View
442
Download
0
Embed Size (px)
DESCRIPTION
A 15-minute introduction to making your WordPress install more secure, and so leverage your efforts in building a great community.
Citation preview
Reno Tahoe WordCamp 2010
WordPress Security Blitz!
Why?
Content, freshness, SEO, networking, design, stability, functionality, performance,
scaling...
Why?
Content, freshness, SEO, networking, design, stability, functionality, performance,
scaling...
...and now security, too?
Why?
...can't we all just get along?
Why?
To leverage your efforts building a thriving community!
Strategy
A little bit of effort, some discipline, and LOTS of common
sense
Basic Security
Pick a hoster wisely
Basic Security
Pick a hoster wisely
Split domain and hosting
Basic Security
Pick a hoster wisely
Split domain and hosting
Back up (and back up again!)
Basic Security
Pick a hoster wisely
Split domain and hosting
Back up (and back up again!)
Keep WP, plugins up-to-date
Basic Security
Pick a hoster wisely
Split domain and hosting
Back up (and back up again!)
Keep WP, plugins up-to-date
Move wp-config.php up/out
Basic Security
Pick a hoster wisely
Split domain and hosting
Back up (and back up again!)
Keep WP, plugins up-to-date
Move wp-config.php up/out
File permissions (755/644)
Basic Security
.htaccess to restrict wp-admin
Basic Security
.htaccess to restrict wp-admin
Regularly check server logs
Basic Security
.htaccess to restrict wp-admin
Regularly check server logs
Post-Logger (vi-logger.php)
Basic Security
.htaccess to restrict wp-admin
Regularly check server logs
Post-Logger (vi-logger.php)
DB table prefix: not “wp_”
Basic Security
.htaccess to restrict wp-admin
Regularly check server logs
Post-Logger (vi-logger.php)
DB table prefix: not “wp_”
No user “admin”
Basic Security
.htaccess to restrict wp-admin
Regularly check server logs
Post-Logger (vi-logger.php)
DB table prefix: not “wp_”
No user “admin”
Use strong passwords!
Plugins to consider:
Akismet
Plugins to consider:
Akismet
Bad Behavior
Plugins to consider:
Akismet
Bad Behavior
http:BL (Project Honey Pot)
Plugins to consider:
Akismet
Bad Behavior
http:BL (Project Honey Pot)
WP Security Scan
Plugins to consider:
Akismet
Bad Behavior
http:BL (Project Honey Pot)
WP Security Scan
AntiVirus
Plugins to consider:
Akismet
Bad Behavior
http:BL (Project Honey Pot)
WP Security Scan
AntiVirus
...but don't go wild on plugins!
Also...
Check on your back-ups! (Do they really work?)
Also...
Check on your back-ups! (Do they really work?)
Check on your DB (e.g. drop old tables, optimize... Clean Options plugin)
Also...
Check on your back-ups! (Do they really work?)
Check on your DB (e.g. drop old tables, optimize...)
Security audits (e.g. Acunetix)
Also...
Check on your back-ups! (Do they really work?)
Check on your DB (e.g. drop old tables, optimize...)
Security audits (e.g. Acunetix)
Your own computer
Also...
Check on your back-ups! (Do they really work?)
Check on your DB (e.g. drop old tables, optimize...)
Security audits (e.g. Acunetix)
Your own computer
Use a staging server to test
Also...
Check on your back-ups! (Do they really work?)
Check on your DB (e.g. drop old tables, optimize...)
Security audits (e.g. Acunetix)
Your own computer
Use a staging server to test
External (e.g. CloudFlare)
And finally...
Support developers and designers!
Questions?
Contact information
Álvaro Degives-Más:Alvaro at
RenoLanguages.com