SlideShare una empresa de Scribd logo

Keep Your SIte Secure

Michele Butcher-Jones
Michele Butcher-Jones

Keep Your WordPress site secure from Hackers the easy way. Do it before it is too late.

Tecnología
1 de 42
Descargar para leer sin conexión
Keep Your Site Secure
• WordPress Specialist, Site Cleaner, and Trainer for WP Security Lock • WordPress Evangelist for InMotion Hosting • Geek behind Can’t Speak Geek • Beginners and Intermediate WordPress Instructor Michele Butcher
Why is security important?
Many do not think security is important until it is too late. Every single day hackers find new ways to get your information. Todays features are tomorrow’s vulnerabilities. Stop them before they stop you
• Make bank • build a zombie army • Share their nasty code with the world • Get your information • They are bored • They want to see if they can do it Why do hackers hack?
But…Why are they hacking me? There is rarely ever a targeted hacking attack. Typically all sites are considered targets. The big and the small.
• They guess your login information • Denial of Service Attack (DDoS) • Through a file in a theme, plugin, or anything on your server where they found an exploit • Through your FTP and/or cPanel configuration And how do they get in?
Here is the only scary thing I will say in this talk
You are NEVER 100% secure
A test site or a site that might get 5 visitors a day can be hacked. It happened to me and it can happen to you.
Don’t Let Security Make you like this guy!
There are some simple steps to keep the hackers out
WordPress Security Basics 101
Never ever never use “admin” as a username or “password” as password. NEVER!!!! Any questions? Adm1n and Pa55w0rd do not count either!
Always use SFTP “S” is for safe!!!
Only give users the access they need Just because they want to be an admin does not mean they should. Guest bloggers should rarely every be anything more than a contributor.
If it is a temporary login, delete the user when the job is done If they do have posts, you can convert them to different users or make them a subscriber with limited access.
Set up file detection Many security plugins like iThemes Security and WordFence will alert you when files have been changed
Only keep the theme you are using and one backup theme on your site. The more themes that are on a site, the more open chances you have to a vulnerability
Only keep the plugins you have active on your site. An uninstalled plugin is not a potential vulnerability. Use the plugins repo favorites option to keep a list of your favorite plugins
• iThemes Security (Free and Pro version • Sucuri Firewall • WordFence Security • Jetpack with Brute Protect and Vault Press Security Plugins
• Backup Buddy, UpDraftPlus, BackWPUp • Always save to someplace OTHER than your server • Save them to Dropbox, AWS, email, or your local machine • Have them scheduled to be made daily or at least weekly Always make backups!
Malware Scanning? Do I need it? • Google Webmaster Tools
 • Sucuri Scanner
 • VirusTotal If you feel your site could be infected, first do a malware scan
What else can I do to protect my site?
Update! Update! Update! Update core. Update themes update plugins! The biggest reasons of updates is typically security or feature related. The biggest source of nearly all hacks is due to lack of updating.
If you use Envato products (ThemeForest and CodeCanyon) always check the box in the downloads to be notified of updates. That is the only way you will know if any of their products need to be updated. This is why the RevSlider infection was so widespread. Many did not even know the plugin was built into their theme.
Don't ever let your site get too lonely. That is when the zombies come. 
 Nobody wants the zombies to come
If the unthinkable happens and you do get hacked, it is not the end of the world. It can and will be fixed.
Who can clean my hacked website? Well I can! And so can Sucuri and HackRepair
Great! Are there any other ways I can be secure?
Always use complex passwords
Never email passwords
Never use the same password twice
• Last Pass • One Password • KeePass Use a Password Keeper
If a login has a Two- Factor Authentication, USE IT!
Anti-virus! Use it on all the things. Yes, even a Mac!
Be conscious when using public WiFi
• Torguard • Site Social • Hide My Ass Use a VPN if you use Public WiFi
Update! Update! Update!
Back everything up and back it up often! No one wants to lose their information stored on their computer. Bitcasa Caronbinte External Harddrives
Questions?
Thank you!!! Michele Butcher CantSpeakGeek.com WPSecurityLock.com @michele_butcher Slides can be found at http://mlb.pw/wcnc2015

Recomendados

Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015
Michele Butcher-Jones
 
10 Ways to Secure WordPress
10 Ways to Secure WordPress10 Ways to Secure WordPress
10 Ways to Secure WordPress
Jeremy Green
 
Passwords, Attakcks, and Security, oh my!
Passwords, Attakcks, and Security, oh my!Passwords, Attakcks, and Security, oh my!
Passwords, Attakcks, and Security, oh my!
Michele Butcher
 
Are You Safe From Hackers
Are You Safe From HackersAre You Safe From Hackers
Are You Safe From Hackers
Michele Butcher-Jones
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla
SiteGround.com
 
Attack of the BEAST
Attack of the BEASTAttack of the BEAST
Attack of the BEAST
Stefan Fodor
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla Revealed
SiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
SiteGround.com
 

Recomendados

Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015
Michele Butcher-Jones
 
10 Ways to Secure WordPress
10 Ways to Secure WordPress10 Ways to Secure WordPress
10 Ways to Secure WordPress
Jeremy Green
 
Passwords, Attakcks, and Security, oh my!
Passwords, Attakcks, and Security, oh my!Passwords, Attakcks, and Security, oh my!
Passwords, Attakcks, and Security, oh my!
Michele Butcher
 
Are You Safe From Hackers
Are You Safe From HackersAre You Safe From Hackers
Are You Safe From Hackers
Michele Butcher-Jones
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla
SiteGround.com
 
Attack of the BEAST
Attack of the BEASTAttack of the BEAST
Attack of the BEAST
Stefan Fodor
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla Revealed
SiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
SiteGround.com
 
WordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The WildWordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The Wild
rebelpixel
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The WildWord Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wild
rebelpixel
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
Catch Themes
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
SiteGround.com
 
GoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinGoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from within
IMMUNIO
 
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesRailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
IMMUNIO
 
Security-Web Vulnerabilities-Browser Attacks
Security-Web Vulnerabilities-Browser AttacksSecurity-Web Vulnerabilities-Browser Attacks
Security-Web Vulnerabilities-Browser Attacks
Raghu Addanki
 
Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?
Sucuri
 
WordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdfWordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdf
Arthur Kasirye
 
How secure is WordPress ?
How secure is WordPress ?How secure is WordPress ?
How secure is WordPress ?
Er. Narayan Koirala
 
Intro to Security (Beginner's Edition) WordCamp St. Louis 2015
Intro to Security (Beginner's Edition) WordCamp St. Louis 2015Intro to Security (Beginner's Edition) WordCamp St. Louis 2015
Intro to Security (Beginner's Edition) WordCamp St. Louis 2015
Michele Butcher-Jones
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
Angela Bowman
 
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSHOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
Elsner Technologies Pvt Ltd
 
Basics for Securing WordPress
Basics for Securing WordPressBasics for Securing WordPress
Basics for Securing WordPress
miss604
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
Angela Bowman
 
Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress Site
Chris Burgess
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
Primary Image Ltd
 
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
Otto Kekäläinen
 
State of Web Security RailsConf 2016
State of Web Security RailsConf 2016State of Web Security RailsConf 2016
State of Web Security RailsConf 2016
IMMUNIO
 
I Have My WordPress Site Now What?
I Have My WordPress Site Now What?I Have My WordPress Site Now What?
I Have My WordPress Site Now What?
Michele Butcher-Jones
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!
Michele Butcher-Jones
 

Más contenido relacionado

La actualidad más candente

WordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The WildWordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The Wild
rebelpixel
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The WildWord Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wild
rebelpixel
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
Angela Bowman
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri
 

La actualidad más candente (20)

WordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The WildWordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The Wild
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The WildWord Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wild
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
 
GoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinGoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from within
 
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesRailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
 
Security-Web Vulnerabilities-Browser Attacks
Security-Web Vulnerabilities-Browser AttacksSecurity-Web Vulnerabilities-Browser Attacks
Security-Web Vulnerabilities-Browser Attacks
 
Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?
 
WordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdfWordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdf
 
How secure is WordPress ?
How secure is WordPress ?How secure is WordPress ?
How secure is WordPress ?
 
Intro to Security (Beginner's Edition) WordCamp St. Louis 2015
Intro to Security (Beginner's Edition) WordCamp St. Louis 2015Intro to Security (Beginner's Edition) WordCamp St. Louis 2015
Intro to Security (Beginner's Edition) WordCamp St. Louis 2015
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
 
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSHOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
 
Basics for Securing WordPress
Basics for Securing WordPressBasics for Securing WordPress
Basics for Securing WordPress
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
 
Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress Site
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best Performance
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
 
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
 
State of Web Security RailsConf 2016
State of Web Security RailsConf 2016State of Web Security RailsConf 2016
State of Web Security RailsConf 2016
 

Similar a Keep Your SIte Secure

So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A Pentester
NorthBayWeb
 

Similar a Keep Your SIte Secure (20)

I Have My WordPress Site Now What?
I Have My WordPress Site Now What?I Have My WordPress Site Now What?
I Have My WordPress Site Now What?
 
Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security Basics
 
Your Site Has Been Hacked, Now What?
Your Site Has Been Hacked, Now What?Your Site Has Been Hacked, Now What?
Your Site Has Been Hacked, Now What?
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A Pentester
 
INTERNET SAFETY FOR KIDS
INTERNET SAFETY FOR KIDSINTERNET SAFETY FOR KIDS
INTERNET SAFETY FOR KIDS
 
Passwords, Attacks, and Security oh My!
Passwords, Attacks, and Security oh My!Passwords, Attacks, and Security oh My!
Passwords, Attacks, and Security oh My!
 
Understanding word press security wwc-4-7-17
Understanding word press security wwc-4-7-17Understanding word press security wwc-4-7-17
Understanding word press security wwc-4-7-17
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
 
Keeping Your Joomla! Site Secure
Keeping Your Joomla! Site SecureKeeping Your Joomla! Site Secure
Keeping Your Joomla! Site Secure
 
A Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdfA Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdf
 
Thoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for SitecoreThoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for Sitecore
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress Troubleshooting
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and Security
 
Internet security
Internet securityInternet security
Internet security
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
WPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteWPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press website
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
 

Más de Michele Butcher-Jones

Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...
Michele Butcher-Jones
 

Más de Michele Butcher-Jones (20)

Onboarding Clients Does Not have to take a Miracle to get all the things! - W...
Onboarding Clients Does Not have to take a Miracle to get all the things! - W...Onboarding Clients Does Not have to take a Miracle to get all the things! - W...
Onboarding Clients Does Not have to take a Miracle to get all the things! - W...
 
The Importance of Maintenance
The Importance of MaintenanceThe Importance of Maintenance
The Importance of Maintenance
 
Elevating Customer Experiences
Elevating Customer ExperiencesElevating Customer Experiences
Elevating Customer Experiences
 
You Don't Have to be Crazy to Work Here! A Mental Health Check
You Don't Have to be Crazy to Work Here! A Mental Health CheckYou Don't Have to be Crazy to Work Here! A Mental Health Check
You Don't Have to be Crazy to Work Here! A Mental Health Check
 
WordPress London: Creating a 5 Star Customer Experience
WordPress London: Creating a 5 Star Customer ExperienceWordPress London: Creating a 5 Star Customer Experience
WordPress London: Creating a 5 Star Customer Experience
 
Demons in the Closet - Handling your mental health while working remotely and...
Demons in the Closet - Handling your mental health while working remotely and...Demons in the Closet - Handling your mental health while working remotely and...
Demons in the Closet - Handling your mental health while working remotely and...
 
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...
 
What To Do Post-Launch: How To Care For Your Brand New WordPress Site
What To Do Post-Launch: How To Care For Your Brand New WordPress SiteWhat To Do Post-Launch: How To Care For Your Brand New WordPress Site
What To Do Post-Launch: How To Care For Your Brand New WordPress Site
 
The Five Star Customer Experience
The Five Star Customer ExperienceThe Five Star Customer Experience
The Five Star Customer Experience
 
Taming the Demons in the Closet
Taming the Demons in the ClosetTaming the Demons in the Closet
Taming the Demons in the Closet
 
My website is live now what?
My website is live now what?My website is live now what?
My website is live now what?
 
WordCamp St Louis 2018 Contributing Without Coding
WordCamp St Louis 2018 Contributing Without CodingWordCamp St Louis 2018 Contributing Without Coding
WordCamp St Louis 2018 Contributing Without Coding
 
Contributing to WordPress without Coding
Contributing to WordPress without CodingContributing to WordPress without Coding
Contributing to WordPress without Coding
 
The Five Star Customer Service Experience
The Five Star Customer Service ExperienceThe Five Star Customer Service Experience
The Five Star Customer Service Experience
 
Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...
Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...
Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...
 
Demons in the Closet WordCamp Montreal 2016
Demons in the Closet WordCamp Montreal 2016Demons in the Closet WordCamp Montreal 2016
Demons in the Closet WordCamp Montreal 2016
 
Jetpack All The Things
Jetpack All The ThingsJetpack All The Things
Jetpack All The Things
 
So i have a website now what?
So i have a website now what?So i have a website now what?
So i have a website now what?
 
WordPress for beginners lesson 4 fall2015 JALC
WordPress for beginners lesson 4 fall2015 JALCWordPress for beginners lesson 4 fall2015 JALC
WordPress for beginners lesson 4 fall2015 JALC
 
Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015
 

Último

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Último (20)

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Keep Your SIte Secure

  • 1. Keep Your Site Secure
  • 2. • WordPress Specialist, Site Cleaner, and Trainer for WP Security Lock • WordPress Evangelist for InMotion Hosting • Geek behind Can’t Speak Geek • Beginners and Intermediate WordPress Instructor Michele Butcher
  • 4. Many do not think security is important until it is too late. Every single day hackers find new ways to get your information. Todays features are tomorrow’s vulnerabilities. Stop them before they stop you
  • 5. • Make bank • build a zombie army • Share their nasty code with the world • Get your information • They are bored • They want to see if they can do it Why do hackers hack?
  • 6. But…Why are they hacking me? There is rarely ever a targeted hacking attack. Typically all sites are considered targets. The big and the small.
  • 7. • They guess your login information • Denial of Service Attack (DDoS) • Through a file in a theme, plugin, or anything on your server where they found an exploit • Through your FTP and/or cPanel configuration And how do they get in?
  • 8. Here is the only scary thing I will say in this talk
  • 10. A test site or a site that might get 5 visitors a day can be hacked. It happened to me and it can happen to you.
  • 12. There are some simple steps to keep the hackers out
  • 14. Never ever never use “admin” as a username or “password” as password. NEVER!!!! Any questions? Adm1n and Pa55w0rd do not count either!
  • 15. Always use SFTP “S” is for safe!!!
  • 16. Only give users the access they need Just because they want to be an admin does not mean they should. Guest bloggers should rarely every be anything more than a contributor.
  • 17. If it is a temporary login, delete the user when the job is done If they do have posts, you can convert them to different users or make them a subscriber with limited access.
  • 18. Set up file detection Many security plugins like iThemes Security and WordFence will alert you when files have been changed
  • 19. Only keep the theme you are using and one backup theme on your site. The more themes that are on a site, the more open chances you have to a vulnerability
  • 20. Only keep the plugins you have active on your site. An uninstalled plugin is not a potential vulnerability. Use the plugins repo favorites option to keep a list of your favorite plugins
  • 21. • iThemes Security (Free and Pro version • Sucuri Firewall • WordFence Security • Jetpack with Brute Protect and Vault Press Security Plugins
  • 22. • Backup Buddy, UpDraftPlus, BackWPUp • Always save to someplace OTHER than your server • Save them to Dropbox, AWS, email, or your local machine • Have them scheduled to be made daily or at least weekly Always make backups!
  • 23. Malware Scanning? Do I need it? • Google Webmaster Tools
 • Sucuri Scanner
 • VirusTotal If you feel your site could be infected, first do a malware scan
  • 24. What else can I do to protect my site?
  • 25. Update! Update! Update! Update core. Update themes update plugins! The biggest reasons of updates is typically security or feature related. The biggest source of nearly all hacks is due to lack of updating.
  • 26. If you use Envato products (ThemeForest and CodeCanyon) always check the box in the downloads to be notified of updates. That is the only way you will know if any of their products need to be updated. This is why the RevSlider infection was so widespread. Many did not even know the plugin was built into their theme.
  • 27. Don't ever let your site get too lonely. That is when the zombies come. 
 Nobody wants the zombies to come
  • 28. If the unthinkable happens and you do get hacked, it is not the end of the world. It can and will be fixed.
  • 29. Who can clean my hacked website? Well I can! And so can Sucuri and HackRepair
  • 30. Great! Are there any other ways I can be secure?
  • 33. Never use the same password twice
  • 34. • Last Pass • One Password • KeePass Use a Password Keeper
  • 35. If a login has a Two- Factor Authentication, USE IT!
  • 36. Anti-virus! Use it on all the things. Yes, even a Mac!
  • 37. Be conscious when using public WiFi
  • 38. • Torguard • Site Social • Hide My Ass Use a VPN if you use Public WiFi
  • 40. Back everything up and back it up often! No one wants to lose their information stored on their computer. Bitcasa Caronbinte External Harddrives
  • 42. Thank you!!! Michele Butcher CantSpeakGeek.com WPSecurityLock.com @michele_butcher Slides can be found at http://mlb.pw/wcnc2015