wcbham beginner wordpress security
TRANSCRIPT
![Page 1: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/1.jpg)
Beginner WordPress Security
Tips to Help Secure Your WordPress Site
WordCamp Birmingham, 2016
#wcbham
![Page 2: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/2.jpg)
Gerroald Barron
[email protected] - @gerroald
https://profiles.wordpress.org/gerroald
https://ithemes.com/security/
https://wordpress.org/plugins/better-wp-security/
![Page 3: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/3.jpg)
Why Would Someone Want to Hack My Site?
Twitter - @gerroald http://www.slideshare.net/GerroaldBarron
![Page 4: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/4.jpg)
There are currently over 1 Billion websites on the web.
https://sucuri.net/website-security/website-hacked-report
WordPress powers about 26% of them.
Twitter - @gerroald http://www.slideshare.net/GerroaldBarron
![Page 5: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/5.jpg)
You’re likely not the target, WordPress is.
Twitter - @gerroald www.slideshare.net/GerroaldBarron
![Page 6: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/6.jpg)
![Page 7: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/7.jpg)
It’s not about if you get attacked, but rather how to prevent it from
being successful.
Twitter - @gerroald www.slideshare.net/GerroaldBarron
![Page 8: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/8.jpg)
If you know your passwords, they’re likely too weak.
Strong Passwords
![Page 9: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/9.jpg)
Password Managers
https://www.dashlane.com/passwordmanager
https://1password.com/
https://lastpass.com/
Twitter - @gerroald www.slideshare.net/GerroaldBarron
![Page 10: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/10.jpg)
Two-Factor Authentication
Two-Factor Authentication is not a mere nuisance, it’s Real Security.
Twitter - @gerroald www.slideshare.net/GerroaldBarron
![Page 11: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/11.jpg)
Two Factor Plugins
WordPress Two-Factor Plugins
https://ithemes.com/security/
Twitter - @gerroald www.slideshare.net/GerroaldBarron
![Page 12: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/12.jpg)
Two-Factor Mobile Apps
Google Authenticator Android
Authy for iOS and Android
Google Authenticator iOS
Twitter - @gerroald www.slideshare.net/GerroaldBarron
![Page 13: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/13.jpg)
Changing the SaltsSalted Keys further protect your login credentials stored in your cookies.
https://api.wordpress.org/secret-key/1.1/salt/
*tutorial*
![Page 14: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/14.jpg)
Plugins to Change Your Salts
https://wordpress.org/plugins/better-wp-security/
https://wordpress.org/plugins/wp-config-file-editor/
Twitter - @gerroald www.slideshare.net/GerroaldBarron
![Page 15: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/15.jpg)
Secure File Permissions
How secure is your site if anyone can view or write to your server files? It’s not. Secure file permissions are a must.
Twitter - @gerroald www.slideshare.net/GerroaldBarron
![Page 16: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/16.jpg)
Using sFTP Encryption vs FTP
The SFTP and FTP protocols both transfer data, that’s where their similarities end.
![Page 17: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/17.jpg)
FTP stands for File Transfer Protocol
sFTP stands for (SSH) File Transfer Protocol
FTP transfers data between two remote connections, in plain text.
sFTP ensures that data is securely transferred privately with use of the SSH2 protocol.
Twitter - @gerroald www.slideshare.net/GerroaldBarron
![Page 18: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/18.jpg)
SSL (Secure Sockets Layer)
What is it? Why should I use it?
Twitter - @gerroald www.slideshare.net/GerroaldBarron
![Page 19: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/19.jpg)
SSL creates an encrypted connection between your web server and your visitors' web
browser.
Twitter - @gerroald www.slideshare.net/GerroaldBarron
![Page 20: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/20.jpg)
HTTP stands for Hyper Text Protocol
HTTPS stands for Hyper Text Protocol Secure
When using HTTP to transfer information it’s relatively easy for a knowledgable person to intercept, and view it.
When using HTTPS if anyone is able to intercept it, they still won’t be able to decipher it because it’s encrypted.
SSLSecure Socket Layers is the security during the transfer while
using HTTPS.
Twitter - @gerroald www.slideshare.net/GerroaldBarron
![Page 21: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/21.jpg)
Free SSL Certificates
https://letsencrypt.org/
https://ssl.comodo.com/free-ssl-certificate.php
Twitter - @gerroald www.slideshare.net/GerroaldBarron
![Page 22: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/22.jpg)
![Page 23: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/23.jpg)
Maintenance
Keep WordPress Core up to date. Keep your plugins and themes up to date Regularly update your passwords Remove plugins, themes and users that aren't being used. ALWAYS have a recent backup.
Twitter - @gerroald www.slideshare.net/GerroaldBarron
![Page 24: WCBham Beginner WordPress Security](https://reader033.vdocuments.net/reader033/viewer/2022042517/5878760f1a28ab497b8b7427/html5/thumbnails/24.jpg)
SummaryUse a strong password with the help of a password manager
Two-Factor for ALL THE THINGS
Regularly change your Salts
Use secure file permissions
Use sFTP when ever possible
Use SSL on all of your sites
Please keep your site and everything on it up to date