Are You Safe From Hackers

  • Published on
    16-Jul-2015

  • View
    36

  • Download
    0

Embed Size (px)

Transcript

<ul><li><p>Are You Safe From Hackers</p><p>Michele Butcher </p><p>CantSpeakGeek.com WPSecurityLock.com </p><p>@Michele_Butcher </p><p>Slides can be found at http://mlb.pw/LadyBlogger</p></li><li><p>Michele Butcher</p><p>WordPress Specialist, Site Cleaner, and Trainer for WP Security Lock</p><p>One Woman Wonder at Cant Speak Geek</p><p>WordPress Website Designer</p><p>@michele_butcher</p></li><li><p>Why is security important?</p><p>@michele_butcher</p></li><li><p>Every day hackers try to find ways to get your information.</p><p>@michele_butcher</p></li><li><p>Why do hackers hack?Make bank</p><p>Build a zombie site army</p><p>Share their nasty malware with the world</p><p>Get your information</p><p>They are bored</p><p>They want to see if they can do it@michele_butcher</p></li><li><p>How do they get in?Guess your login. If you know it so can someone else. (Brute force attack or man in the middle)</p><p>Denial of Service attack (DDoS) flood your site with more traffic than it can handle</p><p>Through a theme, file or plugin</p><p>Through your FTP or CPanel. (Files set to read, write,execute. Brute force, anonymous login, shared hosting infection)</p><p>@michele_butcher</p></li><li><p>And now for the only thing scary that I am going to say.</p><p>@michele_butcher</p></li><li><p>You are NEVER 100% secure</p><p>@michele_butcher</p></li><li><p>Even a test site or a knitting site with only 2 visitors can be hacked. </p><p>It can happen to your site.</p><p>@michele_butcher</p><p>It has happened to me, it can happen to you.</p></li><li><p>Dont let security make </p><p>you like this guy.</p><p>@michele_butcher</p></li><li><p>Never fear there are ways to keep the </p><p>hacker attackers out!</p><p>@michele_butcher</p><p>I promise it is not all that painful!</p></li><li><p>Simple Online Safety Tips</p></li><li><p>Be Mindful of what information you put on your website.</p><p>If you will not put the the information on a flier or in a commercial, do not put it on your website.</p></li><li><p>Do NOT put your email on your website</p><p>Use a contact form. Let your users engage with you without them </p><p>finding out your important information.</p></li><li><p>If you fear you might lose information, save it in more than one spot. Bitcasa, Carbonite, and </p><p>external hard drives are great options of backing up data.</p><p>@michele_butcher</p><p>Back Up Your Information</p></li><li><p>ALWAYS use complex passwords. ALWAYS! </p><p>For everything!</p><p>password is never a good password!</p><p>@michele_butcher</p></li><li><p>Use a different password for each and every thing you log </p><p>into. </p></li><li><p>Use something like LastPass or One </p><p>Password to save your passwords and to share passwords with others.</p></li><li><p>Never email passwords to anyone. Including yourself.</p><p>@michele_butcher</p><p>Use your password manager to share login information</p></li><li><p>Anti-virus Protect your unit!</p><p>Yes I even have an anti-virus on my Mac!</p><p>AVG and Avast have free versions as well as paid.Kaspersky is great with Windows and Macs.</p><p>@michele_butcher</p></li><li><p>Update! Update! Update!</p><p>Update your Antivirus, Operating Systems, and all the things</p></li><li><p>Be conscious when using public WiFi.</p><p>@michele_butcher</p></li><li><p>Use a VPN when connecting out in </p><p>the wild.</p><p>torguard.comstacksocial.com</p><p>@michele_butcher</p></li><li><p> If the login has a Two-Factor authentication, </p><p>use it!</p><p>@michele_butcher</p></li><li><p>WordPress Security Basics</p><p>@michele_butcher</p></li><li><p>Never ever ever use admin as user name or password as password. </p><p>Never!</p><p>@michele_butcher</p><p>Got it?</p></li><li><p>What to do when you have temporary people in your </p><p>dashboard</p><p>Set up a file change detection notification to know what they are changing in your site.</p><p>@michele_butcher</p></li><li><p>Always use Sftp</p><p>Regular FTP is not secure. Do not use it unless the server is only set up for FTP. </p></li><li><p>Only give them access to what they NEED not what they want.</p><p>Just because they want to be an admin does not automatically make them one. </p><p>Guest bloggers should not be anymore than a contributor.</p></li><li><p>If it is only a temporary login, delete their login when they have completed their job.</p><p>If they have posts on your site, you can knock them down to subscribers so they can not change anything </p><p>on your site. </p><p>If they are only doing work, delete them when their job is done.</p></li><li><p>iThemes Security ProGreat all encompassing best practices WordPress security plugin. </p><p>Two versions a free and a premium.</p><p>http://ithemes.com/security</p><p>@michele_butcher</p><p>Brute ProtectIf you are mainly worried about DDoS attacks, Brute </p><p>Protect has you covered. </p><p>http://bruteprotect.com</p></li><li><p>Set up a file change detection notification to know what they are changing in your site.</p><p>iThemes Security and other security plugins give you the option to see what all users are doing when logged into the </p><p>dashboard.</p></li><li><p>Who can scan my site for malware?</p><p>Google Webmaster Tools http://google.com/webmaster </p><p>VirusTotal https://virustotal.com </p><p>iThemes Security Pro htttp://ithemes.com/security</p><p>@michele_butcher</p></li><li><p>Need an extra eye on your site?</p><p>CloudFlare has a free and premium version.</p><p>http://cloudflare.com</p><p>@michele_butcher</p></li><li><p>Things you can do to protect your website</p></li><li><p>Update! Update! Update!</p><p>Update core, update plugins, update themes, update content, update everything and update </p><p>often!</p><p>The biggest source of nearly all hacks as once something is patched, it is trivial to get into the </p><p>old stuff.@michele_butcher</p></li><li><p>If you use themes or plugins at any of the envato (Themeforest, code canyon) always check the box to be notified of </p><p>updates. they will not tell you otherwise</p><p>This is why the RevSlider SoakSoak infection was so widespread. Many didn't know the plugin was built </p><p>within the theme.</p></li><li><p>Have a minimalist approach to plugins and themes.</p><p>Only have the plugins you are using at that time on your site. You can always upload them again later. </p><p>Only have your theme you are using on your site.</p><p>If something is not active, delete it.</p><p>@michele_butcher</p></li><li><p>Back up your site! Somewhere, anywhere, just have a backup copy.</p><p>BackupBuddy from iThemes is a great choice. </p><p>iThemes Security will do a database backup for you.</p><p>http://ithemes.com/backupbuddy</p><p>@michele_butcher</p></li><li><p>Always back up to someplace OTHER than your server. If the </p><p>server gets hacked, so does your backup. </p><p>Even backing a copy to Dropbox or your computer is a better option.</p><p>@michele_butcher</p></li><li><p>Dont let your site get lonely.</p><p>Lonely sites can turn into zombie sites and nobody wants a zombie</p><p>@michele_butcher</p></li><li><p>If your website get hacked it is not the end of the world. </p><p>It can and will be fixed.</p><p>@michele_butcher</p></li><li><p>Who cleans hacked websites?</p><p>Well I do over at WP Security Lock ~Smile~ </p><p>http://wpsecuritylock.com</p><p>I apologize had to do one shameful plug.</p><p>@michele_butcher</p></li><li><p>Wanting more information about website security?</p><p>Join the community at SafeWP</p><p>https://SafeWP.com</p></li><li><p>Questions?</p><p>@michele_butcher</p></li><li><p>Thank you for attending!</p><p>Slides can be found at https://mlb.pw/LadyBlogger</p><p>Michele Butcher@michele_butcher</p><p>http://wpsecuritylock.comhttp://cantspeakgeek.com</p></li></ul>