
The Basics of WordPressThom Allen
 
EndLess Possibilities With Wordpress
EndLess Possibilities With WordpressEndLess Possibilities With Wordpress
EndLess Possibilities With WordpressImanuel Gittens
 
WordPress Themes Demystified
WordPress Themes DemystifiedWordPress Themes Demystified
WordPress Themes DemystifiedChris Burgess
 
WordPress Basics
WordPress BasicsWordPress Basics
WordPress BasicsKyrie Tompkins
 
Create Professional Websites on a Shoestring
Create Professional Websites on a ShoestringCreate Professional Websites on a Shoestring
Create Professional Websites on a ShoestringKaren Weed
 

Recomendados

NEPA BlogCon 2013 - WordPress Customization & Security
NEPA BlogCon 2013 - WordPress Customization & SecurityNEPA BlogCon 2013 - WordPress Customization & Security
NEPA BlogCon 2013 - WordPress Customization & SecurityMichelle Davies (Hryvnak)
 
WordPress Customization and Security
WordPress Customization and SecurityWordPress Customization and Security
WordPress Customization and SecurityJoe Casabona
 
Installing WordPress The Right Way
Installing WordPress The Right WayInstalling WordPress The Right Way
Installing WordPress The Right WayChris Burgess
 
The Basics of WordPress
The Basics of WordPressThe Basics of WordPress
The Basics of WordPressThom Allen
 
EndLess Possibilities With Wordpress
EndLess Possibilities With WordpressEndLess Possibilities With Wordpress
EndLess Possibilities With WordpressImanuel Gittens
 
WordPress Themes Demystified
WordPress Themes DemystifiedWordPress Themes Demystified
WordPress Themes DemystifiedChris Burgess
 
WordPress Basics
WordPress BasicsWordPress Basics
WordPress BasicsKyrie Tompkins
 
Create Professional Websites on a Shoestring
Create Professional Websites on a ShoestringCreate Professional Websites on a Shoestring
Create Professional Websites on a ShoestringKaren Weed
 
WordCamp KC WordPress Basics
WordCamp KC WordPress BasicsWordCamp KC WordPress Basics
WordCamp KC WordPress BasicsJim Grant
 
SEO Mistakes
SEO MistakesSEO Mistakes
SEO Mistakesguest388802
 
Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015Michele Butcher-Jones
 
Building the basics (WordPress Ottawa 2014)
Building the basics (WordPress Ottawa 2014)Building the basics (WordPress Ottawa 2014)
Building the basics (WordPress Ottawa 2014)christopherfross
 
Every Artist needs a Great Website: Getting Started with WordPress
Every Artist needs a Great Website: Getting Started with WordPressEvery Artist needs a Great Website: Getting Started with WordPress
Every Artist needs a Great Website: Getting Started with WordPressRuth Maude
 
2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hostingshendison
 
PHP Code And Search Engine Optimation
PHP Code And Search Engine OptimationPHP Code And Search Engine Optimation
PHP Code And Search Engine OptimationSeo Indonesia
 
JakartaJS - How I Learn Javascript From Basic
JakartaJS - How I Learn Javascript From BasicJakartaJS - How I Learn Javascript From Basic
JakartaJS - How I Learn Javascript From BasicIrfan Maulana
 
WordPress best practices by billrice
WordPress best practices by billriceWordPress best practices by billrice
WordPress best practices by billriceRiceDesign
 
Score intro wordpress 4.3.2013
Score intro wordpress 4.3.2013Score intro wordpress 4.3.2013
Score intro wordpress 4.3.2013Bob Garrett
 
Word press 101
Word press 101Word press 101
Word press 101Fajr Muhammad
 
WordPress Theme Workshop: Part 4
WordPress Theme Workshop: Part 4WordPress Theme Workshop: Part 4
WordPress Theme Workshop: Part 4David Bisset
 
WordPress Theme Basics
WordPress Theme BasicsWordPress Theme Basics
WordPress Theme BasicsJen Jamar
 
Wordpress plugin
Wordpress pluginWordpress plugin
Wordpress pluginHarmanpreet Singh
 
Social media management wordpress ppt
Social media management wordpress pptSocial media management wordpress ppt
Social media management wordpress pptTraining As A Service
 
Introduction wordpress
Introduction wordpressIntroduction wordpress
Introduction wordpressHall_
 
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clients
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your ClientsWhy Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clients
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clientsryanduff
 
WordPress 101 wcmelb 2013
WordPress 101 wcmelb 2013WordPress 101 wcmelb 2013
WordPress 101 wcmelb 2013Warren Denley
 
Apas
ApasApas
ApasGreekTuts Ελληνικά Βοηθήματα
 
WordPress, Domain Names and Web Hosting Basics
WordPress, Domain Names and Web Hosting BasicsWordPress, Domain Names and Web Hosting Basics
WordPress, Domain Names and Web Hosting BasicsChris Burgess
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security EssentialsAngela Bowman
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 

Más contenido relacionado

La actualidad más candente

WordCamp KC WordPress Basics
WordCamp KC WordPress BasicsWordCamp KC WordPress Basics
WordCamp KC WordPress BasicsJim Grant
 
Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015Michele Butcher-Jones
 
Building the basics (WordPress Ottawa 2014)
Building the basics (WordPress Ottawa 2014)Building the basics (WordPress Ottawa 2014)
Building the basics (WordPress Ottawa 2014)christopherfross
 
Every Artist needs a Great Website: Getting Started with WordPress
Every Artist needs a Great Website: Getting Started with WordPressEvery Artist needs a Great Website: Getting Started with WordPress
Every Artist needs a Great Website: Getting Started with WordPressRuth Maude
 
2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hostingshendison
 
PHP Code And Search Engine Optimation
PHP Code And Search Engine OptimationPHP Code And Search Engine Optimation
PHP Code And Search Engine OptimationSeo Indonesia
 
JakartaJS - How I Learn Javascript From Basic
JakartaJS - How I Learn Javascript From BasicJakartaJS - How I Learn Javascript From Basic
JakartaJS - How I Learn Javascript From BasicIrfan Maulana
 
WordPress best practices by billrice
WordPress best practices by billriceWordPress best practices by billrice
WordPress best practices by billriceRiceDesign
 
Score intro wordpress 4.3.2013
Score intro wordpress 4.3.2013Score intro wordpress 4.3.2013
Score intro wordpress 4.3.2013Bob Garrett
 
WordPress Theme Workshop: Part 4
WordPress Theme Workshop: Part 4WordPress Theme Workshop: Part 4
WordPress Theme Workshop: Part 4David Bisset
 
WordPress Theme Basics
WordPress Theme BasicsWordPress Theme Basics
WordPress Theme BasicsJen Jamar
 
Social media management wordpress ppt
Social media management wordpress pptSocial media management wordpress ppt
Social media management wordpress pptTraining As A Service
 
Introduction wordpress
Introduction wordpressIntroduction wordpress
Introduction wordpressHall_
 
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clients
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your ClientsWhy Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clients
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clientsryanduff
 
WordPress 101 wcmelb 2013
WordPress 101 wcmelb 2013WordPress 101 wcmelb 2013
WordPress 101 wcmelb 2013Warren Denley
 
WordPress, Domain Names and Web Hosting Basics
WordPress, Domain Names and Web Hosting BasicsWordPress, Domain Names and Web Hosting Basics
WordPress, Domain Names and Web Hosting BasicsChris Burgess
 

La actualidad más candente (20)

WordCamp KC WordPress Basics
WordCamp KC WordPress BasicsWordCamp KC WordPress Basics
WordCamp KC WordPress Basics
 
SEO Mistakes
SEO MistakesSEO Mistakes
SEO Mistakes
 
Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015
 
Building the basics (WordPress Ottawa 2014)
Building the basics (WordPress Ottawa 2014)Building the basics (WordPress Ottawa 2014)
Building the basics (WordPress Ottawa 2014)
 
Every Artist needs a Great Website: Getting Started with WordPress
Every Artist needs a Great Website: Getting Started with WordPressEvery Artist needs a Great Website: Getting Started with WordPress
Every Artist needs a Great Website: Getting Started with WordPress
 
2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting2010 11 pubcon_hendison-hosting
2010 11 pubcon_hendison-hosting
 
PHP Code And Search Engine Optimation
PHP Code And Search Engine OptimationPHP Code And Search Engine Optimation
PHP Code And Search Engine Optimation
 
JakartaJS - How I Learn Javascript From Basic
JakartaJS - How I Learn Javascript From BasicJakartaJS - How I Learn Javascript From Basic
JakartaJS - How I Learn Javascript From Basic
 
WordPress best practices by billrice
WordPress best practices by billriceWordPress best practices by billrice
WordPress best practices by billrice
 
Score intro wordpress 4.3.2013
Score intro wordpress 4.3.2013Score intro wordpress 4.3.2013
Score intro wordpress 4.3.2013
 
Word press 101
Word press 101Word press 101
Word press 101
 
WordPress Theme Workshop: Part 4
WordPress Theme Workshop: Part 4WordPress Theme Workshop: Part 4
WordPress Theme Workshop: Part 4
 
WordPress Theme Basics
WordPress Theme BasicsWordPress Theme Basics
WordPress Theme Basics
 
Wordpress plugin
Wordpress pluginWordpress plugin
Wordpress plugin
 
Social media management wordpress ppt
Social media management wordpress pptSocial media management wordpress ppt
Social media management wordpress ppt
 
Introduction wordpress
Introduction wordpressIntroduction wordpress
Introduction wordpress
 
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clients
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your ClientsWhy Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clients
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clients
 
WordPress 101 wcmelb 2013
WordPress 101 wcmelb 2013WordPress 101 wcmelb 2013
WordPress 101 wcmelb 2013
 
Apas
ApasApas
Apas
 
WordPress, Domain Names and Web Hosting Basics
WordPress, Domain Names and Web Hosting BasicsWordPress, Domain Names and Web Hosting Basics
WordPress, Domain Names and Web Hosting Basics
 

Similar a WordPress Security

WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security EssentialsAngela Bowman
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security BasicsRyan Plas
 
WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 stk_jj
 
Prevent Hacking: 10 Steps to Secure your WordPress Site
Prevent Hacking: 10 Steps to Secure your WordPress SitePrevent Hacking: 10 Steps to Secure your WordPress Site
Prevent Hacking: 10 Steps to Secure your WordPress SiteDr. Rachna Jain
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and SecurityThink Media Inc.
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
How to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsHow to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsConnectSafely
 
Be Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better SecurityBe Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better Securitysecuriously
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawConnectSafely
 
Don't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
Don't Forget Your (Virtual) Keys: Creating and Using Strong PasswordsDon't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
Don't Forget Your (Virtual) Keys: Creating and Using Strong Passwordsrmortiz66
 
11 Amazing things I Learnt At Word Camp Sydney 2014
11 Amazing things I Learnt At Word Camp Sydney 201411 Amazing things I Learnt At Word Camp Sydney 2014
11 Amazing things I Learnt At Word Camp Sydney 2014WordPressBrisbane
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityNathan Platt
 
WordPress Intermediate Workshop
WordPress Intermediate WorkshopWordPress Intermediate Workshop
WordPress Intermediate WorkshopThe Toolbox, Inc.
 
Your Site Has Been Hacked, Now What?
Your Site Has Been Hacked, Now What?Your Site Has Been Hacked, Now What?
Your Site Has Been Hacked, Now What?Michele Butcher-Jones
 
There's No Crying In Wordpress! (an intro to WP)
There's No Crying In Wordpress! (an intro to WP)There's No Crying In Wordpress! (an intro to WP)
There's No Crying In Wordpress! (an intro to WP)Grace Solivan
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
WordPress Optimization - Pubcon Las Vegas 2014
WordPress Optimization - Pubcon Las Vegas 2014WordPress Optimization - Pubcon Las Vegas 2014
WordPress Optimization - Pubcon Las Vegas 2014Brian LaFrance
 

Similar a WordPress Security (20)

WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security Basics
 
WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020
 
Prevent Hacking: 10 Steps to Secure your WordPress Site
Prevent Hacking: 10 Steps to Secure your WordPress SitePrevent Hacking: 10 Steps to Secure your WordPress Site
Prevent Hacking: 10 Steps to Secure your WordPress Site
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and Security
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
 
How to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsHow to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique Passwords
 
Be Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better SecurityBe Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better Security
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security Flaw
 
Don't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
Don't Forget Your (Virtual) Keys: Creating and Using Strong PasswordsDon't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
Don't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
 
11 Amazing things I Learnt At Word Camp Sydney 2014
11 Amazing things I Learnt At Word Camp Sydney 201411 Amazing things I Learnt At Word Camp Sydney 2014
11 Amazing things I Learnt At Word Camp Sydney 2014
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
WordPress Intermediate Workshop
WordPress Intermediate WorkshopWordPress Intermediate Workshop
WordPress Intermediate Workshop
 
Your Site Has Been Hacked, Now What?
Your Site Has Been Hacked, Now What?Your Site Has Been Hacked, Now What?
Your Site Has Been Hacked, Now What?
 
I Have My WordPress Site Now What?
I Have My WordPress Site Now What?I Have My WordPress Site Now What?
I Have My WordPress Site Now What?
 
There's No Crying In Wordpress! (an intro to WP)
There's No Crying In Wordpress! (an intro to WP)There's No Crying In Wordpress! (an intro to WP)
There's No Crying In Wordpress! (an intro to WP)
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
Haltech WordPress102
Haltech WordPress102Haltech WordPress102
Haltech WordPress102
 
WordPress Optimization - Pubcon Las Vegas 2014
WordPress Optimization - Pubcon Las Vegas 2014WordPress Optimization - Pubcon Las Vegas 2014
WordPress Optimization - Pubcon Las Vegas 2014
 

Último

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 

Último (20)

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 

WordPress Security

  • 1.
  • 2. Do you use the same password on multiple sites?
  • 3. If you don’t follow password best practices, your hacked WordPress account could lead to other compromised accounts
  • 4. What’s at risk? • Redirect visitors to a completely different website • Compromise shared hosting server and infect other sites • Phish for sensitive info • Hijack links • Blacklisted by Google and other search engines • And more…
  • 5.
  • 6. Things you can do • Keep your core, themes & plugins updated • Remove unused themes & plugins from server • Remove the WP version number • Select a good username • Never write as an Administrator • Create & use a strong password • Secure WordPress further
  • 7. Keep up-to-date • The majority of hacked WordPress sites are not updated! • Before ever making updates, ensure you backup your database AND content • Use a plugin like Backup Buddy to automate the task or other free options • Update WordPress, themes & plugins
  • 8. Clean up your house • Remove unused themes (twentyten, etc) • Remove inactive plugins from WordPress and the server • Don’t keep .sql files (or other backups) stored on your server
  • 9. Remove the WP version number http://www.wpbeginner.com/wp-tutorials/the-right-way-to-remove-wordpre
  • 10. Select a good username • Never use ‘admin’ or ‘administrator’ as your username • Never use the sitename as your username • If you have one of these, get rid of it…now • Your personal name is OK, but your password needs to be strong
  • 11. Never write as an Admin user • In no time at all a username can be determined • If a post is written as an admin, half the job is already done
  • 12. Create & use a strong password When creating a password, do NOT use: • Your birthdate, • Only numbers or wedding anniversary, letters or dates of birth of • A short, easy to your children or remember password spounse • The word ‘password’ • Your name, • No words found in a username, company dictionary* name, names of your children • Your SIN number
  • 13. Create & use a strong password When creating a password, do use: • At least 10 characters • A mix of numbers, upper and lower case letters and special characters • A password you have never used before • Consider ‘salting’ your password • Have a system or mnemonic
  • 14. Create & use a strong password Consider a multi-word combo password Credit: http://xkcd.com/936/
  • 15. Create & use a strong password Consider a multi-word combo password • More likely to be remembered • Words must be random • Words must not relate • Upper & lower cases still matter • Add a number or two • Special character as well
  • 16. Create & use a strong password DO NOT store your password in an obvious place! • NOT on a sticky note on your monitor • NOT in your daily planner Use a Password Keeper • LastPass.com • AgileBits.com/OnePassword
  • 17. Create & use a strong password Don’t panic, password recovery is built in!
  • 18. Create & use a strong password Password Generator • www.StrongPasswordGenerator.com • www.random.org/passwords/ Test your password • www.PasswordMeter.com • www.grc.com/haystack.htm
  • 19. Secure WordPress further Four free plugins you can use to secure WP • Limit login attempts • Better WP security • Wordfence • WP-Security scan All are located in the WordPress plugin repository
  • 20. Resources Sucuri.net • $89.99/year • Malware cleanup, monitoring and more Duo Security • Free* • Add two-factor sign in for your installation
  • 21. Next steps? • Implement this stuff!! • Start with the basics – A strong password – A good username – Writing with an editor username
  • 22. WordCamp Calgary 2013 • Tickets on sale April 24 • $40 for two-day conference • http://2013.calgary.wordcamp.org