security isn't scary and it's not rocket science either
TRANSCRIPT
![Page 1: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/1.jpg)
Security isn't scary, and it’s not rocket science
either.Michele Butcher
!CantSpeakGeek.com WPSecurityLock.com
!@Michele_Butcher
!Slides can be found at http://mlb.pw/k1mbf
![Page 2: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/2.jpg)
Michele Butcher• WordPress Consultant, Site
Cleaner, and Trainer for WP Security Lock
• WordPress Manager for Megabytes Inc
• One Woman Wonder at Can’t Speak Geek
@michele_butcher
![Page 3: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/3.jpg)
Why is security important?
@michele_butcher
![Page 4: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/4.jpg)
Every day hackers try to find ways to get your information.
@michele_butcher
![Page 5: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/5.jpg)
Why do hackers hack?• Make bank
• Build a zombie site army
• Share their nasty malware with the world
• Get your information
• They are bored
• They want to see if they can do it@michele_butcher
![Page 6: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/6.jpg)
Why are these people attacking me?
Anymore, it is not people but bots attacking your site. Hackers have programs that do the work for them.
!Rarely is it people doing the hacking unless it is targeted.
Strong opinion sites are a good example.
@michele_butcher
![Page 7: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/7.jpg)
How do they get in?• Guess your login. If you know it so can someone
else. (Brute force attack or man in the middle)
• Denial of Service attack (DDoS) flood your site with more traffic than it can handle
• Through a theme, file or plugin
• Through your FTP or CPanel. (Files set to read, write,execute. Brute force, anonymous login, shared hosting infection)
@michele_butcher
![Page 8: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/8.jpg)
And now for the only thing scary that I am
going to say.
@michele_butcher
![Page 9: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/9.jpg)
You are NEVER 100% secure
@michele_butcher
![Page 10: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/10.jpg)
Even a test site or a knitting site with only 2 visitors can be hacked. It can happen to your
site.@michele_butcher
![Page 11: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/11.jpg)
Don’t let security
make you like this guy.
@michele_butcher
![Page 12: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/12.jpg)
But there are ways to keep the hacker attackers out!
@michele_butcher
![Page 13: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/13.jpg)
WordPress Security Basics
@michele_butcher
![Page 14: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/14.jpg)
Never ever ever use admin as user name or password as password.
Never!
@michele_butcher
![Page 15: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/15.jpg)
ALWAYS change your prefix name from wp_ Let it be anything other
than wp_ fdhsfjkhs_ is always good
I typically do not even look at what I am typing anymore when I make the WP prefix. The random the better.
@michele_butcher
![Page 16: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/16.jpg)
If you do have to let others into your dashboard or FTP…• Use SFTP Always!
• Only give them access to what they NEED not what they want
• If it is only a temporary login, delete their login when they have completed their job.
• Set up a file change detection notification to know what they are changing in your site.
@michele_butcher
![Page 17: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/17.jpg)
What about security plugins?
@michele_butcher
![Page 18: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/18.jpg)
iThemes Security
Great all encompassing best practices WordPress security plugin.
Two versions a free and a premium. !
http://ithemes.com/security
@michele_butcher
![Page 19: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/19.jpg)
Brute ProtectIf you are mainly worried about DDoS attacks, Brute
Protect has you covered. !
http://bruteprotect.com
@michele_butcher
![Page 20: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/20.jpg)
Who can scan my site for malware?
Google Webmaster Tools http://google.com/webmaster !
VirusTotal https://virustotal.com !
iThemes Security Pro htttp://ithemes.com/security
@michele_butcher
![Page 21: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/21.jpg)
Need an extra eye on your site?
CloudFlare has a free and premium version. http://cloudflare.com
@michele_butcher
![Page 22: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/22.jpg)
Update! Update! Update!
Update core, update plugins, update themes, update content, update everything
and update often! !
The biggest source of nearly all hacks as once something is patched, it is trivial to get
into the old stuff.@michele_butcher
![Page 23: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/23.jpg)
Have a minimalist approach to plugins and themes.
• Only have the plugins you are using at that time on your site. You can always upload them again later.
• Only have your theme you are using on your site.
• If something is not active, delete it.
@michele_butcher
![Page 24: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/24.jpg)
Back up your site! !
Somewhere, anywhere, just have a backup copy.
BackupBuddy from iThemes is a great choice. iThemes Security will do a database backup for you.
!
http://ithemes.com/backupbuddy
@michele_butcher
![Page 25: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/25.jpg)
Always back up to someplace OTHER than your server. If the
server gets hacked, so does your backup.
@michele_butcher
![Page 26: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/26.jpg)
Don’t let your site get lonely.
Lonely sites can turn into zombie sites and nobody wants a zombie
@michele_butcher
![Page 27: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/27.jpg)
If your website get hacked it is not the end of the world.
!
It can and will be fixed.@michele_butcher
![Page 28: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/28.jpg)
Who cleans hacked websites?
Well I do over at WP Security Lock ~Smile~ !
http://wpsecuritylock.com
I apologize… had to do one shameful plug.
@michele_butcher
![Page 29: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/29.jpg)
What are other ways I can be more secure?
@michele_butcher
![Page 30: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/30.jpg)
ALWAYS use complex passwords. ALWAYS!
For everything!
“password” is never a good password!
@michele_butcher
![Page 31: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/31.jpg)
Never email passwords to anyone. Including yourself.
!
Use a different password for each and every thing you log into.
!
Use something like LastPass or 1Password to share passwords
with others.@michele_butcher
![Page 32: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/32.jpg)
If the login has a Two-Factor authentication,
use it!
@michele_butcher
![Page 33: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/33.jpg)
Anti-virus Protect your unit!
Yes I even have an anti-virus on my Mac!
AVG and Avast have free versions as well as paid. Kaspersky is great with Windows and Macs.
@michele_butcher
![Page 34: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/34.jpg)
Be conscious when using public WiFi.
@michele_butcher
![Page 35: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/35.jpg)
Use a VPN when connecting out in the wild.
torguard.com
@michele_butcher
![Page 36: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/36.jpg)
Update! Update! Update!
Let me say this again
![Page 37: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/37.jpg)
Back up everything and back it up often.
If you fear you might lose information, save it in more than one
spot. Bitcasa, Carbonite, and external hard drives are great options of backing up data.
@michele_butcher
![Page 38: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/38.jpg)
Questions?
@michele_butcher
![Page 39: Security Isn't Scary and It's Not Rocket Science either](https://reader033.vdocuments.net/reader033/viewer/2022052904/55830293d8b42a121c8b4acd/html5/thumbnails/39.jpg)
Thank you for attending!Slides can be found at http://mlb.pw/k1mbf
Michele Butcher @michele_butcher
http://wpsecuritylock.com http://cantspeakgeek.com