backing up wordpress & basic security presented at wordcamp atlanta, 2013
DESCRIPTION
Backing up WordPress & Basic Security presented at WordCamp Atlanta, 2013. Security myths, 3 ways to backup WordPress, and numerous security tips, including some plugins.TRANSCRIPT
BACKING UP WORDPRESS&
BASIC SECURITYCarel Bekker - @ClickHOST & @carelbekker
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Who is this guy?
• From South Africa• In US since 1998• 25+ years in technology•Owner of ClickHOST.com
• Loves my wife, 3 children, technology, reading, travel and occasional round of golf.
• linkedin.com/in/cbekker
2
Saturday, March 16, 13
Carel Bekker - @ClickHOST
If only...
3
Saturday, March 16, 13
Carel Bekker - @ClickHOST
What will we cover?“I’m going to show your where the windows and doors are on
your WordPress house and how to lock them!”
•Basics needed to protect your WordPress website or blog•Very little technical skills are needed• Some definitions•Resource list
• Security Myths• 3 ways to Backup WordPress• 3 security tips that will safe your life, ok, at least your website
4
Saturday, March 16, 13
Carel Bekker - @ClickHOST
What is malware?
•Malware = malicious software. •Anything loaded onto your website (or computer) that you didn’t authorize.
• Malware, short for malicious (or malevolent) software, is software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software. - wikipedia.org
5
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Other definitions
•SQL Injections: Entering SQL statements into form fields.
•Cross-site contamination: WordPress sites infecting sites in the same hosting account.•Phishing or Spoofing: Email or website
that looks like the real thing•Social engineering, e.g., Wired reporter
story
6
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Security Myths•#1: Who would want to hack my website
•#2: I will see when my website is hacked
•#3: My website is 100% secure
•#4: My hosting provider will have a backup for me
•#5: I use strong passwords -- I’m ok7
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Backing up WordPress
8
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Backup Basics•What is a backup?
•Reliable recent copy of your website.• Should be easy to restore from your backup.
•Why should I backup?
•Bad things happen, especially in the WWW = wild, wild west.•How often & when should I backup?
•Before any major updates to your website•Before updating WordPress, plugins or themes•Daily, Weekly, Monthly. • 1-2 different backup copies.
9
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Use a WordPress plugin• Install a plugin to backup your WordPress
website.•Most offer option to backup to: hosting
account, cloud, local or email the backup.•Numerous FREE WordPress backup plugins:•One-click installers like Softaculous
•BackWPup (free and pro versions)•WordPress Backup to Dropbox
• or Paid plugins:•BackupBuddy ($$$)•VaultPress ($$)
10
Saturday, March 16, 13
Carel Bekker - @ClickHOST
DIY Backups•Use tools provided by hosting
company•cPanel most common control panel• Select the Database to download.•Only backup the database.•Backup will be downloaded to your
local directory.•You can then upload the database
to restore your WordPress website.
•Paid services: CodeGuard, SiteAutoBackup,
11
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Ask your hosting provider
•This is not specific to WordPress.• Some hosting providers provide automatic backups• Full account backups• Some offer free restore services•Others charge a fee to restore a from a backup
•Ask your hosting provider to setup a backup schedule
•Don’t keep too many backups in your hosting account•Download to your local machine
12
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Top Tips toSecure WordPress
13
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Don’t use ADMIN
•Don’t use admin as your username.•This is the default when installing •Almost as bad as using password for your password :)
•How to fix this!•Create a new administrator user.• Log out, then log in as the new admin user.•Delete the old “admin” user.
14
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Update! Update!•New versions/updates include security
fixes and new functionality.•Always keep your WordPress
installation current!• Keep your plugins updated.
• Try to keep your theme current too, however be careful and only upgrade if you are sure that a child theme was used.
•Make a backup BEFORE you update WordPress, plugins or themes.
15
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Passwords
•Use strong passwords, not 123456 or Password
•Use Pass-phrases, correcthorsebatterystaple
•Better yet, use a password manager:•Generate very strong passwords•No need to remember 100’s of password• Easy to use with browser addons.
•LastPass.com, 1password.com, RoboForm.
16
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Anti-spam techniques• How do I prevent comment spam? Unwanted comments in my blog posts.
• Don’t allow comments. • Also to moderate all comments.
• Use a comment system plugin:• Disqus• Livefyre• Use Facebook Comment system.
• Comment spam control plugins:• Akismet ($5/month)• Growmap Anti Spambot (free)
17
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Security plugins•Most include:•One-click hardening• File monitoring• Personal Firewall (IP blocking)
•Security plugins:• Sucuri (w/ membership)•WordFence (free and paid)• IPVenger (beta)• Login LockDown
18
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Random security tips
•Make sure you have anti-virus installed on your computer • Even on a Mac (Sophos)
• Email spam filtering
•Only download themes, and plugins from trusted sources.•WordPress and reputable theme/plugin sources
•Delete unused themes, and plugins! (not just de-activate)•Delete unused WordPress installations.
19
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Questions??
20
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Resources•More great WordCamp presentations:•WordPress End-User Security, Dre Armeda• Building secure WordPress sites, Sakin Shrestha• or goto wordpress.tv and search for security
•WordPress Codex: http://codex.wordpress.org/WordPress_Backups•WordPress Backup options: http://www.clickhost.com/wordpress-backup/• Search clickhost.com/blog for WordPress• How to make your WordPress installation Secure•WordPress Security: 5 Steps To Reduce Your Risk• Three sure fire ways to prevent being hacked!
21
Saturday, March 16, 13
Carel Bekker - @ClickHOST
Carel Bekker
President&[email protected]
Twitter : @clickhost, @carelbekker
Tel: 404.220.8110
22
Friends don’t let friends host on Go Daddy!
Saturday, March 16, 13