SlideShare una empresa de Scribd logo

Locking down word press

Descargar como PPTX, PDF
Zachary Russell
Zachary Russell

This was a presentation that I gave at SEO Grail on WordPress security and optimization.

Tecnología
1 de 25
LOCKING DOWN WORDPRESS Security, Page Speed Optimization & Implications on SEO
WHY SECURE YOUR SITE?  Protect your visitors  Save money, time and effort @PROTECHIG
INITIAL THINGS TO CONSIDER… What is WordPress’s biggest Vulnerability?  Your Individual/Website’s  78% of malaware infections Goals are caused by outdated core  Choosing the right web host applications, plugins, modules, or some other  How much traffic do you server side software have Sucuri Labs  Backups – How often? How thorough? @PROTECHIG
BASIC SECURITY MEASURES  Admin Username  Admin Password  Using different user for basic tasks  Location  Themes & Plugins  Login Lockdown @PROTECHIG
UPDATES  Keep WordPress Up To date  Always update Themes & Plugins @PROTECHIG
CREDENTALS  The most common Administrator username is “admin” it’s easy for hackers to guess  Use Secure passwords with Capital Letters, Numbers, and Special Characters  Create Different, non-admin accounts to use for basic tasks  Editing Posts  Publishing Get A Secure Password http://strongpasswordgenerator.com @PROTECHIG
LOCATION  Never use an unsecured “open” hotspot  It is extremely easy for someone to listen for your personal information @PROTECHIG
BASIC SECURITY PLUGINS TO CONSIDER  Theme Check – Compares your theme to current WP Standards  Plugin Check – Compares your installed Plugins to WP Standards  Login Lockdown – Limit your login attempts & Restrict IPs Theme Check: http://wordpress.org/extend/plugins/theme-check/ Plugin Check: http://wordpress.org/extend/plugins/plugin-check/ Login Lockdown: http://wordpress.org/extend/plugins/login-lockdown/ @PROTECHIG
ADVANCED WORDPRESS SECURITY  FTP/SSH – Use SFTP or SSH whenever possible  Two – Factor Authentication  Block/Limit IPs  Sucuri Sitecheck Malware Scanner  Kill PHP Execution in uploads  Database Vulnerabilities @PROTECHIG
TWO FACTOR AUTHENTICATION Duo Security  Sign up for a free account  add a "Web SDK" integration in the Duo administrative interface and set its "Visual Style" to "WordPress".  Install and activate the Duo WordPress plugin.  fill in the "Integration Key" and "Secret Key" Sign Up URL: http://www.duosecurity.com WordPress Plugin: http://wordpress.org/extend/plugins/duo- wordpress/ @PROTECHIG
DUO SECURITY INTEGRATION @PROTECHIG
SUCURI SITECHECK MALWARE SCANNER  check for malware, spam, blacklisting and other security issues like htaccess redirections, hidden eval code WordPress Plugin: http://wordpress.org/extend/plugins/sucuri-scanner/ Web Interface: http://sitecheck.sucuri.net @PROTECHIG
LIMIT ADMIN ACCESS TO YOUR IP  Create a new .htaccess file in your text editor  Past in this code: order deny, allow allow from 202.090.21.1 (replace with your IP address) deny from all • Upload (VIA SFTP) to your wp-admin directory • Be aware, most IPs change frequently Find Out Your IP: http://www.whatismyip.com/ @PROTECHIG
KILLING PHP EXECUTION: WHY & HOW  There is no need to allow it in your uploads directory  Create a .htaccess file in the /wp-content/uploads directory  <Files *.php> Deny from All </Files> Learn More About .htaccess security: http://www.netmagazine.com/tutorials/protect-your-wordpress- site-htaccess @PROTECHIG
DATABASE VULNERABILITIES  Why is this significant?  Is the database name and database username different?  Is the password super-secure?  Is the table prefix not wp_? MySQL Security Guidelines: http://dev.mysql.com/doc/refman/5.0/en/security- guidelines.html @PROTECHIG
CHANGING DATABASE TABLE PREFIX  During the initial WordPress install  Change it in wp-config.php, or in the guided install  After WordPress is installed 1. Access Database through PHPMyAdmin (or SSH) 2. Change the table prefix manually 3. Update wp-config.php @PROTECHIG
BACKDOOR HACK  Your Website is accessed through unconventional methods  FTP  SSH  WP-Admin  Constantly Evolving @PROTECHIG
DRIVE-BY DOWNLOADS  The web equivalent to a drive-by shooting  Point is to download a payload onto users local machine How Do Hackers Gain Access?  SQL Injection  Compromised Credentials (WordPress, FTP)  Outdated Software @PROTECHIG
PHARMA HACK @PROTECHIG
HOW IT AFFECTS TRAFFIC September 3Rd @PROTECHIG
WORDPRESS OPTIMIZATION @PROTECHIG
SERVER-SIDE  Browser Caching  NGINX  Compression  MySQL Caching  Managed DNS Hosting  CDN/Load Balancing @PROTECHIG
WORDPRESS SPECIFIC  WP Super Cache / W3 Total Cache  WP Smush.it  Remove Unnecessary plugins WP Super Cache: http://wordpress.org/extend/plugins/wp-super- cache/ W3 Total Cache: http://wordpress.org/extend/plugins/w3-total-cache/ WP Smush.it: http://wordpress.org/extend/plugins/wp-smushit/ @PROTECHIG
DESIGNER LEVEL  Minify HTML/JavaScript/CSS  Avoid the @import CSS  Enque Google’s Version of Jquery  Web Fonts  Use Image Sprites @PROTECHIG
THANKS FOR LISTENING  Slideshare: ZachRussell  Twitter: @ProTechIg  Website: protechig.com @PROTECHIG

Recomendados

8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
WordPress Security 101
WordPress Security 101WordPress Security 101
WordPress Security 101Shady A. Sharaf
 
WordPress Security 2018
WordPress Security 2018WordPress Security 2018
WordPress Security 2018Adrian Mikeliunas
 
WordPress Security is like a HHAM Sandwich
WordPress Security is like a HHAM SandwichWordPress Security is like a HHAM Sandwich
WordPress Security is like a HHAM SandwichRed8 Interactive
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITEAcodez IT Solutions
 
WordPress Security - Kulpreet Singh
WordPress Security - Kulpreet SinghWordPress Security - Kulpreet Singh
WordPress Security - Kulpreet Singhguest4fe370
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDStuartJDavidson.com
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013Brad Williams
 

Recomendados

8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
WordPress Security 101
WordPress Security 101WordPress Security 101
WordPress Security 101Shady A. Sharaf
 
WordPress Security 2018
WordPress Security 2018WordPress Security 2018
WordPress Security 2018Adrian Mikeliunas
 
WordPress Security is like a HHAM Sandwich
WordPress Security is like a HHAM SandwichWordPress Security is like a HHAM Sandwich
WordPress Security is like a HHAM SandwichRed8 Interactive
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITEAcodez IT Solutions
 
WordPress Security - Kulpreet Singh
WordPress Security - Kulpreet SinghWordPress Security - Kulpreet Singh
WordPress Security - Kulpreet Singhguest4fe370
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDStuartJDavidson.com
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013Brad Williams
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityBrad Williams
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security pptCheap SSL Coupon Code
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
Wordpress Security & Hardening Steps
Wordpress Security & Hardening StepsWordpress Security & Hardening Steps
Wordpress Security & Hardening StepsPlasterdog Web Design
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanJeff Hoffman
 
WordPress security & performance a beginners guide
WordPress security & performance a beginners guideWordPress security & performance a beginners guide
WordPress security & performance a beginners guideMickey Mellen
 
WordPress and the Enterprise
WordPress and the EnterpriseWordPress and the Enterprise
WordPress and the EnterprisePrasad Ajinkya
 
WordPress Security - 12 WordPress Security Fundamentals
WordPress Security - 12 WordPress Security FundamentalsWordPress Security - 12 WordPress Security Fundamentals
WordPress Security - 12 WordPress Security Fundamentalsfindingsimple
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
 
Migrating to WP Engine
Migrating to WP EngineMigrating to WP Engine
Migrating to WP Enginemesmonde
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Securitywordpress_backup
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityIvan Storck
 
Securing Drupal 7: Do not get Hacked or Spammed to death!
Securing Drupal 7: Do not get Hacked or Spammed to death!Securing Drupal 7: Do not get Hacked or Spammed to death!
Securing Drupal 7: Do not get Hacked or Spammed to death!Adelle Frank
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
The moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp SofiaThe moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp SofiaMarko Heijnen
 
2 3 task
2 3 task2 3 task
2 3 taskTony Perez
 
Christian Suffering
Christian SufferingChristian Suffering
Christian SufferingVictorias Church
 

Más contenido relacionado

La actualidad más candente

Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security pptCheap SSL Coupon Code
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
Wordpress Security & Hardening Steps
Wordpress Security & Hardening StepsWordpress Security & Hardening Steps
Wordpress Security & Hardening StepsPlasterdog Web Design
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanJeff Hoffman
 
WordPress security & performance a beginners guide
WordPress security & performance a beginners guideWordPress security & performance a beginners guide
WordPress security & performance a beginners guideMickey Mellen
 
WordPress and the Enterprise
WordPress and the EnterpriseWordPress and the Enterprise
WordPress and the EnterprisePrasad Ajinkya
 
WordPress Security - 12 WordPress Security Fundamentals
WordPress Security - 12 WordPress Security FundamentalsWordPress Security - 12 WordPress Security Fundamentals
WordPress Security - 12 WordPress Security Fundamentalsfindingsimple
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
 
Migrating to WP Engine
Migrating to WP EngineMigrating to WP Engine
Migrating to WP Enginemesmonde
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityIvan Storck
 
Securing Drupal 7: Do not get Hacked or Spammed to death!
Securing Drupal 7: Do not get Hacked or Spammed to death!Securing Drupal 7: Do not get Hacked or Spammed to death!
Securing Drupal 7: Do not get Hacked or Spammed to death!Adelle Frank
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
The moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp SofiaThe moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp SofiaMarko Heijnen
 

La actualidad más candente (20)

WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security ppt
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla
 
Wordpress Security & Hardening Steps
Wordpress Security & Hardening StepsWordpress Security & Hardening Steps
Wordpress Security & Hardening Steps
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff Hoffman
 
WordPress security & performance a beginners guide
WordPress security & performance a beginners guideWordPress security & performance a beginners guide
WordPress security & performance a beginners guide
 
WordPress and the Enterprise
WordPress and the EnterpriseWordPress and the Enterprise
WordPress and the Enterprise
 
WordPress Security - 12 WordPress Security Fundamentals
WordPress Security - 12 WordPress Security FundamentalsWordPress Security - 12 WordPress Security Fundamentals
WordPress Security - 12 WordPress Security Fundamentals
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla Revealed
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
 
Migrating to WP Engine
Migrating to WP EngineMigrating to WP Engine
Migrating to WP Engine
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Securing Drupal 7: Do not get Hacked or Spammed to death!
Securing Drupal 7: Do not get Hacked or Spammed to death!Securing Drupal 7: Do not get Hacked or Spammed to death!
Securing Drupal 7: Do not get Hacked or Spammed to death!
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
The moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp SofiaThe moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp Sofia
 

Destacado

The woodlands home sales reports feb 2013
The woodlands home sales reports feb 2013The woodlands home sales reports feb 2013
The woodlands home sales reports feb 2013ar_rocio
 
E book sui compensi d.m.140 12
E book sui compensi d.m.140 12E book sui compensi d.m.140 12
E book sui compensi d.m.140 12avvocatocalvanese
 
Embracing INSPIRE in a legacy veterinary data management system
Embracing INSPIRE in a legacy veterinary data management systemEmbracing INSPIRE in a legacy veterinary data management system
Embracing INSPIRE in a legacy veterinary data management systemsmespire
 
Attracting more women_into_set_-_ukrc_presentation_10.6.09
Attracting more women_into_set_-_ukrc_presentation_10.6.09Attracting more women_into_set_-_ukrc_presentation_10.6.09
Attracting more women_into_set_-_ukrc_presentation_10.6.09roshanmcse
 
HPCC Systems 6.0.0 Highlights
HPCC Systems 6.0.0 HighlightsHPCC Systems 6.0.0 Highlights
HPCC Systems 6.0.0 HighlightsHPCC Systems
 
File bài giảng ADWORDS Cách thực hành tốt nhất cho thiết kế trang đích
File bài giảng ADWORDS Cách thực hành tốt nhất cho thiết kế trang đíchFile bài giảng ADWORDS Cách thực hành tốt nhất cho thiết kế trang đích
File bài giảng ADWORDS Cách thực hành tốt nhất cho thiết kế trang đíchĐào tạo Seo
 
Deploying office 2010 via group policy
Deploying office 2010 via group policyDeploying office 2010 via group policy
Deploying office 2010 via group policyNaresh Gotad
 
сейсмология
сейсмологиясейсмология
сейсмологияUlanenko
 
Santo Tomas "El municipio verde del Atlántico"
Santo Tomas "El municipio verde del Atlántico" Santo Tomas "El municipio verde del Atlántico"
Santo Tomas "El municipio verde del Atlántico" Mey Ester Fontalvo
 

Destacado (20)

2 3 task
2 3 task2 3 task
2 3 task
 
Christian Suffering
Christian SufferingChristian Suffering
Christian Suffering
 
The woodlands home sales reports feb 2013
The woodlands home sales reports feb 2013The woodlands home sales reports feb 2013
The woodlands home sales reports feb 2013
 
E book sui compensi d.m.140 12
E book sui compensi d.m.140 12E book sui compensi d.m.140 12
E book sui compensi d.m.140 12
 
Embracing INSPIRE in a legacy veterinary data management system
Embracing INSPIRE in a legacy veterinary data management systemEmbracing INSPIRE in a legacy veterinary data management system
Embracing INSPIRE in a legacy veterinary data management system
 
Handbook
HandbookHandbook
Handbook
 
ActionPay
ActionPayActionPay
ActionPay
 
Attracting more women_into_set_-_ukrc_presentation_10.6.09
Attracting more women_into_set_-_ukrc_presentation_10.6.09Attracting more women_into_set_-_ukrc_presentation_10.6.09
Attracting more women_into_set_-_ukrc_presentation_10.6.09
 
Leydy henao
Leydy henaoLeydy henao
Leydy henao
 
Microteaching
MicroteachingMicroteaching
Microteaching
 
Tatum french
Tatum frenchTatum french
Tatum french
 
HPCC Systems 6.0.0 Highlights
HPCC Systems 6.0.0 HighlightsHPCC Systems 6.0.0 Highlights
HPCC Systems 6.0.0 Highlights
 
File bài giảng ADWORDS Cách thực hành tốt nhất cho thiết kế trang đích
File bài giảng ADWORDS Cách thực hành tốt nhất cho thiết kế trang đíchFile bài giảng ADWORDS Cách thực hành tốt nhất cho thiết kế trang đích
File bài giảng ADWORDS Cách thực hành tốt nhất cho thiết kế trang đích
 
Si spersonalizzante
Si spersonalizzanteSi spersonalizzante
Si spersonalizzante
 
Deploying office 2010 via group policy
Deploying office 2010 via group policyDeploying office 2010 via group policy
Deploying office 2010 via group policy
 
сейсмология
сейсмологиясейсмология
сейсмология
 
Presentación1
Presentación1Presentación1
Presentación1
 
Espa fresh
Espa freshEspa fresh
Espa fresh
 
Santo Tomas "El municipio verde del Atlántico"
Santo Tomas "El municipio verde del Atlántico" Santo Tomas "El municipio verde del Atlántico"
Santo Tomas "El municipio verde del Atlántico"
 
Training program
Training programTraining program
Training program
 

Similar a Locking down word press

Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Vlad Lasky
 
Securing Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad LaskySecuring Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad Laskywordcampgc
 
Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Brad Williams
 
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012WordCamp Sydney
 
Securing Your WordPress Website - WordCamp Sydney 2012
Securing Your WordPress Website - WordCamp Sydney 2012Securing Your WordPress Website - WordCamp Sydney 2012
Securing Your WordPress Website - WordCamp Sydney 2012Vlad Lasky
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!Marko Heijnen
 
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertComplete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertChetan Soni
 
Your WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedYour WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedAngela Bowman
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Brian Layman
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Bastian Grimm
 
WordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best PracticesWordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best PracticesJonathan Hall
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
WordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your WebsiteWordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your WebsiteReliqusConsulting
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Think Media Inc.
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 

Similar a Locking down word press (20)

Wordpress best practices
Wordpress best practicesWordpress best practices
Wordpress best practices
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011
 
Securing Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad LaskySecuring Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad Lasky
 
Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012
 
WordPress Security
WordPress Security WordPress Security
WordPress Security
 
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
 
Securing Your WordPress Website - WordCamp Sydney 2012
Securing Your WordPress Website - WordCamp Sydney 2012Securing Your WordPress Website - WordCamp Sydney 2012
Securing Your WordPress Website - WordCamp Sydney 2012
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!
 
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertComplete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
 
Your WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedYour WordPress Website Is/Not Hacked
Your WordPress Website Is/Not Hacked
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
 
WordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best PracticesWordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best Practices
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
 
WordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your WebsiteWordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your Website
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 

Último

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 

Último (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 

Locking down word press

  • 1. LOCKING DOWN WORDPRESS Security, Page Speed Optimization & Implications on SEO
  • 2. WHY SECURE YOUR SITE?  Protect your visitors  Save money, time and effort @PROTECHIG
  • 3. INITIAL THINGS TO CONSIDER… What is WordPress’s biggest Vulnerability?  Your Individual/Website’s  78% of malaware infections Goals are caused by outdated core  Choosing the right web host applications, plugins, modules, or some other  How much traffic do you server side software have Sucuri Labs  Backups – How often? How thorough? @PROTECHIG
  • 4. BASIC SECURITY MEASURES  Admin Username  Admin Password  Using different user for basic tasks  Location  Themes & Plugins  Login Lockdown @PROTECHIG
  • 5. UPDATES  Keep WordPress Up To date  Always update Themes & Plugins @PROTECHIG
  • 6. CREDENTALS  The most common Administrator username is “admin” it’s easy for hackers to guess  Use Secure passwords with Capital Letters, Numbers, and Special Characters  Create Different, non-admin accounts to use for basic tasks  Editing Posts  Publishing Get A Secure Password http://strongpasswordgenerator.com @PROTECHIG
  • 7. LOCATION  Never use an unsecured “open” hotspot  It is extremely easy for someone to listen for your personal information @PROTECHIG
  • 8. BASIC SECURITY PLUGINS TO CONSIDER  Theme Check – Compares your theme to current WP Standards  Plugin Check – Compares your installed Plugins to WP Standards  Login Lockdown – Limit your login attempts & Restrict IPs Theme Check: http://wordpress.org/extend/plugins/theme-check/ Plugin Check: http://wordpress.org/extend/plugins/plugin-check/ Login Lockdown: http://wordpress.org/extend/plugins/login-lockdown/ @PROTECHIG
  • 9. ADVANCED WORDPRESS SECURITY  FTP/SSH – Use SFTP or SSH whenever possible  Two – Factor Authentication  Block/Limit IPs  Sucuri Sitecheck Malware Scanner  Kill PHP Execution in uploads  Database Vulnerabilities @PROTECHIG
  • 10. TWO FACTOR AUTHENTICATION Duo Security  Sign up for a free account  add a "Web SDK" integration in the Duo administrative interface and set its "Visual Style" to "WordPress".  Install and activate the Duo WordPress plugin.  fill in the "Integration Key" and "Secret Key" Sign Up URL: http://www.duosecurity.com WordPress Plugin: http://wordpress.org/extend/plugins/duo- wordpress/ @PROTECHIG
  • 12. SUCURI SITECHECK MALWARE SCANNER  check for malware, spam, blacklisting and other security issues like htaccess redirections, hidden eval code WordPress Plugin: http://wordpress.org/extend/plugins/sucuri-scanner/ Web Interface: http://sitecheck.sucuri.net @PROTECHIG
  • 13. LIMIT ADMIN ACCESS TO YOUR IP  Create a new .htaccess file in your text editor  Past in this code: order deny, allow allow from 202.090.21.1 (replace with your IP address) deny from all • Upload (VIA SFTP) to your wp-admin directory • Be aware, most IPs change frequently Find Out Your IP: http://www.whatismyip.com/ @PROTECHIG
  • 14. KILLING PHP EXECUTION: WHY & HOW  There is no need to allow it in your uploads directory  Create a .htaccess file in the /wp-content/uploads directory  <Files *.php> Deny from All </Files> Learn More About .htaccess security: http://www.netmagazine.com/tutorials/protect-your-wordpress- site-htaccess @PROTECHIG
  • 15. DATABASE VULNERABILITIES  Why is this significant?  Is the database name and database username different?  Is the password super-secure?  Is the table prefix not wp_? MySQL Security Guidelines: http://dev.mysql.com/doc/refman/5.0/en/security- guidelines.html @PROTECHIG
  • 16. CHANGING DATABASE TABLE PREFIX  During the initial WordPress install  Change it in wp-config.php, or in the guided install  After WordPress is installed 1. Access Database through PHPMyAdmin (or SSH) 2. Change the table prefix manually 3. Update wp-config.php @PROTECHIG
  • 17. BACKDOOR HACK  Your Website is accessed through unconventional methods  FTP  SSH  WP-Admin  Constantly Evolving @PROTECHIG
  • 18. DRIVE-BY DOWNLOADS  The web equivalent to a drive-by shooting  Point is to download a payload onto users local machine How Do Hackers Gain Access?  SQL Injection  Compromised Credentials (WordPress, FTP)  Outdated Software @PROTECHIG
  • 20. HOW IT AFFECTS TRAFFIC September 3Rd @PROTECHIG
  • 22. SERVER-SIDE  Browser Caching  NGINX  Compression  MySQL Caching  Managed DNS Hosting  CDN/Load Balancing @PROTECHIG
  • 23. WORDPRESS SPECIFIC  WP Super Cache / W3 Total Cache  WP Smush.it  Remove Unnecessary plugins WP Super Cache: http://wordpress.org/extend/plugins/wp-super- cache/ W3 Total Cache: http://wordpress.org/extend/plugins/w3-total-cache/ WP Smush.it: http://wordpress.org/extend/plugins/wp-smushit/ @PROTECHIG
  • 24. DESIGNER LEVEL  Minify HTML/JavaScript/CSS  Avoid the @import CSS  Enque Google’s Version of Jquery  Web Fonts  Use Image Sprites @PROTECHIG
  • 25. THANKS FOR LISTENING  Slideshare: ZachRussell  Twitter: @ProTechIg  Website: protechig.com @PROTECHIG