2. Who is this guy?
Founder WPApprentice.com
Web Developer 16 years
CMS specialist
Using WP since v. 0.9
Manage 30 + WP sites
3. Overview of todays session
The current state of web & WordPress security
Hacking risks
How sites get hacked
How to tell if your site has been hacked
Security best practices
Recommended plugins & security services
18. What’s the worst that can happen?
Site defaced
Content modified
Content injection (spam)
Site deleted
Backdoor installed - hackers your your site to attack others
Malware distribution from your website
19. What’s the worst that can happen?
Damage to your reputation
Damage to your visitors computers
Damage to your relationship with your customers
Site removed from Google and other search engines
Possible legal liabilities depending on information exposed or lost
21. “I just installed WordPress on a new domain.
I have zero traffic, in fact I’m still setting up my website”
What are the chances?
22.
23. This isn’t about you or your website - most attacks are automated
Don’t take hacking personally - hackers don’t
They see your server as an asset for future hacking activity
The hacker perspective
25. How websites get hacked
Weak password
Outdated software
Use of insecure FTP
Shared web host / bad file permissions
Security weakness in plugin
Security weakness in theme
Security weakness in WP (these are patched very quickly)
35. Backups are the only sure way to protect your website
Schedule database backups daily
Schedule full site backups weekly
Be sure to backup your /wp-content/uploads folder
Move backup files off your server
http://wpapprentice.com/blog/preparing-for-a-wordpress-disaster/
Backup Regularly
38. Never name an account “Admin” or any variation
Don’t post from an account with admin privileges
Create an account specifically for posting - assign Editor role
WordPress user setup
39.
40.
41. Use a strong password (and don’t re-use passwords)