Do you use the same password on

multiple sites?

If you don’t follow password best practices, your hacked

WordPress account could lead to other compromised accounts

What’s at risk?

• Redirect visitors to a completely different website

• Compromise shared hosting server and infect other sites

• Phish for sensitive info• Hijack links• Blacklisted by Google and other search engines• And more…

Things you can do

• Keep your core, themes & plugins updated• Remove unused themes & plugins from

server• Remove the WP version number• Select a good username• Never write as an Administrator• Create & use a strong password• Secure WordPress further

Keep up-to-date

• The majority of hacked WordPress sites are not updated!

• Before ever making updates, ensure you backup your database AND content

• Use a plugin like Backup Buddy to automate the task or other free options

• Update WordPress, themes & plugins

Clean up your house

• Remove unused themes (twentyten, etc)

• Remove inactive plugins from WordPress and the server

• Don’t keep .sql files (or other backups) stored on your server

Remove the WP version number

http://www.wpbeginner.com/wp-tutorials/the-right-way-to-remove-wordpress-version-number/

Select a good username

• Never use ‘admin’ or ‘administrator’ as your username

• Never use the sitename as your username

• If you have one of these, get rid of it…now

• Your personal name is OK, but your password needs to be strong

Never write as an Admin user

• In no time at all a username can be determined

• If a post is written as an admin, half the job is already done

Create & use a strong password

• Your birthdate, wedding anniversary, or dates of birth of your children or spounse

• Your name, username, company name, names of your children

• Your SIN number

• Only numbers or letters

• A short, easy to remember password

• The word ‘password’• No words found in a

dictionary*

When creating a password, do NOT use:

Create & use a strong password

• At least 10 characters• A mix of numbers, upper and lower case letters

and special characters• A password you have never used before• Consider ‘salting’ your password• Have a system or mnemonic

When creating a password, do use:

Create & use a strong passwordConsider a multi-word combo password

Credit: http://xkcd.com/936/

Create & use a strong password

• More likely to be remembered

• Words must be random

• Words must not relate

• Upper & lower cases still matter

• Add a number or two

• Special character as well

Consider a multi-word combo password

Create & use a strong password

DO NOT store your password in an obvious place!

• NOT on a sticky note on your monitor

• NOT in your daily planner

Use a Password Keeper

• LastPass.com

• AgileBits.com/OnePassword

Create & use a strong password

Don’t panic, password recovery is built in!

Create & use a strong password

Password Generator

• www.StrongPasswordGenerator.com

• www.random.org/passwords/

Test your password

• www.PasswordMeter.com

• www.grc.com/haystack.htm

Secure WordPress further

Four free plugins you can use to secure WP• Limit login attempts• Better WP security• Wordfence• WP-Security scan

All are located in the WordPress plugin repository

Resources

Sucuri.net

• $89.99/year

• Malware cleanup, monitoring and more

Duo Security

• Free*

• Add two-factor sign in for your installation

Next steps?

• Implement this stuff!!

• Start with the basics– A strong password– A good username– Writing with an editor username

WordCamp Calgary 2013• Tickets on sale April 24

• $40 for two-day conference

• http://2013.calgary.wordcamp.org