Wordpress security and backups are often overlooked, but you need to have them in place before your site gets compromised. The steps to secure and backup a site are simple, so make sure you don't lose all your hard work.
2. Why Wordpress Security
â Wordpress is open source
â So is Apache and Linux
â Open source = free, but everyone can see
the code
â Hackers donât specifically attack your site -
look for vulnerable sites on the internet
3. Your Server
â Home of your site, security starts here
â VPS vs Shared Hosting
â Use SSH or SFTP to connect
5. Replace Security Keys
â Itâs like changing your locks
â Setup authentication keys and salts
â Generate new keys at:
http://api.wordpress.org/secret-key/1.1/salt
â Copy and paste into wp-config.php
â Can do on existing site, will just make users
login again.
7. Change the Table Prefix
â Change table prefixes
â default uses wp_ wp1_ wp2_
â If a new website, do this in wp-config.php
â If existing website itâs harder
â Good tutorial at:
http://wpbeginner.com/wp-tutorials/how-to-change-the-
wordpress-database-prefix-to-improve-security
â Can also do with a plugin
8. Get Rid of Comment Spam
â Install Akismet
â Shows your site is well managed
â No more spam!
9. Use Quality Themes and Plugins
â Bad theme or plugin = dangerous code
â Good themes - eg. studiopress, woothemes
â Good plugins - look at reviews
â Limit number of plugins
â Delete anything not in use
10. Update Everything
â Update wordpress core, plugins and theme
â Updates patch known vulnerabilities
â Check your site often
11. Good Username and Password
â Hackers only need 2 pieces of info, donât
give them the first one
â Unique username and password
12. Good Username and Password
â If you need to change username
http://youtu.be/1R0X-zrtF1k
â Get a good password
www.strongpasswordgenerator.com
â Use a non-admin user for posting, show
author's real name
14. Backup Your Site
â A few good plugins:
â Vaultpress - backups immediately $15/month
â Backupbuddy - easy to use, good support, $80 for a
license
â BackWPup - free plugin, can choose where to
backup to
15. Suggested Backup Routine
â Using BackWPup
â Backup to dropbox
â Backup everything (theme, files, database,
plugin list)
â Have 3 jobs, 1 for daily, 1 for weekly and 1
for monthly
â Runs each day at 3am
16. More Security
â Lots more things you can do
â A few examples:
â blank .html files
â custom .htaccess files
â limit access to your IP address
â secure files with passwords
â Security can always be taken to the next
level
17. Security Plugin
â Install Better WP Security
â Backup your blog
â Needs to change core files
â Use one click protection
â Go through the system status
18. Security Plugin
â Good tutorial:
http://www.wpbrix.com/wordpress/how-to-secure-
wordpress-with-better-wp-security
19. Questions?
Feel free to contact me at:
Claire Jordan
www.spearmintdigital.com.au
claire@spearmintdigital.com.au