SlideShare ist ein Scribd-Unternehmen logo

Presentation to SAIT Students - Dec 2013

Als PPTX, PDF herunterladen
Think Media Inc.
Think Media Inc.
TechnologieBusiness
1 von 24
SAIT Web Design Theory and Social Media Concepts Wordpress – Setup and Securing
403-617-4197 mitchpopilchak mitchpopilchak@gmail.com
Hosting • • • • • • WPEngine Hostgator Bluehost Netfirm GoDaddy MediaTemple • http://en.wikipedia.org/wiki/Endurance_International_Group
Theme - Frameworks • • • • • StudioPress/Genesis Thesis Headway Pagelines Woo
Themes - Premium • • • • • • • Genesis (best) ThemeForest (thousands) MySiteMyWay (bad) Elegant Themes (bad) Woo Themes Thousands more … Be careful!! • http://athemes.com/collections/best-business-wordpress-themes
My Plugin Selects • Akismet • CommentLuv – Disqus or LiveFyre • Google Analytics for Wordpress (Yoast) • Wordpress SEO (Yoast) – Use all the settings! • Optimize Database after Deleting Revisions • Swiftype Search • Relevanssi • Gravity Forms • Contact Form 7
My Plugin Selects • • • • Better WP Security Wordfence Security Sucuri Security Alpine PhotoTile for Instagram/Pinterest • Easy Recipe Plus • • • • Redirection Shareaholic nRelate Wordpress Editorial Calendar
Install and Remove • P3 – Plugin Performance Profiler • Theme-Check – Tests your theme for vulnerabilities and bad code • Remove all unused themes and plugins! • Update your plugins regularly please!
How many plugins? • Too many can slow down your site • Avoid the shiny plugin syndrome • Plugins add code – limiting the # of plugins limits potential security holes • Shared hosting is not a friendly environment for a site with lots of plugins
Fun for me vs Good for the user? • Plugins make our lives easier  • So before you add another plugin ask yourself – Do I need the functionality or ‘want it’? – Will it help my readers? – Will my business/site grow by adding it? • Paid or Free????
Backups – easy peasy right? • • • • • • Install a plugin and you’re good to go! WRONG! Backing up your dB isn’t enough Disaster can strike at any time Backup your whole site (files) regularly Store the files in the cloud or on a thumbdrive
Backup Plugins • WP Security – Has manual and auto dB backup built in • WP DB Backup – Doesn’t work for me on GoDaddy • Wordpress Database Backup (database only) • Wordpress Backup Plugin (files, images, plugs)
Backup • Most plugins only ‘backup’ your dB. • What about restoring? – It can be a nightmare, trust me! • Premium $$ – blogVault – BackupBuddy – VaultPress (real-time) – SyncSage (local company)
Securing WordPress • • • • • • • Remove the admin account Install the basic security plugins Remove unused themes and plugins Update WP, Plugins, and Themes regularly Have an admin user account for maintenance Have an editor account for posting Never display the “post” author name
Username vs Author /Display name
Securing WordPress • Connect via FTP? Switch to FTP-SSL or FTPS if your hosting allows for it. Home or coffee shop, it’s a good practice. • When logging in to wp-admin from anywhere but home/office, use an editor/author/contributor account. Limits the risk of interception of an admin account login.
Securing WordPress • File Permissions (via ftp) – CHMOD all files to 644 – CHMOD all directories/folders to 755 – CHMOD wp-config.php to 750 – CHMOD wp-content/ to 644 (777 for updates) • Change the dB prefix from wp_ (WP Security) • Use strong passwords, and not the same as your gmail, etc.
Securing Wordpress (only for pros) • Move your wp-config.php file For example: public_html/wordpress/wp-config.phpCan be moved to: public_html/wp-config.php • Move your wp-content directory Once you have moved your directory you will need to make some adjustments to your wp-config.php file. Add the following lines: define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content' ); define( 'WP_CONTENT_URL', 'http://example/blog/wp-content'); You may also need to define the new location for your plug-ins here by adding these lines to the file: define( 'WP_PLUGIN_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content/plugins' ); define( 'WP_PLUGIN_URL', 'http://example/blog/wp-content/plugins');
Securing WordPress • Create an .htaccess file in /wp-admin/ # BEGIN WordPress RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress
Securing WordPress wp-config.php /**#@+ * Authentication Unique Keys and Salts. * * Change these to different unique phrases! * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secretkey service} * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. * * @since 2.6.0 */ define('AUTH_KEY', 'hr+t*O/I&B&J2nwMU44d'); define('SECURE_AUTH_KEY', 'j9drDhHcQ 2@ FXGXjj='); define('LOGGED_IN_KEY', 'M)NxB1-IMrMOvzfUg&!m'); define('NONCE_KEY', 'DVHBzX!*IEcyJs wb/$I'); define('AUTH_SALT', '#3CGx3fk0RWgnk5598xt'); define('SECURE_AUTH_SALT', '5jRxpF=yV)@bwgDdWC9_'); define('LOGGED_IN_SALT', 'vTqj1RZ=y=-Nf#wg-aBW'); define('NONCE_SALT', 'hFW_D-R!$O2y)Xr*xm14');
Securing WordPress • Use your google webmaster tools • Check for keyword significance, crawl errors, malware reports. • If your keyword significance reports unusual pharma, adult or similar spam words your site likely has been hacked (cloaked). • Fetch your site as a google bot (tools) and see if your site is cloaked to appear different to google bot.
Hacked? 1. Take down your site/blog 2. Why? Because most hacks are executed with scripts that attach to many files in your site. 3. Just put up a maintenance page. Don’t announce you have been hacked. 4. Run you security plugins? You installed them right?!
Hacked? 5. Change your WordPress, MySQL and hosting/ftp username and password. 6. Check all your header and footer files for any suspicious code, JavaScript, links, etc. 7. Happy it all looks ok/clean? Turn it back on. 8. If this fails to work, then it’s time for a clean install. Got those backup files? Backup dB?
Best protection? • • • • • • • • Backup dB Backup files, images, plugins Install security plugins Complex passwords Avoid ‘admin’ login from unsecured locations Limit number of plugins Update plugins and Wordpress You will be hacked at some point.

Empfohlen

Launching a WordPress Site 101 (Cincinnati WordPress, August 2015)
Launching a WordPress Site 101 (Cincinnati WordPress, August 2015)Launching a WordPress Site 101 (Cincinnati WordPress, August 2015)
Launching a WordPress Site 101 (Cincinnati WordPress, August 2015)Andrew Duthie
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and SecurityThink Media Inc.
 
Ithemes presentation
Ithemes presentationIthemes presentation
Ithemes presentationJason Yingling
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server SecurityPeter Baylies
 
Speeding Up WordPress sites
Speeding Up WordPress sitesSpeeding Up WordPress sites
Speeding Up WordPress sitesJason Yingling
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009Brad Williams
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
WordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateWordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateZero Point Development
 

Empfohlen

Launching a WordPress Site 101 (Cincinnati WordPress, August 2015)
Launching a WordPress Site 101 (Cincinnati WordPress, August 2015)Launching a WordPress Site 101 (Cincinnati WordPress, August 2015)
Launching a WordPress Site 101 (Cincinnati WordPress, August 2015)Andrew Duthie
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and SecurityThink Media Inc.
 
Ithemes presentation
Ithemes presentationIthemes presentation
Ithemes presentationJason Yingling
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server SecurityPeter Baylies
 
Speeding Up WordPress sites
Speeding Up WordPress sitesSpeeding Up WordPress sites
Speeding Up WordPress sitesJason Yingling
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009Brad Williams
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
WordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateWordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateZero Point Development
 
Rebrand WordPress Admin
Rebrand WordPress AdminRebrand WordPress Admin
Rebrand WordPress AdminChandra Prakash Thapa
 
Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkManaging Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkWilliam Earnhardt
 
WordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityWordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityBrad Williams
 
Optimizing WordPress - WordPress SF Meetup April 2012
Optimizing WordPress - WordPress SF Meetup April 2012Optimizing WordPress - WordPress SF Meetup April 2012
Optimizing WordPress - WordPress SF Meetup April 2012Ben Metcalfe
 
WordPress Theme Structure
WordPress Theme StructureWordPress Theme Structure
WordPress Theme Structurekeithdevon
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013Brad Williams
 
Advanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksAdvanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksBrad Williams
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignJudy Wilson
 
WordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress SecurityWordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress SecurityTiia Rantanen
 
WordPress theme development from scratch : ICT MeetUp 2013 Nepal
WordPress theme development from scratch : ICT MeetUp 2013 NepalWordPress theme development from scratch : ICT MeetUp 2013 Nepal
WordPress theme development from scratch : ICT MeetUp 2013 NepalChandra Prakash Thapa
 
Theming 101
Theming 101Theming 101
Theming 101WinnipegWordcamp
 
WordPress Security Blitz
WordPress Security BlitzWordPress Security Blitz
WordPress Security BlitzNevada Interpreters and Translators Association (NITA)
 
Responsive Theme Workshop - WordCamp Columbus 2015
Responsive Theme Workshop - WordCamp Columbus 2015Responsive Theme Workshop - WordCamp Columbus 2015
Responsive Theme Workshop - WordCamp Columbus 2015Joe Querin
 
High Performance WordPress
High Performance WordPressHigh Performance WordPress
High Performance WordPressvnsavage
 
Cms & wordpress theme development 2011
Cms & wordpress theme development 2011Cms & wordpress theme development 2011
Cms & wordpress theme development 2011Dave Wallace
 
WordPress Theme Development: Part 2
WordPress Theme Development: Part 2WordPress Theme Development: Part 2
WordPress Theme Development: Part 2Josh Lee
 
Introduction to WordPress Theme Development
Introduction to WordPress Theme DevelopmentIntroduction to WordPress Theme Development
Introduction to WordPress Theme DevelopmentSitdhibong Laokok
 
HyperDB, MySQL Performance, & Flavors of MySQL
HyperDB, MySQL Performance, & Flavors of MySQLHyperDB, MySQL Performance, & Flavors of MySQL
HyperDB, MySQL Performance, & Flavors of MySQLEvan Volgas
 
Presentation on Instant page speed optimization
Presentation on Instant page speed optimizationPresentation on Instant page speed optimization
Presentation on Instant page speed optimizationSanjeev Kumar Jaiswal
 
WordPress Multisite
WordPress MultisiteWordPress Multisite
WordPress MultisiteBrad Williams
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Brad Williams
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanJeff Hoffman
 

Weitere ähnliche Inhalte

Was ist angesagt?

Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkManaging Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkWilliam Earnhardt
 
WordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityWordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityBrad Williams
 
Optimizing WordPress - WordPress SF Meetup April 2012
Optimizing WordPress - WordPress SF Meetup April 2012Optimizing WordPress - WordPress SF Meetup April 2012
Optimizing WordPress - WordPress SF Meetup April 2012Ben Metcalfe
 
WordPress Theme Structure
WordPress Theme StructureWordPress Theme Structure
WordPress Theme Structurekeithdevon
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013Brad Williams
 
Advanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksAdvanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksBrad Williams
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignJudy Wilson
 
WordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress SecurityWordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress SecurityTiia Rantanen
 
WordPress theme development from scratch : ICT MeetUp 2013 Nepal
WordPress theme development from scratch : ICT MeetUp 2013 NepalWordPress theme development from scratch : ICT MeetUp 2013 Nepal
WordPress theme development from scratch : ICT MeetUp 2013 NepalChandra Prakash Thapa
 
Responsive Theme Workshop - WordCamp Columbus 2015
Responsive Theme Workshop - WordCamp Columbus 2015Responsive Theme Workshop - WordCamp Columbus 2015
Responsive Theme Workshop - WordCamp Columbus 2015Joe Querin
 
High Performance WordPress
High Performance WordPressHigh Performance WordPress
High Performance WordPressvnsavage
 
Cms & wordpress theme development 2011
Cms & wordpress theme development 2011Cms & wordpress theme development 2011
Cms & wordpress theme development 2011Dave Wallace
 
WordPress Theme Development: Part 2
WordPress Theme Development: Part 2WordPress Theme Development: Part 2
WordPress Theme Development: Part 2Josh Lee
 
Introduction to WordPress Theme Development
Introduction to WordPress Theme DevelopmentIntroduction to WordPress Theme Development
Introduction to WordPress Theme DevelopmentSitdhibong Laokok
 
HyperDB, MySQL Performance, & Flavors of MySQL
HyperDB, MySQL Performance, & Flavors of MySQLHyperDB, MySQL Performance, & Flavors of MySQL
HyperDB, MySQL Performance, & Flavors of MySQLEvan Volgas
 
Presentation on Instant page speed optimization
Presentation on Instant page speed optimizationPresentation on Instant page speed optimization
Presentation on Instant page speed optimizationSanjeev Kumar Jaiswal
 

Was ist angesagt? (20)

Rebrand WordPress Admin
Rebrand WordPress AdminRebrand WordPress Admin
Rebrand WordPress Admin
 
Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkManaging Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large Network
 
WordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityWordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress Security
 
Optimizing WordPress - WordPress SF Meetup April 2012
Optimizing WordPress - WordPress SF Meetup April 2012Optimizing WordPress - WordPress SF Meetup April 2012
Optimizing WordPress - WordPress SF Meetup April 2012
 
WordPress Theme Structure
WordPress Theme StructureWordPress Theme Structure
WordPress Theme Structure
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
 
Advanced Thesis Techniques and Tricks
Advanced Thesis Techniques and TricksAdvanced Thesis Techniques and Tricks
Advanced Thesis Techniques and Tricks
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web Design
 
WordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress SecurityWordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress Security
 
WordPress theme development from scratch : ICT MeetUp 2013 Nepal
WordPress theme development from scratch : ICT MeetUp 2013 NepalWordPress theme development from scratch : ICT MeetUp 2013 Nepal
WordPress theme development from scratch : ICT MeetUp 2013 Nepal
 
Theming 101
Theming 101Theming 101
Theming 101
 
WordPress Security Blitz
WordPress Security BlitzWordPress Security Blitz
WordPress Security Blitz
 
Responsive Theme Workshop - WordCamp Columbus 2015
Responsive Theme Workshop - WordCamp Columbus 2015Responsive Theme Workshop - WordCamp Columbus 2015
Responsive Theme Workshop - WordCamp Columbus 2015
 
High Performance WordPress
High Performance WordPressHigh Performance WordPress
High Performance WordPress
 
Cms & wordpress theme development 2011
Cms & wordpress theme development 2011Cms & wordpress theme development 2011
Cms & wordpress theme development 2011
 
WordPress Theme Development: Part 2
WordPress Theme Development: Part 2WordPress Theme Development: Part 2
WordPress Theme Development: Part 2
 
Introduction to WordPress Theme Development
Introduction to WordPress Theme DevelopmentIntroduction to WordPress Theme Development
Introduction to WordPress Theme Development
 
HyperDB, MySQL Performance, & Flavors of MySQL
HyperDB, MySQL Performance, & Flavors of MySQLHyperDB, MySQL Performance, & Flavors of MySQL
HyperDB, MySQL Performance, & Flavors of MySQL
 
Presentation on Instant page speed optimization
Presentation on Instant page speed optimizationPresentation on Instant page speed optimization
Presentation on Instant page speed optimization
 
WordPress Multisite
WordPress MultisiteWordPress Multisite
WordPress Multisite
 

Ähnlich wie Presentation to SAIT Students - Dec 2013

Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Brad Williams
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanJeff Hoffman
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
WordPress
WordPressWordPress
WordPressrisager
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
Securing Your WordPress Installation
Securing Your WordPress InstallationSecuring Your WordPress Installation
Securing Your WordPress InstallationLester Chan
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010Brad Williams
 
20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for BeginnersTRB Design, Inc.
 
Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Brad Williams
 
WordPress Optimization & Security - ThinkVisibility 2012, Leeds
WordPress Optimization & Security - ThinkVisibility 2012, LeedsWordPress Optimization & Security - ThinkVisibility 2012, Leeds
WordPress Optimization & Security - ThinkVisibility 2012, LeedsBastian Grimm
 
WordPress Optimization & Security - LAC 2013, London
WordPress Optimization & Security - LAC 2013, LondonWordPress Optimization & Security - LAC 2013, London
WordPress Optimization & Security - LAC 2013, LondonBastian Grimm
 
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 201340 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013Bastian Grimm
 
Tips & Tricks in securing your WordPress installation
Tips & Tricks in securing your WordPress installationTips & Tricks in securing your WordPress installation
Tips & Tricks in securing your WordPress installationLester Chan
 
Wordpress Security Tips
Wordpress Security TipsWordpress Security Tips
Wordpress Security TipsLalit Nama
 

Ähnlich wie Presentation to SAIT Students - Dec 2013 (20)

Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff Hoffman
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Optimize wordpress
Optimize wordpressOptimize wordpress
Optimize wordpress
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
 
WordPress
WordPressWordPress
WordPress
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
Securing Your WordPress Installation
Securing Your WordPress InstallationSecuring Your WordPress Installation
Securing Your WordPress Installation
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
 
WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners
 
Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012
 
WordPress Optimization & Security - ThinkVisibility 2012, Leeds
WordPress Optimization & Security - ThinkVisibility 2012, LeedsWordPress Optimization & Security - ThinkVisibility 2012, Leeds
WordPress Optimization & Security - ThinkVisibility 2012, Leeds
 
The WordPress Way
The WordPress WayThe WordPress Way
The WordPress Way
 
WordPress Optimization & Security - LAC 2013, London
WordPress Optimization & Security - LAC 2013, LondonWordPress Optimization & Security - LAC 2013, London
WordPress Optimization & Security - LAC 2013, London
 
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 201340 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
 
Tips & Tricks in securing your WordPress installation
Tips & Tricks in securing your WordPress installationTips & Tricks in securing your WordPress installation
Tips & Tricks in securing your WordPress installation
 
Wordpress Security Tips
Wordpress Security TipsWordpress Security Tips
Wordpress Security Tips
 

Kürzlich hochgeladen

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Presentation to SAIT Students - Dec 2013

  • 1. SAIT Web Design Theory and Social Media Concepts Wordpress – Setup and Securing
  • 5. Themes - Premium • • • • • • • Genesis (best) ThemeForest (thousands) MySiteMyWay (bad) Elegant Themes (bad) Woo Themes Thousands more … Be careful!! • http://athemes.com/collections/best-business-wordpress-themes
  • 6. My Plugin Selects • Akismet • CommentLuv – Disqus or LiveFyre • Google Analytics for Wordpress (Yoast) • Wordpress SEO (Yoast) – Use all the settings! • Optimize Database after Deleting Revisions • Swiftype Search • Relevanssi • Gravity Forms • Contact Form 7
  • 7. My Plugin Selects • • • • Better WP Security Wordfence Security Sucuri Security Alpine PhotoTile for Instagram/Pinterest • Easy Recipe Plus • • • • Redirection Shareaholic nRelate Wordpress Editorial Calendar
  • 8. Install and Remove • P3 – Plugin Performance Profiler • Theme-Check – Tests your theme for vulnerabilities and bad code • Remove all unused themes and plugins! • Update your plugins regularly please!
  • 9. How many plugins? • Too many can slow down your site • Avoid the shiny plugin syndrome • Plugins add code – limiting the # of plugins limits potential security holes • Shared hosting is not a friendly environment for a site with lots of plugins
  • 10. Fun for me vs Good for the user? • Plugins make our lives easier  • So before you add another plugin ask yourself – Do I need the functionality or ‘want it’? – Will it help my readers? – Will my business/site grow by adding it? • Paid or Free????
  • 11. Backups – easy peasy right? • • • • • • Install a plugin and you’re good to go! WRONG! Backing up your dB isn’t enough Disaster can strike at any time Backup your whole site (files) regularly Store the files in the cloud or on a thumbdrive
  • 12. Backup Plugins • WP Security – Has manual and auto dB backup built in • WP DB Backup – Doesn’t work for me on GoDaddy • Wordpress Database Backup (database only) • Wordpress Backup Plugin (files, images, plugs)
  • 13. Backup • Most plugins only ‘backup’ your dB. • What about restoring? – It can be a nightmare, trust me! • Premium $$ – blogVault – BackupBuddy – VaultPress (real-time) – SyncSage (local company)
  • 14. Securing WordPress • • • • • • • Remove the admin account Install the basic security plugins Remove unused themes and plugins Update WP, Plugins, and Themes regularly Have an admin user account for maintenance Have an editor account for posting Never display the “post” author name
  • 15. Username vs Author /Display name
  • 16. Securing WordPress • Connect via FTP? Switch to FTP-SSL or FTPS if your hosting allows for it. Home or coffee shop, it’s a good practice. • When logging in to wp-admin from anywhere but home/office, use an editor/author/contributor account. Limits the risk of interception of an admin account login.
  • 17. Securing WordPress • File Permissions (via ftp) – CHMOD all files to 644 – CHMOD all directories/folders to 755 – CHMOD wp-config.php to 750 – CHMOD wp-content/ to 644 (777 for updates) • Change the dB prefix from wp_ (WP Security) • Use strong passwords, and not the same as your gmail, etc.
  • 18. Securing Wordpress (only for pros) • Move your wp-config.php file For example: public_html/wordpress/wp-config.phpCan be moved to: public_html/wp-config.php • Move your wp-content directory Once you have moved your directory you will need to make some adjustments to your wp-config.php file. Add the following lines: define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content' ); define( 'WP_CONTENT_URL', 'http://example/blog/wp-content'); You may also need to define the new location for your plug-ins here by adding these lines to the file: define( 'WP_PLUGIN_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content/plugins' ); define( 'WP_PLUGIN_URL', 'http://example/blog/wp-content/plugins');
  • 19. Securing WordPress • Create an .htaccess file in /wp-admin/ # BEGIN WordPress RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress
  • 20. Securing WordPress wp-config.php /**#@+ * Authentication Unique Keys and Salts. * * Change these to different unique phrases! * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secretkey service} * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. * * @since 2.6.0 */ define('AUTH_KEY', 'hr+t*O/I&B&J2nwMU44d'); define('SECURE_AUTH_KEY', 'j9drDhHcQ 2@ FXGXjj='); define('LOGGED_IN_KEY', 'M)NxB1-IMrMOvzfUg&!m'); define('NONCE_KEY', 'DVHBzX!*IEcyJs wb/$I'); define('AUTH_SALT', '#3CGx3fk0RWgnk5598xt'); define('SECURE_AUTH_SALT', '5jRxpF=yV)@bwgDdWC9_'); define('LOGGED_IN_SALT', 'vTqj1RZ=y=-Nf#wg-aBW'); define('NONCE_SALT', 'hFW_D-R!$O2y)Xr*xm14');
  • 21. Securing WordPress • Use your google webmaster tools • Check for keyword significance, crawl errors, malware reports. • If your keyword significance reports unusual pharma, adult or similar spam words your site likely has been hacked (cloaked). • Fetch your site as a google bot (tools) and see if your site is cloaked to appear different to google bot.
  • 22. Hacked? 1. Take down your site/blog 2. Why? Because most hacks are executed with scripts that attach to many files in your site. 3. Just put up a maintenance page. Don’t announce you have been hacked. 4. Run you security plugins? You installed them right?!
  • 23. Hacked? 5. Change your WordPress, MySQL and hosting/ftp username and password. 6. Check all your header and footer files for any suspicious code, JavaScript, links, etc. 7. Happy it all looks ok/clean? Turn it back on. 8. If this fails to work, then it’s time for a clean install. Got those backup files? Backup dB?
  • 24. Best protection? • • • • • • • • Backup dB Backup files, images, plugins Install security plugins Complex passwords Avoid ‘admin’ login from unsecured locations Limit number of plugins Update plugins and Wordpress You will be hacked at some point.