Empfohlen
Weitere ähnliche Inhalte
Andere mochten auch
Andere mochten auch (18)
Ähnlich wie WordPress Security: Get it or Lose It - DaytonWP January 2013 MeetUp
Ähnlich wie WordPress Security: Get it or Lose It - DaytonWP January 2013 MeetUp (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
WordPress Security: Get it or Lose It - DaytonWP January 2013 MeetUp
- 2. Who Am I Media – Marketing - Geek @natedriver linkedin.com/in/ndriver nathandriver.com
- 3. WP Security: 3 Sections Basic Settings PLUGINS Advanced Settings …and everything in between
- 4. Basic Settings: Noob Starting with the basics
- 5. WP Security: Basic Settings Stop using ADMIN Do not make easy for hackers to ‘guess’ your username Change the table prefix It Is NOT that difficult
- 6. WP Security: Basic Settings DON’T MAKE IT EASY
- 7. WP Security: Basic Settings
- 8. WP Security: Basic Settings • • • • • • • • • • • • • • A strong password: has at least 15 characters; has uppercase letters; has lowercase letters; has numbers; has symbols, such as ` ! " ? $ ? % ^ & * ( ) _ - + = { [ } ] : ; @ ' ~ # | < , > . ? / is not like your previous passwords; is not your name; is not your login; is not your friend’s name; is not your family member’s name; is not a dictionary word; is not a common name; is not a keyboard pattern, such as qwerty, asdfghjkl, or 12345678.
- 9. WP Security: Basic Settings UPDATE – UPDATE - UPDATE You see it – do something about it!
- 10. Plugins: Help Yourself They’re there to help make your life easier
- 11. WP Security: Plugins BACKUP – BACKUP - BACKUP VaultPress http://vaultpress.com
- 12. WP Security: Plugins Brute Force Limit Login Attempts: http://wordpress.org/extend/plugins/li mit-login-attempts/
- 13. WP Security: Plugins WP Security Scan: 1. Passwords 2. File Permissions 3. Database security 4. Version hiding 5. WordPress admin protection/security 6. Removes WP Generator META tag from core code
- 14. WP Security: Plugins Better WP Security • • • • • • • • • • • • Remove the meta “Generator” tag Change the urls for WordPress dashboard including login, admin, and more Completely turn off the ability to login for a given time period (away mode) Remove theme, plugin, and core update notifications from users who do not have permission to update them Remove Windows Live Write header information Remove RSD header information Rename “admin” account Change the ID on the user with ID 1 Change the WordPress database table prefix Change wp-content path Removes login error messages Display a random version number to non administrative users anywhere version is used
- 15. Advanced: Watch Yourself Behind the scenes
- 16. WP Security: Advanced Settings phpMyAdmin -> Database -> …users
- 17. WP Security: Advanced Settings Alternative steps: •Create a new user •Give them admin rights •Log out •Log in under new user •Delete “admin” account
- 18. WP Security: Advanced Settings Folder Permissions • All directories should be 755 or 750. • All files should be 644 or 640. Exception: wpconfig.php should be 600 to prevent other users on the server from reading it. • No directories should ever be given 777, even upload directories. Since the php process is running as the owner of the files, it gets the owners permissions and can write to even a 755 directory.
- 19. WP Security: Advanced Settings Get rid of WordPress version This can be found • Header.php {header meta} • Readme.html file Fix by placing either one in the functions of your theme •remove_action(‘wp_head’,’wp_generator’); •function remove_wp_version() { return ‘’; }
- 20. Get It or Lose It Nathan Driver Media – Marketing – Geek @natedriver www.nathandriver.com WordPress Security: