SlideShare una empresa de Scribd logo

WordPress Setup and Security - Updated

Michael Carnell
Michael Carnell

Since WordPress enjoys the position of being one of the most widely used web platforms, it is also one of the most attacked. This has become particularly clear with the DNS and dictionary attack over the last month. From installation to operation there are some fairly easy, yet must-do, steps to make sure your site is as secure as possible. In this session, we will look at the basics of WP security touching on everything from file permissions and user accounts to preventing script injection and backup procedures to protect your blog from hacking or downtime. We will cover techniques that apply to both ORG and COM installations, and highlight what can and cannot be done on both. Michael Carnell (http://www.MichaelCarnell.com) is a systems programmer for the Medical University of South Carolina. He is also data director for DesignTechWeb (http://www.DesignTechWeb.com), a partnership which produces sophisticated and secure website solutions for locally owned businesses and not-for-profits. He is both Microsoft and Apple Certified, and often teaches classes and speaks on PC, Macintosh and Web technologies. Oh, and he loves trains and British cars.

Tecnología
1 de 19
Descargar para leer sin conexión
WordPress Setup and Security Michael Carnell - @carnellm http://www.DesignTechWeb.com These slides are available at" http://www.MichaelCarnell.com/presentations" or http://slideshare.net/carnellm
Wait! Before We Start •  Your Domain Name! •  Domain Name Registrar! •  Need not be the same as your host (should not?)! •  Needs to be in YOUR name! •  Privacy? Depends on type of site and you! •  My preferred registrar these days is Hover.com!
Let s Talk Hosting
The Not So Good " GoDaddy - common back end database that isn t secured well and suffers from performance overload, poor support! " Brinkster - has been hacked numerous times! " FreeHostia - slow, free account is very limited, always pushing the upsell! "   Doing it yourself …!
For the Good Times " DreamHost - Not always the cheapest, but good and good support. But watch CPU usage as they will cut off processes.! " MediaTemple - Again, not cheap, but very stable and secure. Monitors scripts.! " BlueHost! " HostGator!
The Basic Rules "   Do your research - " http://www.DesignTechWeb.com/hosting! "   Check their own support forums! "   Is there a free trial or money back guarantee?! "   If you are a high traffic site (really), you need a dedicated server! "   None of this really applies to WordPress.com!
The Dirty Details" for WordPress
Install Correctly "   While installing (most will use OneClick) . . .! "   Consider your directory? Do you use the standard? Root?! "   Consider altering the database name if your install allows! "   Make database username and password long and cryptic. Store them away not to be used! "   Don t user redundant info - admin name same as username, same as blog name, etc...!
Double Check the Install "   File level tasks to be done via FTP . . .! "   Delete ..wp-admininstall.php! "   In wp-config.php, add the optional security keys - " http://api.wordpress.org/secret-key/1.1/! "   Add index.php, a blank file to all plugin and theme directories if it isn t already there! "   Check the file directory privileges (if you are comfortable)!
Post Install Setup "   Create new admin user with strong password! "   Change Admin password and make a subscriber" Why not delete??! "   Make your main admin s display name different from login name ! "   Change setting to allow editing by outside packages if wanted - but know what you are doing! "   Change permalink structure (thank you WP 3.3!)! "   Demo Time Again....!
As You Build •  Themes and Plug-ins : be safe! •  Consider the source! •  Always be suspicious! •  Again, do you research and ask around! •  Consider Search Engine Visibility (under Settings / Reading)! •  Put up a Coming Soon or Down for Maintenance screen! •  Understand your Discussion Settings!
Discussion Settings
Discussion Settings, part 2
Security Plugins You Need "   Some more plugins that you should have:! " Askimet - AntiSpam, comes with the install, you will just need key! " Block Bad Queries - blocks code injection through queries! " Search Meter - What are your visitors looking for, but also shows extraneous search injections! " SecureWordPress - basically a security audit! " AntiVirus or another such! " Limit Login Attempts – Helps protect against dictionary attacks! "   Demo Time Again!!
Simple Backup for WP "   Your content is your responsibility, not your host’s! "   Great a GMail account or use your current one with custom address such as yourname +backups@gmail.com ! "   Make a filter that auto files away all email coming in to that address! "   Database - WP-DB-Backup! "   Images & Themes - WordPress Backup ! "   Doesn’t hurt to occasionally backup manually too!
Stay Up-To-Date " WordPress 3.5.1 is Out – 3.6 coming soon! ! "   You will need to update your base software – unless your host does it for you or you are WordPress.com! "   You will also need to update both your plug-ins and themes.! "   Test your plug-ins so you can rollback if they don’t work! "   Be careful of what theme updates will do to any customizations you have made! "   As always, backup first!
Michael Carnell! http://www.MichaelCarnell.com! @carnellm on Twitter! Slides available on" http://slideshare.net/carnellm" and further info available on...! Sophisticated Secure Websites! http://www.DesignTechWeb.com!
Q & A

Recomendados

Model Railroading in the 21st Century
Model Railroading in the 21st CenturyModel Railroading in the 21st Century
Model Railroading in the 21st Century
Michael Carnell
 
Charleston, SC Trolleys
Charleston, SC TrolleysCharleston, SC Trolleys
Charleston, SC Trolleys
Michael Carnell
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014
Michael Carnell
 
How to Ruin Your Life with Your Online
How to Ruin Your Life with Your OnlineHow to Ruin Your Life with Your Online
How to Ruin Your Life with Your Online
Michael Carnell
 
Intro to DotNetNuke
Intro to DotNetNukeIntro to DotNetNuke
Intro to DotNetNuke
Michael Carnell
 
Social Media For Community
Social Media For CommunitySocial Media For Community
Social Media For Community
Michael Carnell
 
Driving Community - Broadstreet Bridges
Driving Community - Broadstreet BridgesDriving Community - Broadstreet Bridges
Driving Community - Broadstreet Bridges
Michael Carnell
 
Essentials of Good Web Design
Essentials of Good Web DesignEssentials of Good Web Design
Essentials of Good Web Design
Michael Carnell
 

Recomendados

Model Railroading in the 21st Century
Model Railroading in the 21st CenturyModel Railroading in the 21st Century
Model Railroading in the 21st Century
Michael Carnell
 
Charleston, SC Trolleys
Charleston, SC TrolleysCharleston, SC Trolleys
Charleston, SC Trolleys
Michael Carnell
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014
Michael Carnell
 
How to Ruin Your Life with Your Online
How to Ruin Your Life with Your OnlineHow to Ruin Your Life with Your Online
How to Ruin Your Life with Your Online
Michael Carnell
 
Intro to DotNetNuke
Intro to DotNetNukeIntro to DotNetNuke
Intro to DotNetNuke
Michael Carnell
 
Social Media For Community
Social Media For CommunitySocial Media For Community
Social Media For Community
Michael Carnell
 
Driving Community - Broadstreet Bridges
Driving Community - Broadstreet BridgesDriving Community - Broadstreet Bridges
Driving Community - Broadstreet Bridges
Michael Carnell
 
Essentials of Good Web Design
Essentials of Good Web DesignEssentials of Good Web Design
Essentials of Good Web Design
Michael Carnell
 
WordPress Setup and Security (Please look for the newer version!)
WordPress Setup and Security (Please look for the newer version!)WordPress Setup and Security (Please look for the newer version!)
WordPress Setup and Security (Please look for the newer version!)
Michael Carnell
 
Tech Tips for Non-Profits
Tech Tips for Non-ProfitsTech Tips for Non-Profits
Tech Tips for Non-Profits
Michael Carnell
 
Google Analytics
Google AnalyticsGoogle Analytics
Google Analytics
Michael Carnell
 
DIY Social Media: Session One - Mastering Facebook
DIY Social Media: Session One - Mastering FacebookDIY Social Media: Session One - Mastering Facebook
DIY Social Media: Session One - Mastering Facebook
Michael Carnell
 
Wordpress Setup and Security - Please look at the new updated version of this...
Wordpress Setup and Security - Please look at the new updated version of this...Wordpress Setup and Security - Please look at the new updated version of this...
Wordpress Setup and Security - Please look at the new updated version of this...
Michael Carnell
 
Podcasting 101
Podcasting 101Podcasting 101
Podcasting 101
Michael Carnell
 
Talking twitter
Talking twitterTalking twitter
Talking twitter
Michael Carnell
 
Technology Update: The More Things Change, the More Fun It Gets
Technology Update: The More Things Change, the More Fun It GetsTechnology Update: The More Things Change, the More Fun It Gets
Technology Update: The More Things Change, the More Fun It Gets
Michael Carnell
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
 

Más contenido relacionado

Más de Michael Carnell

Tech Tips for Non-Profits
Tech Tips for Non-ProfitsTech Tips for Non-Profits
Tech Tips for Non-Profits
Michael Carnell
 
Podcasting 101
Podcasting 101Podcasting 101
Podcasting 101
Michael Carnell
 

Más de Michael Carnell (8)

WordPress Setup and Security (Please look for the newer version!)
WordPress Setup and Security (Please look for the newer version!)WordPress Setup and Security (Please look for the newer version!)
WordPress Setup and Security (Please look for the newer version!)
 
Tech Tips for Non-Profits
Tech Tips for Non-ProfitsTech Tips for Non-Profits
Tech Tips for Non-Profits
 
Google Analytics
Google AnalyticsGoogle Analytics
Google Analytics
 
DIY Social Media: Session One - Mastering Facebook
DIY Social Media: Session One - Mastering FacebookDIY Social Media: Session One - Mastering Facebook
DIY Social Media: Session One - Mastering Facebook
 
Wordpress Setup and Security - Please look at the new updated version of this...
Wordpress Setup and Security - Please look at the new updated version of this...Wordpress Setup and Security - Please look at the new updated version of this...
Wordpress Setup and Security - Please look at the new updated version of this...
 
Podcasting 101
Podcasting 101Podcasting 101
Podcasting 101
 
Talking twitter
Talking twitterTalking twitter
Talking twitter
 
Technology Update: The More Things Change, the More Fun It Gets
Technology Update: The More Things Change, the More Fun It GetsTechnology Update: The More Things Change, the More Fun It Gets
Technology Update: The More Things Change, the More Fun It Gets
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 

WordPress Setup and Security - Updated

  • 1.
  • 2. WordPress Setup and Security Michael Carnell - @carnellm http://www.DesignTechWeb.com These slides are available at" http://www.MichaelCarnell.com/presentations" or http://slideshare.net/carnellm
  • 3. Wait! Before We Start •  Your Domain Name! •  Domain Name Registrar! •  Need not be the same as your host (should not?)! •  Needs to be in YOUR name! •  Privacy? Depends on type of site and you! •  My preferred registrar these days is Hover.com!
  • 4. Let s Talk Hosting
  • 5. The Not So Good " GoDaddy - common back end database that isn t secured well and suffers from performance overload, poor support! " Brinkster - has been hacked numerous times! " FreeHostia - slow, free account is very limited, always pushing the upsell! "   Doing it yourself …!
  • 6. For the Good Times " DreamHost - Not always the cheapest, but good and good support. But watch CPU usage as they will cut off processes.! " MediaTemple - Again, not cheap, but very stable and secure. Monitors scripts.! " BlueHost! " HostGator!
  • 7. The Basic Rules "   Do your research - " http://www.DesignTechWeb.com/hosting! "   Check their own support forums! "   Is there a free trial or money back guarantee?! "   If you are a high traffic site (really), you need a dedicated server! "   None of this really applies to WordPress.com!
  • 9. Install Correctly "   While installing (most will use OneClick) . . .! "   Consider your directory? Do you use the standard? Root?! "   Consider altering the database name if your install allows! "   Make database username and password long and cryptic. Store them away not to be used! "   Don t user redundant info - admin name same as username, same as blog name, etc...!
  • 10. Double Check the Install "   File level tasks to be done via FTP . . .! "   Delete ..wp-admininstall.php! "   In wp-config.php, add the optional security keys - " http://api.wordpress.org/secret-key/1.1/! "   Add index.php, a blank file to all plugin and theme directories if it isn t already there! "   Check the file directory privileges (if you are comfortable)!
  • 11. Post Install Setup "   Create new admin user with strong password! "   Change Admin password and make a subscriber" Why not delete??! "   Make your main admin s display name different from login name ! "   Change setting to allow editing by outside packages if wanted - but know what you are doing! "   Change permalink structure (thank you WP 3.3!)! "   Demo Time Again....!
  • 12. As You Build •  Themes and Plug-ins : be safe! •  Consider the source! •  Always be suspicious! •  Again, do you research and ask around! •  Consider Search Engine Visibility (under Settings / Reading)! •  Put up a Coming Soon or Down for Maintenance screen! •  Understand your Discussion Settings!
  • 15. Security Plugins You Need "   Some more plugins that you should have:! " Askimet - AntiSpam, comes with the install, you will just need key! " Block Bad Queries - blocks code injection through queries! " Search Meter - What are your visitors looking for, but also shows extraneous search injections! " SecureWordPress - basically a security audit! " AntiVirus or another such! " Limit Login Attempts – Helps protect against dictionary attacks! "   Demo Time Again!!
  • 16. Simple Backup for WP "   Your content is your responsibility, not your host’s! "   Great a GMail account or use your current one with custom address such as yourname +backups@gmail.com ! "   Make a filter that auto files away all email coming in to that address! "   Database - WP-DB-Backup! "   Images & Themes - WordPress Backup ! "   Doesn’t hurt to occasionally backup manually too!
  • 17. Stay Up-To-Date " WordPress 3.5.1 is Out – 3.6 coming soon! ! "   You will need to update your base software – unless your host does it for you or you are WordPress.com! "   You will also need to update both your plug-ins and themes.! "   Test your plug-ins so you can rollback if they don’t work! "   Be careful of what theme updates will do to any customizations you have made! "   As always, backup first!
  • 18. Michael Carnell! http://www.MichaelCarnell.com! @carnellm on Twitter! Slides available on" http://slideshare.net/carnellm" and further info available on...! Sophisticated Secure Websites! http://www.DesignTechWeb.com!
  • 19. Q & A