4. Many do not think
security is important until
it is too late.
Every single day hackers find new ways to get your information.
Todays features are tomorrow’s vulnerabilities.
Stop them before they stop you
5. • Make bank
• build a zombie army
• Share their nasty code
with the world
• Get your information
• They are bored
• They want to see if
they can do it
Why do hackers hack?
6. But…Why are they
hacking me?
There is rarely ever a targeted hacking attack.
Typically all sites are considered targets. The big and the small.
7. • They guess your login information
• Denial of Service Attack (DDoS)
• Through a file in a theme, plugin, or anything on
your server where they found an exploit
• Through your FTP and/or cPanel configuration
And how do they get in?
8. Here is the only scary
thing I will say in this talk
16. Only give users the
access they need
Just because they want to be an admin does not mean they should.
Guest bloggers should rarely every be anything more than a
contributor.
17. If it is a temporary login, delete
the user when the job is done
If they do have posts, you can convert them to different users
or make them a subscriber with limited access.
18. Set up file detection
Many security plugins like iThemes Security and
WordFence will alert you when files have been changed
19. Only keep the theme you
are using and one backup
theme on your site.
The more themes that are on a site, the more open
chances you have to a vulnerability
20. Only keep the plugins you
have active on your site.
An uninstalled plugin is not a potential vulnerability.
Use the plugins repo favorites option to keep a list
of your favorite plugins
21. • iThemes Security (Free and Pro version
• Sucuri Firewall
• WordFence Security
• Jetpack with Brute Protect and Vault Press
Security Plugins
22. • Backup Buddy, UpDraftPlus, BackWPUp
• Always save to someplace OTHER than your server
• Save them to Dropbox, AWS, email, or your local
machine
• Have them scheduled to be made daily or at least
weekly
Always make backups!
23. Malware Scanning? Do I need it?
• Google Webmaster Tools
• Sucuri Scanner
• VirusTotal
If you feel your site could be infected, first do a malware scan
25. Update!
Update!
Update!
Update core. Update themes update plugins!
The biggest reasons of updates is typically security or feature related.
The biggest source of nearly all hacks is due to lack of updating.
26. If you use Envato products
(ThemeForest and CodeCanyon)
always check the box in the
downloads to be notified of updates.
That is the only way you will know if any of their products
need to be updated.
This is why the RevSlider infection was so widespread. Many
did not even know the plugin was built into their theme.
27. Don't ever let your site
get too lonely.
That is when the zombies come.
Nobody wants the zombies to come
28. If the unthinkable happens
and you do get hacked, it
is not the end of the world.
It can and will be fixed.
29. Who can clean my
hacked website?
Well I can!
And so can Sucuri and HackRepair