SlideShare una empresa de Scribd logo

WordPress Security

Descargar como ODP, PDF
Suzette Franck
Suzette Franck
Tecnología
1 de 13
Security Considerations For W ordP ress Presented by Suzette Franck
When Should You Consider Security? ➔ Every Step of the Process!!! ➔ Buying Domain – Keys To The Kingdom ➔ Hosting ➔ PCI Compliance (Credit Cards) ➔ Updates and Maintenance ➔ Privacy Policy ➔ Sharing Of Information & Credentials
Secure Hosting ➔ Reputation: Godaddy vs. WPEngine ➔ Cost: Shared Hosting, VPS, Dedicated Server, Managed Hosting ➔ Support: Self-Supporting vs. Managed Hosting (Back-ups?) ➔ Software: O/S, cPanel, WHM, Plesk, Apache or NginX ➔ Performance: Speed, Scalability, Upgradability
Hosting Questions ➔ Are SFTP or SSH Offered? ➔ Are PHP (5.2.4+) & MySQL (5.0+) at Latest Versions? ➔ Do They Have 24/7 Phone Support? ➔ How Have They Handled Past Security Breaches And Down Times? ➔ Is There An Uptime Guarantee? ➔ Do They Do Backups? How Often?
Making WordPress More Secure ➔ Update Core When Updates Available ASAP ➔ .1 Upgrades Are Security & Bug Fixes ➔ 1. Upgrades Are New Features ➔ Carefully Update Plugins (Backup First!) ➔ Use SFTP or SSH, not FTP ➔ Use Strong Passwords
Account B P est ractices ➔ Delete Default “Admin” Account ➔ Unique Accounts for Each Person ➔ No Sharing Of Accounts and Passwords ➔ Do Not Store Your Credentials In Clear Text (No Stickies, Excel, or Notepad) ➔ Principle of Least Privilege/Role Based Access Controls ➔ Always Use Strong Passwords
WordPress Roles ➔ Super Admin - Network Administration (Multi-User Sites) ➔ Administrator - Access To All ➔ Editor - Other Users' Posts ➔ Author - Own Posts Only ➔ Contributor - Submit But Not Publish ➔ Subscriber - Manage Their Own Profile *Members Plugin - Add and Change Roles
Strong Passwords ➔ a=4 e=3 s=5 i=1 o=0 Is Not Secure!!!! ➔ Combination of Uppercase and Lowercase Letters, Numbers & Special Characters ➔ Passwords Should Be Pass Phrases (8-15 characters minimum) ➔ Change Passwords Often & Never Share (like a Tooth Brush!) ➔ Use A Password Manager (i.e. LastPass or KeePass)
P Data Security Standard CI ➔ Follows Common Sense Best Security Practices ➔ Handled Through The Payment Processor That Accepts Credit Cards (PayPal or 3 rd Party Shopping Cart) ➔ Requires Credit Card and Client Information To Be Stored And Transmitted Securely (HTTPS/SSL) ➔ Strong Secure Passwords Changed Often
Privacy Policy ➔ If You Are Collecting Any Information on Your Website, You Should Have One ➔ Type of Collected Information, Intents ➔ Shows Commitment to Data Security ➔ How to Contact You & Update Information ➔ Third Party Apps Such as Mailchimp, Constant Contact, PayPal Have Their Own Privacy Policies
I've Been Hacked!!! ➔ Stay Calm, Breathe ➔ Isolate the Infection – Take Site Offline ➔ Change All Passwords ➔ Update Clients – Phone Calls Are Best ➔ Cure The Problem or Hand Off ➔ Restore Service ➔ Analyze Cause and Prevent Future Infections
Security Resources http://sucuri.net http://codex.wordpress.org/Security_FAQ http://codex.wordpress.org/Hardening_WordPress https://www.pcisecuritystandards.org http://en.wikipedia.org/wiki/Privacy_policy http://blog.shareaholic.com/2012/09/wordpress-host-guide/ http://www.coppa.org/ http://www.hhs.gov/hipaafaq/about/190.html
Questions and Answers Twitter: @suzettework suzette@kussner.com http://suzettefranck.com

Recomendados

Word press security checklist
Word press security checklistWord press security checklist
Word press security checklistSanjay Dabhoya
 
ServerBeach and WordPress BlogWorldExpo 2007
ServerBeach and WordPress BlogWorldExpo 2007ServerBeach and WordPress BlogWorldExpo 2007
ServerBeach and WordPress BlogWorldExpo 2007Barry Abrahamson
 
High Performance WordPress II
High Performance WordPress IIHigh Performance WordPress II
High Performance WordPress IIBarry Abrahamson
 
High Performance WordPress
High Performance WordPressHigh Performance WordPress
High Performance WordPressBarry Abrahamson
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security BasicsRyan Plas
 
WordPress Meetup at HUBBA Thailand
WordPress Meetup at HUBBA ThailandWordPress Meetup at HUBBA Thailand
WordPress Meetup at HUBBA ThailandTakayuki Miyauchi
 
WordPress Hosting Survival Guide
WordPress Hosting Survival Guide WordPress Hosting Survival Guide
WordPress Hosting Survival Guide WordCamp Sydney
 
WordPress.org & Optimizing Security for your WordPress sites
WordPress.org & Optimizing Security for your WordPress sitesWordPress.org & Optimizing Security for your WordPress sites
WordPress.org & Optimizing Security for your WordPress sitesGovLoop
 

Recomendados

Word press security checklist
Word press security checklistWord press security checklist
Word press security checklistSanjay Dabhoya
 
ServerBeach and WordPress BlogWorldExpo 2007
ServerBeach and WordPress BlogWorldExpo 2007ServerBeach and WordPress BlogWorldExpo 2007
ServerBeach and WordPress BlogWorldExpo 2007Barry Abrahamson
 
High Performance WordPress II
High Performance WordPress IIHigh Performance WordPress II
High Performance WordPress IIBarry Abrahamson
 
High Performance WordPress
High Performance WordPressHigh Performance WordPress
High Performance WordPressBarry Abrahamson
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security BasicsRyan Plas
 
WordPress Meetup at HUBBA Thailand
WordPress Meetup at HUBBA ThailandWordPress Meetup at HUBBA Thailand
WordPress Meetup at HUBBA ThailandTakayuki Miyauchi
 
WordPress Hosting Survival Guide
WordPress Hosting Survival Guide WordPress Hosting Survival Guide
WordPress Hosting Survival Guide WordCamp Sydney
 
WordPress.org & Optimizing Security for your WordPress sites
WordPress.org & Optimizing Security for your WordPress sitesWordPress.org & Optimizing Security for your WordPress sites
WordPress.org & Optimizing Security for your WordPress sitesGovLoop
 
High Performance WordPress - WordCamp Jerusalem 2010
High Performance WordPress - WordCamp Jerusalem 2010High Performance WordPress - WordCamp Jerusalem 2010
High Performance WordPress - WordCamp Jerusalem 2010Barry Abrahamson
 
Ship WordPress Projects Like a Boss
Ship WordPress Projects Like a BossShip WordPress Projects Like a Boss
Ship WordPress Projects Like a BossSiteGround.com
 
Word press security basics
Word press security basicsWord press security basics
Word press security basicsEast Bay WordPress Meetup
 
Speeding Up WordPress sites
Speeding Up WordPress sitesSpeeding Up WordPress sites
Speeding Up WordPress sitesJason Yingling
 
Caching 101
Caching 101Caching 101
Caching 101Andy Melichar
 
Web host
Web hostWeb host
Web hostAbhishek Pol
 
WordPress Migrations 101 - WordCamp Orlando
WordPress Migrations 101 - WordCamp OrlandoWordPress Migrations 101 - WordCamp Orlando
WordPress Migrations 101 - WordCamp OrlandoSiteGround.com
 
All Things WordPress - The How, What and Why of SSLs
All Things WordPress - The How, What and Why of SSLsAll Things WordPress - The How, What and Why of SSLs
All Things WordPress - The How, What and Why of SSLsMickey Mellen
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress SecurityNile Flores
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014Michael Carnell
 
Different Types of Web Hosting Services
Different Types of Web Hosting ServicesDifferent Types of Web Hosting Services
Different Types of Web Hosting ServicesJude Pugh
 
Secure Web hosting provider - KTCHost
Secure Web hosting provider - KTCHostSecure Web hosting provider - KTCHost
Secure Web hosting provider - KTCHostKTC Host
 
hosting.ppt
hosting.ppthosting.ppt
hosting.pptwebhostingguy
 
10 tips to improve your website security
10 tips to improve your website security10 tips to improve your website security
10 tips to improve your website securitySucuri
 
Types of web hosting services
Types of web hosting servicesTypes of web hosting services
Types of web hosting servicesDaksha Hosting
 
Super quick introduction to html5
Super quick introduction to html5Super quick introduction to html5
Super quick introduction to html5Woody Pewitt
 
Web hosting
Web hostingWeb hosting
Web hostingRenato Luminati
 
WEB HOSTING
WEB HOSTINGWEB HOSTING
WEB HOSTINGwebhostingguy
 
Blog Enhancing through Extensions
Blog Enhancing through ExtensionsBlog Enhancing through Extensions
Blog Enhancing through ExtensionsJure Cuhalev
 
Speed Up WordPress Websites - Part 1 - WordPress Cairo Meetup
Speed Up WordPress Websites - Part 1 - WordPress Cairo MeetupSpeed Up WordPress Websites - Part 1 - WordPress Cairo Meetup
Speed Up WordPress Websites - Part 1 - WordPress Cairo MeetupAhmed Mohammed Nagdy
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
Edge Side APIs: Fast and Reliable Hypermedia APIs
Edge Side APIs: Fast and Reliable Hypermedia APIsEdge Side APIs: Fast and Reliable Hypermedia APIs
Edge Side APIs: Fast and Reliable Hypermedia APIsNordic APIs
 

Más contenido relacionado

La actualidad más candente

High Performance WordPress - WordCamp Jerusalem 2010
High Performance WordPress - WordCamp Jerusalem 2010High Performance WordPress - WordCamp Jerusalem 2010
High Performance WordPress - WordCamp Jerusalem 2010Barry Abrahamson
 
Ship WordPress Projects Like a Boss
Ship WordPress Projects Like a BossShip WordPress Projects Like a Boss
Ship WordPress Projects Like a BossSiteGround.com
 
Speeding Up WordPress sites
Speeding Up WordPress sitesSpeeding Up WordPress sites
Speeding Up WordPress sitesJason Yingling
 
WordPress Migrations 101 - WordCamp Orlando
WordPress Migrations 101 - WordCamp OrlandoWordPress Migrations 101 - WordCamp Orlando
WordPress Migrations 101 - WordCamp OrlandoSiteGround.com
 
All Things WordPress - The How, What and Why of SSLs
All Things WordPress - The How, What and Why of SSLsAll Things WordPress - The How, What and Why of SSLs
All Things WordPress - The How, What and Why of SSLsMickey Mellen
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress SecurityNile Flores
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014Michael Carnell
 
Different Types of Web Hosting Services
Different Types of Web Hosting ServicesDifferent Types of Web Hosting Services
Different Types of Web Hosting ServicesJude Pugh
 
Secure Web hosting provider - KTCHost
Secure Web hosting provider - KTCHostSecure Web hosting provider - KTCHost
Secure Web hosting provider - KTCHostKTC Host
 
10 tips to improve your website security
10 tips to improve your website security10 tips to improve your website security
10 tips to improve your website securitySucuri
 
Types of web hosting services
Types of web hosting servicesTypes of web hosting services
Types of web hosting servicesDaksha Hosting
 
Super quick introduction to html5
Super quick introduction to html5Super quick introduction to html5
Super quick introduction to html5Woody Pewitt
 
Blog Enhancing through Extensions
Blog Enhancing through ExtensionsBlog Enhancing through Extensions
Blog Enhancing through ExtensionsJure Cuhalev
 
Speed Up WordPress Websites - Part 1 - WordPress Cairo Meetup
Speed Up WordPress Websites - Part 1 - WordPress Cairo MeetupSpeed Up WordPress Websites - Part 1 - WordPress Cairo Meetup
Speed Up WordPress Websites - Part 1 - WordPress Cairo MeetupAhmed Mohammed Nagdy
 

La actualidad más candente (20)

High Performance WordPress - WordCamp Jerusalem 2010
High Performance WordPress - WordCamp Jerusalem 2010High Performance WordPress - WordCamp Jerusalem 2010
High Performance WordPress - WordCamp Jerusalem 2010
 
Ship WordPress Projects Like a Boss
Ship WordPress Projects Like a BossShip WordPress Projects Like a Boss
Ship WordPress Projects Like a Boss
 
Word press security basics
Word press security basicsWord press security basics
Word press security basics
 
Speeding Up WordPress sites
Speeding Up WordPress sitesSpeeding Up WordPress sites
Speeding Up WordPress sites
 
Caching 101
Caching 101Caching 101
Caching 101
 
Web host
Web hostWeb host
Web host
 
WordPress Migrations 101 - WordCamp Orlando
WordPress Migrations 101 - WordCamp OrlandoWordPress Migrations 101 - WordCamp Orlando
WordPress Migrations 101 - WordCamp Orlando
 
All Things WordPress - The How, What and Why of SSLs
All Things WordPress - The How, What and Why of SSLsAll Things WordPress - The How, What and Why of SSLs
All Things WordPress - The How, What and Why of SSLs
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress Security
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014
 
Different Types of Web Hosting Services
Different Types of Web Hosting ServicesDifferent Types of Web Hosting Services
Different Types of Web Hosting Services
 
Secure Web hosting provider - KTCHost
Secure Web hosting provider - KTCHostSecure Web hosting provider - KTCHost
Secure Web hosting provider - KTCHost
 
hosting.ppt
hosting.ppthosting.ppt
hosting.ppt
 
10 tips to improve your website security
10 tips to improve your website security10 tips to improve your website security
10 tips to improve your website security
 
Types of web hosting services
Types of web hosting servicesTypes of web hosting services
Types of web hosting services
 
Super quick introduction to html5
Super quick introduction to html5Super quick introduction to html5
Super quick introduction to html5
 
Web hosting
Web hostingWeb hosting
Web hosting
 
WEB HOSTING
WEB HOSTINGWEB HOSTING
WEB HOSTING
 
Blog Enhancing through Extensions
Blog Enhancing through ExtensionsBlog Enhancing through Extensions
Blog Enhancing through Extensions
 
Speed Up WordPress Websites - Part 1 - WordPress Cairo Meetup
Speed Up WordPress Websites - Part 1 - WordPress Cairo MeetupSpeed Up WordPress Websites - Part 1 - WordPress Cairo Meetup
Speed Up WordPress Websites - Part 1 - WordPress Cairo Meetup
 

Similar a WordPress Security

WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
Edge Side APIs: Fast and Reliable Hypermedia APIs
Edge Side APIs: Fast and Reliable Hypermedia APIsEdge Side APIs: Fast and Reliable Hypermedia APIs
Edge Side APIs: Fast and Reliable Hypermedia APIsNordic APIs
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...Jan Löffler
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...SecureSoftwareDevOn SecureSoftwareDevOn
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Brian Layman
 
Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Brad Williams
 
apidays LIVE Paris 2021 - Edge Side APIs by Kevin Dunglas, Les Tilleuls
apidays LIVE Paris 2021 - Edge Side APIs by Kevin Dunglas, Les Tilleulsapidays LIVE Paris 2021 - Edge Side APIs by Kevin Dunglas, Les Tilleuls
apidays LIVE Paris 2021 - Edge Side APIs by Kevin Dunglas, Les Tilleulsapidays
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
Word press security 101
Word press security 101 Word press security 101
Word press security 101 Kojac801
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014Judy Wilson
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and SecurityThink Media Inc.
 
WordPress Setup and Security (Please look for the newer version!)
WordPress Setup and Security (Please look for the newer version!)WordPress Setup and Security (Please look for the newer version!)
WordPress Setup and Security (Please look for the newer version!)Michael Carnell
 
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureWordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureMeagan Hanes
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress SecurityNile Flores
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignJudy Wilson
 
Word press security 101 2018
Word press security 101 2018 Word press security 101 2018
Word press security 101 2018 Laura Hartwig
 
Why Does an eCommerce Store Cost 200 to 100K And More?
Why Does an eCommerce Store Cost 200 to 100K And More?Why Does an eCommerce Store Cost 200 to 100K And More?
Why Does an eCommerce Store Cost 200 to 100K And More?Mario Peshev
 
Migration Best Practices - SEOkomm 2018
Migration Best Practices - SEOkomm 2018Migration Best Practices - SEOkomm 2018
Migration Best Practices - SEOkomm 2018Bastian Grimm
 

Similar a WordPress Security (20)

WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
 
Edge Side APIs: Fast and Reliable Hypermedia APIs
Edge Side APIs: Fast and Reliable Hypermedia APIsEdge Side APIs: Fast and Reliable Hypermedia APIs
Edge Side APIs: Fast and Reliable Hypermedia APIs
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
 
Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012
 
apidays LIVE Paris 2021 - Edge Side APIs by Kevin Dunglas, Les Tilleuls
apidays LIVE Paris 2021 - Edge Side APIs by Kevin Dunglas, Les Tilleulsapidays LIVE Paris 2021 - Edge Side APIs by Kevin Dunglas, Les Tilleuls
apidays LIVE Paris 2021 - Edge Side APIs by Kevin Dunglas, Les Tilleuls
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
Word press security 101
Word press security 101 Word press security 101
Word press security 101
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and Security
 
WordPress Setup and Security (Please look for the newer version!)
WordPress Setup and Security (Please look for the newer version!)WordPress Setup and Security (Please look for the newer version!)
WordPress Setup and Security (Please look for the newer version!)
 
Locking down word press
Locking down word pressLocking down word press
Locking down word press
 
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureWordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress Security
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web Design
 
Word press security 101 2018
Word press security 101 2018 Word press security 101 2018
Word press security 101 2018
 
Why Does an eCommerce Store Cost 200 to 100K And More?
Why Does an eCommerce Store Cost 200 to 100K And More?Why Does an eCommerce Store Cost 200 to 100K And More?
Why Does an eCommerce Store Cost 200 to 100K And More?
 
Migration Best Practices - SEOkomm 2018
Migration Best Practices - SEOkomm 2018Migration Best Practices - SEOkomm 2018
Migration Best Practices - SEOkomm 2018
 

Más de Suzette Franck

How to use CSS3 in WordPress - Sacramento
How to use CSS3 in WordPress - SacramentoHow to use CSS3 in WordPress - Sacramento
How to use CSS3 in WordPress - SacramentoSuzette Franck
 
How to use CSS3 in WordPress
How to use CSS3 in WordPressHow to use CSS3 in WordPress
How to use CSS3 in WordPressSuzette Franck
 
Intro to Sass for WordPress Developers
Intro to Sass for WordPress DevelopersIntro to Sass for WordPress Developers
Intro to Sass for WordPress DevelopersSuzette Franck
 
WCOC Plugin Palooza Entry: WP Art Store
WCOC Plugin Palooza Entry: WP Art StoreWCOC Plugin Palooza Entry: WP Art Store
WCOC Plugin Palooza Entry: WP Art StoreSuzette Franck
 
"Which WordPress Job Is Right For You?" WordCamp Orange County 2015
"Which WordPress Job Is Right For You?" WordCamp Orange County 2015"Which WordPress Job Is Right For You?" WordCamp Orange County 2015
"Which WordPress Job Is Right For You?" WordCamp Orange County 2015Suzette Franck
 
GDI - Intro to WordPress
GDI - Intro to WordPressGDI - Intro to WordPress
GDI - Intro to WordPressSuzette Franck
 
Introduction to Backups and Security
Introduction to Backups and SecurityIntroduction to Backups and Security
Introduction to Backups and SecuritySuzette Franck
 
WP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress MeetupWP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress MeetupSuzette Franck
 
Buddypress Pasadena Meetup
Buddypress Pasadena MeetupBuddypress Pasadena Meetup
Buddypress Pasadena MeetupSuzette Franck
 
Design Best Practices for WordPress
Design Best Practices for WordPressDesign Best Practices for WordPress
Design Best Practices for WordPressSuzette Franck
 

Más de Suzette Franck (12)

How to use CSS3 in WordPress - Sacramento
How to use CSS3 in WordPress - SacramentoHow to use CSS3 in WordPress - Sacramento
How to use CSS3 in WordPress - Sacramento
 
How to use CSS3 in WordPress
How to use CSS3 in WordPressHow to use CSS3 in WordPress
How to use CSS3 in WordPress
 
Intro to Sass for WordPress Developers
Intro to Sass for WordPress DevelopersIntro to Sass for WordPress Developers
Intro to Sass for WordPress Developers
 
WCOC Plugin Palooza Entry: WP Art Store
WCOC Plugin Palooza Entry: WP Art StoreWCOC Plugin Palooza Entry: WP Art Store
WCOC Plugin Palooza Entry: WP Art Store
 
"Which WordPress Job Is Right For You?" WordCamp Orange County 2015
"Which WordPress Job Is Right For You?" WordCamp Orange County 2015"Which WordPress Job Is Right For You?" WordCamp Orange County 2015
"Which WordPress Job Is Right For You?" WordCamp Orange County 2015
 
GDI - Intro to WordPress
GDI - Intro to WordPressGDI - Intro to WordPress
GDI - Intro to WordPress
 
Introduction to Backups and Security
Introduction to Backups and SecurityIntroduction to Backups and Security
Introduction to Backups and Security
 
WP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress MeetupWP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress Meetup
 
Buddypress Pasadena Meetup
Buddypress Pasadena MeetupBuddypress Pasadena Meetup
Buddypress Pasadena Meetup
 
Design Best Practices for WordPress
Design Best Practices for WordPressDesign Best Practices for WordPress
Design Best Practices for WordPress
 
Jetpack 2.0
Jetpack 2.0Jetpack 2.0
Jetpack 2.0
 
BuddyPress OCWC 2010
BuddyPress OCWC 2010BuddyPress OCWC 2010
BuddyPress OCWC 2010
 

Último

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Último (20)

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

WordPress Security

  • 1. Security Considerations For W ordP ress Presented by Suzette Franck
  • 2. When Should You Consider Security? ➔ Every Step of the Process!!! ➔ Buying Domain – Keys To The Kingdom ➔ Hosting ➔ PCI Compliance (Credit Cards) ➔ Updates and Maintenance ➔ Privacy Policy ➔ Sharing Of Information & Credentials
  • 3. Secure Hosting ➔ Reputation: Godaddy vs. WPEngine ➔ Cost: Shared Hosting, VPS, Dedicated Server, Managed Hosting ➔ Support: Self-Supporting vs. Managed Hosting (Back-ups?) ➔ Software: O/S, cPanel, WHM, Plesk, Apache or NginX ➔ Performance: Speed, Scalability, Upgradability
  • 4. Hosting Questions ➔ Are SFTP or SSH Offered? ➔ Are PHP (5.2.4+) & MySQL (5.0+) at Latest Versions? ➔ Do They Have 24/7 Phone Support? ➔ How Have They Handled Past Security Breaches And Down Times? ➔ Is There An Uptime Guarantee? ➔ Do They Do Backups? How Often?
  • 5. Making WordPress More Secure ➔ Update Core When Updates Available ASAP ➔ .1 Upgrades Are Security & Bug Fixes ➔ 1. Upgrades Are New Features ➔ Carefully Update Plugins (Backup First!) ➔ Use SFTP or SSH, not FTP ➔ Use Strong Passwords
  • 6. Account B P est ractices ➔ Delete Default “Admin” Account ➔ Unique Accounts for Each Person ➔ No Sharing Of Accounts and Passwords ➔ Do Not Store Your Credentials In Clear Text (No Stickies, Excel, or Notepad) ➔ Principle of Least Privilege/Role Based Access Controls ➔ Always Use Strong Passwords
  • 7. WordPress Roles ➔ Super Admin - Network Administration (Multi-User Sites) ➔ Administrator - Access To All ➔ Editor - Other Users' Posts ➔ Author - Own Posts Only ➔ Contributor - Submit But Not Publish ➔ Subscriber - Manage Their Own Profile *Members Plugin - Add and Change Roles
  • 8. Strong Passwords ➔ a=4 e=3 s=5 i=1 o=0 Is Not Secure!!!! ➔ Combination of Uppercase and Lowercase Letters, Numbers & Special Characters ➔ Passwords Should Be Pass Phrases (8-15 characters minimum) ➔ Change Passwords Often & Never Share (like a Tooth Brush!) ➔ Use A Password Manager (i.e. LastPass or KeePass)
  • 9. P Data Security Standard CI ➔ Follows Common Sense Best Security Practices ➔ Handled Through The Payment Processor That Accepts Credit Cards (PayPal or 3 rd Party Shopping Cart) ➔ Requires Credit Card and Client Information To Be Stored And Transmitted Securely (HTTPS/SSL) ➔ Strong Secure Passwords Changed Often
  • 10. Privacy Policy ➔ If You Are Collecting Any Information on Your Website, You Should Have One ➔ Type of Collected Information, Intents ➔ Shows Commitment to Data Security ➔ How to Contact You & Update Information ➔ Third Party Apps Such as Mailchimp, Constant Contact, PayPal Have Their Own Privacy Policies
  • 11. I've Been Hacked!!! ➔ Stay Calm, Breathe ➔ Isolate the Infection – Take Site Offline ➔ Change All Passwords ➔ Update Clients – Phone Calls Are Best ➔ Cure The Problem or Hand Off ➔ Restore Service ➔ Analyze Cause and Prevent Future Infections
  • 13. Questions and Answers Twitter: @suzettework suzette@kussner.com http://suzettefranck.com