Security isn't scary, and it’s not rocket science

either.Michele Butcher

!CantSpeakGeek.com WPSecurityLock.com

!@Michele_Butcher

!Slides can be found at http://mlb.pw/k1mbf

Michele Butcher• WordPress Consultant, Site

Cleaner, and Trainer for WP Security Lock

• WordPress Manager for Megabytes Inc

• One Woman Wonder at Can’t Speak Geek

@michele_butcher

Why is security important?

@michele_butcher

Every day hackers try to find ways to get your information.

@michele_butcher

Why do hackers hack?• Make bank

• Build a zombie site army

• Share their nasty malware with the world

• Get your information

• They are bored

• They want to see if they can do it@michele_butcher

Why are these people attacking me?

Anymore, it is not people but bots attacking your site. Hackers have programs that do the work for them.

!Rarely is it people doing the hacking unless it is targeted.

Strong opinion sites are a good example.

@michele_butcher

How do they get in?• Guess your login. If you know it so can someone

else. (Brute force attack or man in the middle)

• Denial of Service attack (DDoS) flood your site with more traffic than it can handle

• Through a theme, file or plugin

• Through your FTP or CPanel. (Files set to read, write,execute. Brute force, anonymous login, shared hosting infection)

@michele_butcher

And now for the only thing scary that I am

going to say.

@michele_butcher

You are NEVER 100% secure

@michele_butcher

Even a test site or a knitting site with only 2 visitors can be hacked. It can happen to your

site.@michele_butcher

Don’t let security

make you like this guy.

@michele_butcher

But there are ways to keep the hacker attackers out!

@michele_butcher

WordPress Security Basics

@michele_butcher

Never ever ever use admin as user name or password as password.

Never!

@michele_butcher

ALWAYS change your prefix name from wp_ Let it be anything other

than wp_ fdhsfjkhs_ is always good

I typically do not even look at what I am typing anymore when I make the WP prefix. The random the better.

@michele_butcher

If you do have to let others into your dashboard or FTP…• Use SFTP Always!

• Only give them access to what they NEED not what they want

• If it is only a temporary login, delete their login when they have completed their job.

• Set up a file change detection notification to know what they are changing in your site.

@michele_butcher

What about security plugins?

@michele_butcher

iThemes Security

Great all encompassing best practices WordPress security plugin.

Two versions a free and a premium. !

http://ithemes.com/security

@michele_butcher

Brute ProtectIf you are mainly worried about DDoS attacks, Brute

Protect has you covered. !

http://bruteprotect.com

@michele_butcher

Who can scan my site for malware?

Google Webmaster Tools http://google.com/webmaster !

VirusTotal https://virustotal.com !

iThemes Security Pro htttp://ithemes.com/security

@michele_butcher

Need an extra eye on your site?

CloudFlare has a free and premium version. http://cloudflare.com

@michele_butcher

Update! Update! Update!

Update core, update plugins, update themes, update content, update everything

and update often! !

The biggest source of nearly all hacks as once something is patched, it is trivial to get

into the old stuff.@michele_butcher

Have a minimalist approach to plugins and themes.

• Only have the plugins you are using at that time on your site. You can always upload them again later.

• Only have your theme you are using on your site.

• If something is not active, delete it.

@michele_butcher

Back up your site! !

Somewhere, anywhere, just have a backup copy.

BackupBuddy from iThemes is a great choice. iThemes Security will do a database backup for you.

!

http://ithemes.com/backupbuddy

@michele_butcher

Always back up to someplace OTHER than your server. If the

server gets hacked, so does your backup.

@michele_butcher

Don’t let your site get lonely.

Lonely sites can turn into zombie sites and nobody wants a zombie

@michele_butcher

If your website get hacked it is not the end of the world.

!

It can and will be fixed.@michele_butcher

Who cleans hacked websites?

Well I do over at WP Security Lock ~Smile~ !

http://wpsecuritylock.com

I apologize… had to do one shameful plug.

@michele_butcher

What are other ways I can be more secure?

@michele_butcher

ALWAYS use complex passwords. ALWAYS!

For everything!

“password” is never a good password!

@michele_butcher

Never email passwords to anyone. Including yourself.

!

Use a different password for each and every thing you log into.

!

Use something like LastPass or 1Password to share passwords

with others.@michele_butcher

If the login has a Two-Factor authentication,

use it!

@michele_butcher

Anti-virus Protect your unit!

Yes I even have an anti-virus on my Mac!

AVG and Avast have free versions as well as paid. Kaspersky is great with Windows and Macs.

@michele_butcher

Be conscious when using public WiFi.

@michele_butcher

Use a VPN when connecting out in the wild.

torguard.com

@michele_butcher

Update! Update! Update!

Let me say this again

Back up everything and back it up often.

If you fear you might lose information, save it in more than one

spot. Bitcasa, Carbonite, and external hard drives are great options of backing up data.

@michele_butcher

Questions?

@michele_butcher

Thank you for attending!Slides can be found at http://mlb.pw/k1mbf

Michele Butcher @michele_butcher

http://wpsecuritylock.com http://cantspeakgeek.com