Nathan Driver will be breaking down WordPress security.
In the presentation Nathan will be discussing everything from protecting file uploads to much needed plugins such as. Some of the topics will be:
- Stop the "wp_" database madness!
- Stop showing your version!
- Stop multiple attempts of logins!
- Back UP...ALWAYS!
8. WP Security: Basic Settings
•
•
•
•
•
•
•
•
•
•
•
•
•
•
A strong password:
has at least 15 characters;
has uppercase letters;
has lowercase letters;
has numbers;
has symbols, such as ` ! " ? $ ? % ^ & * ( ) _ - + = { [ } ] : ; @ ' ~ # | < , > . ?
/
is not like your previous passwords;
is not your name;
is not your login;
is not your friend’s name;
is not your family member’s name;
is not a dictionary word;
is not a common name;
is not a keyboard pattern, such as qwerty, asdfghjkl, or 12345678.
9. WP Security: Basic Settings
UPDATE – UPDATE - UPDATE
You see it – do something about it!
13. WP Security: Plugins
WP Security Scan:
1. Passwords
2. File Permissions
3. Database security
4. Version hiding
5. WordPress admin protection/security
6. Removes WP Generator META tag from
core code
14. WP Security: Plugins
Better WP Security
•
•
•
•
•
•
•
•
•
•
•
•
Remove the meta “Generator” tag
Change the urls for WordPress dashboard including login, admin,
and more
Completely turn off the ability to login for a given time period (away
mode)
Remove theme, plugin, and core update notifications from users
who do not have permission to update them
Remove Windows Live Write header information
Remove RSD header information
Rename “admin” account
Change the ID on the user with ID 1
Change the WordPress database table prefix
Change wp-content path
Removes login error messages
Display a random version number to non administrative users
anywhere version is used
17. WP Security: Advanced Settings
Alternative steps:
•Create a new user
•Give them admin rights
•Log out
•Log in under new user
•Delete “admin” account
18. WP Security: Advanced Settings
Folder Permissions
• All directories should be 755 or 750.
• All files should be 644 or 640. Exception: wpconfig.php should be 600 to prevent other
users on the server from reading it.
• No directories should ever be given 777, even
upload directories. Since the php process is
running as the owner of the files, it gets the
owners permissions and can write to even a
755 directory.
19. WP Security: Advanced Settings
Get rid of WordPress version
This can be found
• Header.php {header meta}
• Readme.html file
Fix by placing either one in the functions of your theme
•remove_action(‘wp_head’,’wp_generator’);
•function remove_wp_version() {
return ‘’;
}
20. Get It or Lose It
Nathan Driver
Media – Marketing – Geek
@natedriver
www.nathandriver.com
WordPress Security: