Introduction to Backups and Security

  • View
    74

  • Download
    4

Embed Size (px)

Text of Introduction to Backups and Security

  • Suzette Franck #wclax @suzette_franck

    Introduction to backups and security

    1

    by Suzette Franck September 5, 2012

  • Suzette Franck #wclax @suzette_franck

    twitter: @suzette_franck

    2

    Front-end Developer

    at WebDevStudios

  • Suzette Franck #wclax @suzette_franck

    what we will cover1. top vulnerabilities and risks

    2. prevention

    3. getting hacked

    4. backups

    5. resources

    3

  • Suzette Franck #wclax @suzette_franck

    Top vulnerabilities1. Virus-free computer

    2. Weak or compromised passwords

    3. Outdated server software

    4. Unreliable hosting

    5. Plugin or theme (bad or malicious

    coding)

    4

  • Suzette Franck #wclax @suzette_franck

    why do hackers hack?1. gain your servers resources

    2. something malicious or spammy

    3. promote propoganda

    4. make money

    5. spread viruses

    6. because they can

    7. yes, big or small, everyone is a target

    5

  • Suzette Franck #wclax @suzette_franck

    Am i at risk? yes!1. use internet

    2. have passwords

    3. own a website

    6

  • Suzette Franck #wclax @suzette_franck

    steps to reduce risks?1. prevention is the best medicine

    2. best password practices

    3. get good hosting

    4. know your plugin and theme sources

    5. keep software updated

    7

  • Suzette Franck #wclax @suzette_franck

    password management!

    1. complicated passwords

    2. dont use FTP, use SFTP or SSH

    3. dierent passwords for everything

    4. use a password manager (Lastpass)

    5. practice least privilege

    6. access only what is needed and when

    7. remove old accounts

    8

  • Suzette Franck #wclax @suzette_franck

    password creation!

    1. never use password

    2. dont use pet or childrens names

    3. uppercase letters, lowercase letters,

    numbers, special characters

    4. longer is better than shorter

    5. use password managers to create and

    store new passwords

    9

  • Suzette Franck #wclax @suzette_franck

    choosing hosting!1. use a reputable web hosting company

    2. should oer SFTP or SSH access

    3. pay now for good hosting or pay later for bad

    hosting

    4. shared hosting or VPS?

    5. keep server software PHP & MySQL up-to-

    date (you or host)

    6. do they have emergency backups? Fees?

    10

  • Suzette Franck #wclax @suzette_franck

    wordpress hosting

    11

  • Suzette Franck #wclax @suzette_franck

    wordpress application!1. update WordPress (1. vs .1 releases)

    2. dont login with admin, create new

    account

    3. each user should have their own account

    4. use the user roles - admin, editor

    5. always practice least privilege

    6. remove unused accounts

    12

  • Suzette Franck #wclax @suzette_franck

    wordpress application!1. limit login attempts plugin

    2. file and folder permissions

    1. files: 644 read write execute

    2. folders: 755

    3. dont use: 777

    3. move wp-config.php up a directory (not multisite)

    4. wp-config.php:

    define(FORCE_SSL_LOGIN, true);

    5. define(FORCE_SSL_ADMIN, true);

    6. wp-config.php add secret keys

    13

  • Suzette Franck #wclax @suzette_franck

    plugin and theme safety!

    1. know your sources (WordPress.org)

    2. backup, then update plugins and

    themes

    3. test on a local or development server

    4. delete inactive plugins and themes

    5. use as few plugins as it takes to get the

    job done

    14

  • Suzette Franck #wclax @suzette_franck

    Youve been hacked!1. reduce reinfection: clean up, restore, or

    take down site ASAP

    2. dont get google blacklisted

    3. hire experts, like Sucuri

    4. restore site from recent backup

    5. does your host oer emergency backups?

    6. time matters!

    15

  • Suzette Franck #wclax @suzette_franck

    backups!

    1. hacked sites may be cleaned, but

    2. usually can not undo damage done

    3. updates to software may break sites

    4. maintaining backups is essential

    5. set up an automatic schedule

    6. know how to do a manual backup

    7. backup files as well as database

    16

  • Suzette Franck #wclax @suzette_franck

    manual database backup

    17

    !

    1. login to PHPMyAdmin

    2. export to .sql using default settings

    or

    3. install WP Migrate DB plugin

    4. configure and run plugin

  • Suzette Franck #wclax @suzette_franck

    using phpmyadmin

    18

  • Suzette Franck #wclax @suzette_franck

    Using wp migrate db

    19

    !

    1. install and configure WP Migrate DB by Delicious Brains

  • Suzette Franck #wclax @suzette_franck

    manual database backup

    20

    !

    1. uncheck compress with .gzip & copy

  • Suzette Franck #wclax @suzette_franck

    backup your files, too!

    21

    !

    1. Filezilla or other SFTP client

  • Suzette Franck #wclax @suzette_franck

    automatic backups

    22

  • Suzette Franck #wclax @suzette_franck

    backup essentials

    23

    1. backup files and db before updates!

    2. dont store backups on your server

    3. schedule backups based on how much

    information youre willing to lose

    4. test backups periodically

    5. keep backups accessible for emergencies

    6. http://codex.wordpress.org/

    WordPress_Backups

  • Suzette Franck #wclax @suzette_franck

    resources1. http://blog.sucuri.net/

    2. WordPress.tv WordCamp Sessions:

    1. Dre Armeda

    2. Brad Williams

    3. Tony Perez

    3. Google (recent articles)

    4. Locking Down WordPress (Code Poet)

    24

  • Suzette Franck #wclax @suzette_franck

    questions?

    25

    follow me on twitter: @suzette_franck