do less work by securing your wordpress site from hackers

Download Do less work by securing your WordPress site from hackers

Post on 23-Aug-2014

163 views

Category:

Internet

1 download

Embed Size (px)

DESCRIPTION

Save yourself from future headaches by making sure the sites you create are secure. This guideline was created to following the Pareto principle! I started by looking for the 20 percent of efforts that would account for 80 percent of the results! Its so simple that it seems a bit more like 1% effort for 95% results! You will learn the basics of securing your site in this presentation!

TRANSCRIPT

  • Do Less Work By Securing Your WordPress Site From Hackers Thomas Howard
  • Wordpress Statistics 60+ Million Wordpress Sites 22% of top 10 million websites powered by WP 73% of the 40,000 top WP sites running vulnerable version Basic Vulnerabilities found in 50 Top WP Plugins 22% 78% Top 10 Million Sites Wordpress Not- Wordpress
  • The 80/20 Rule of WP Security Pareto Principle - Roughly 80% of the effects come from 20% of the causes How can we prevent the most amount of attacks with the least amount of work?
  • WordPress Attack Vectors 41% 29% 22% 8% Attack Vectors Hosting Theme Plugin Password 41% were hacked through a security vulnerability on their hosting platform 29% were hacked via a security issue in the WordPress theme they were using 22% were hacked via a security issue in the WordPress plugins they were using 8% were hacked because they had a weak password
  • Hosting Use a trusted host! Laughing Squid or A Small Orange for cheap shared hosting Get off shared hosting! Better yet, use WP Engine and skip the rest of these slides!
  • Themes DONT use free themes! Use a trusted source for themes: Wordpress.org Themeforest WooThemes Use a secure theme framework: Genesis Thesis 10% 10% 80% Free Themes on Google Safe Questionable Infected
  • Secure the WP Installation Easiest Way Use a Security Plugin iThemes Security (formally Better WP Security Wordfence Examples using iThemes Security
  • Secure Database Dont use standard wp_ table prefix
  • Force Secure Passwords
  • Limit Login Attempts
  • Change Admin Username & User ID=1
  • Other Useful (and easy) Tweaks Enable HackRepair.com's blacklist feature Enable 404 detection Protect System Files Disable Directory Browsing Filter Request Methods Filter Suspicious Query Strings in the URL Filter Non-English Characters (only for English only sites) Filter Long URL Strings Remove File Writing Permissions Disable PHP in Uploads Remove WordPress Generator Meta Tag Remove the Windows Live Writer header. Remove the RSD (Really Simple Discovery) header. Reduce Comment Spam (also you should be using Akismet or Disable Comments) Display Random Version Disable XMLRPC (unless use trackbacks or Jetpack) Disables a user's author page if their post count is 0.
  • Backups! Setup automatic backups! iThemes Security allows you to schedule backups to be stored on the server and emailed Backup Buddy is awesome So is ManageWP
  • Updates! Good news! The latest WP automatically updates for security patches! Make modifications safely, use child themes. Test new updates on development site.
  • Summary 1. Hosting 2. Themes 3. Plugins 4. Core 5. Backup 6. Update
  • Questions? Learn more at MakeWP.com/wp-security-talk