Wordpress security and backups are often overlooked, but you need to have them in place before your site gets compromised. The steps to secure and backup a site are simple, so make sure you don't lose all your hard work.

1. Wordpress Security
Claire Jordan - Spearmint Digital

2. Why Wordpress Security
● Wordpress is open source
● So is Apache and Linux
● Open source = free, but everyone can see
the code
● Hackers don’t specifically attack your site -
look for vulnerable sites on the internet

3. Your Server
● Home of your site, security starts here
● VPS vs Shared Hosting
● Use SSH or SFTP to connect

4. Install Wordpress Correctly
● Don’t use fantastico
● wordpress.org and do a manual install

5. Replace Security Keys
● It’s like changing your locks
● Setup authentication keys and salts
● Generate new keys at:
http://api.wordpress.org/secret-key/1.1/salt
● Copy and paste into wp-config.php
● Can do on existing site, will just make users
login again.

6. Replace Security Keys

7. Change the Table Prefix
● Change table prefixes
● default uses wp_ wp1_ wp2_
● If a new website, do this in wp-config.php
● If existing website it’s harder
● Good tutorial at:
http://wpbeginner.com/wp-tutorials/how-to-change-the-
wordpress-database-prefix-to-improve-security
● Can also do with a plugin

8. Get Rid of Comment Spam
● Install Akismet
● Shows your site is well managed
● No more spam!

9. Use Quality Themes and Plugins
● Bad theme or plugin = dangerous code
● Good themes - eg. studiopress, woothemes
● Good plugins - look at reviews
● Limit number of plugins
● Delete anything not in use

10. Update Everything
● Update wordpress core, plugins and theme
● Updates patch known vulnerabilities
● Check your site often

11. Good Username and Password
● Hackers only need 2 pieces of info, don’t
give them the first one
● Unique username and password

12. Good Username and Password
● If you need to change username
http://youtu.be/1R0X-zrtF1k
● Get a good password
www.strongpasswordgenerator.com
● Use a non-admin user for posting, show
author's real name

13. Limit Login Attempts
● Don’t want hackers to be able to try guess
the password

14. Backup Your Site
● A few good plugins:
○ Vaultpress - backups immediately $15/month
○ Backupbuddy - easy to use, good support, $80 for a
license
○ BackWPup - free plugin, can choose where to
backup to

15. Suggested Backup Routine
● Using BackWPup
● Backup to dropbox
● Backup everything (theme, files, database,
plugin list)
● Have 3 jobs, 1 for daily, 1 for weekly and 1
for monthly
● Runs each day at 3am

16. More Security
● Lots more things you can do
● A few examples:
○ blank .html files
○ custom .htaccess files
○ limit access to your IP address
○ secure files with passwords
● Security can always be taken to the next
level

17. Security Plugin
● Install Better WP Security
● Backup your blog
● Needs to change core files
● Use one click protection
● Go through the system status

18. Security Plugin
● Good tutorial:
http://www.wpbrix.com/wordpress/how-to-secure-
wordpress-with-better-wp-security

19. Questions?
Feel free to contact me at:
Claire Jordan
www.spearmintdigital.com.au
claire@spearmintdigital.com.au