SlideShare ist ein Scribd-Unternehmen logo
1 von 29
FRIENDS
OF SEARCH

HARDENING WORDPRESS
VARIOUS TWEAKS FOR BETTER WP SECURITY
WHAT REALLY MATTERS: TOP 3!
IF YOU HAVE 5 MINS TO SPARE, JUST DO THESE…
#1 Update your blogs regularly!

http://wordpress.org/extend/plugins/wp-updates-notifier/
Change update behavior…
Be sure to REALLY know
what you’re doing there…!
# Disables ALL core updates:
define('WP_AUTO_UPDATE_CORE', false);
# Enables all core updates, including minor and majors:
define('WP_AUTO_UPDATE_CORE', true);
# Default: Enables core updates for minor releases:
define('WP_AUTO_UPDATE_CORE', 'minor');

Want something more fine-grained?
Check AUTO_UPDATE_$TYPE filter (e.g. auto_update_plugin,
auto_update_theme, etc.) which is used for specific updates.
http://github.com/georgestephanis/update-control/
WWW.INFINITEWP.COM
WWW.MANAGEWP.COM
#2 Get rid of stuff you don’t use!

Remove all inactive
plug-ins as well as themes!
#3 Backup Database & Files, often!

http://wordpress.org/extend/plugins/backwpup/
SECURITY STARTS AT SETUP
MAKE THINGS RIGHT FROM THE BEGINNING…!
#4 Setup WordPress properly
Use unique keys and salts to add
random elements for encryption!

Use a cryptic prefix to prevent
automated scripts and SQL injections.
$table_prefix = ‘wp_VzQCxSJv7uL_ ‘;

https://api.wordpress.org/secret-key/1.1/salt/
#5 Protect your wp-config.php
<files wp-config.php>
order deny,allow
deny from all
</files>

This needs to go into your WP roots’
.htaccess file to prevent external access

Even better… move wpconfig.php outside of „www“. Also
do chmod 400/440
#6 Remove the default „admin“
Setup new user as admin; logout.
Login w/ new admin; delete old one.

Make sure to use a STRONG
password, pleeaaasssseeee!

http://www.random.org/passwords/
#7 Protect your Login (and wp-admin)
Recommended: Try the “Lockdown WP
Admin” plug-in to protect PHP files in wpadmin as well as the login itself.

Don’t just put an .htaccess
for basic passwd. protection.
It’s a lot of pain…

http://wordpress.org/extend/plugins/lockdown-wp-admin/
#8 Lock-out multiple failed logins
Limit Login Attempts

http://wordpress.org/extend/plugins/limit-login-attempts/
#9 Even better: Two-factor Verification

Info: http://gdig.de/1t - Download: http://gdig.de/1u
#9 Even better: Two-factor Verification
Google Authenticator

http://wordpress.org/plugins/google-authenticator/
#9 Even better: Two-factor Verification

Provide your login credentials
and get auth-code from your
mobile phones‘ G-Auth-App.
WWW.DUOSECURITY.COM
WWW.DUOSECURITY.COM
WWW.GETCLEF.COM
#10 Block malicious URL requests

domain.com/?q=%2e%2e or
domain.com/path/base64_ will
return HTTP 403 (Forbidden).
http://wordpress.org/plugins/block-bad-queries/
ADDITIONAL TWEAKS
THINGS YOU COULD DO IN YOUR CONFIG AS WELL…
#11 SSL Logins & Administration
define('FORCE_SSL_LOGIN', true);

Set FORCE_SSL_LOGIN to “true” to
force all logins to happen over SSL.
(still allows non-SSL admin sessions)
define('FORCE_SSL_ADMIN', true);

Use FORCE_SSL_ADMIN to force all
logins and all admin sessions to
happen over SSL (can be slow…)
#12 Move the “wp-content” folder
define('WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'].'/blog/my-wp-content');

WP_CONTENT_DIR points to “new”
the full local path (no trailing slash)

define('WP_CONTENT_URL', 'http://domain.com/blog/my-wp-content');

WP_CONTENT_URL points to “new”
full URI (no trailing slash either)
#13 Disable File Editing
define('DISALLOW_FILE_EDIT', true);

Set DISALLOW_FILE_EDIT to “true” to
disable editing files from dashboard.

By default, admins are allowed to edit PHP files. Setting
the above is equivalent to removing the 'edit_themes',
'edit_plugins' and 'edit_files' capabilities of all users.
#14 Fix File & Folder Permissions
WP-Security Scan

Very important: chmod your
wp-config.php to be read-only!
http://wordpress.org/extend/plugins/wp-security-scan/
WORDPRESS.ORG/PLUGINS/WORDFENCE/
WORDPRESS.ORG/PLUGINS/BETTER-WP-SECURITY/
@basgr
SEO Trainings, Seminars & Strategy Consulting

Berlin-based Full-Service Performance Marketing Agency

WordPress Security, Consulting & Development

www.bg.vu/fos14

Weitere ähnliche Inhalte

Was ist angesagt?

10 Tips to make your Website lightning-fast - SMX Stockholm 2012
10 Tips to make your Website lightning-fast - SMX Stockholm 201210 Tips to make your Website lightning-fast - SMX Stockholm 2012
10 Tips to make your Website lightning-fast - SMX Stockholm 2012Bastian Grimm
 
The Need for Speed (5 Performance Optimization Tipps) - brightonSEO 2014
The Need for Speed (5 Performance Optimization Tipps) - brightonSEO 2014The Need for Speed (5 Performance Optimization Tipps) - brightonSEO 2014
The Need for Speed (5 Performance Optimization Tipps) - brightonSEO 2014Bastian Grimm
 
International Site Speed Tweaks - ISS 2017 Barcelona
International Site Speed Tweaks - ISS 2017 BarcelonaInternational Site Speed Tweaks - ISS 2017 Barcelona
International Site Speed Tweaks - ISS 2017 BarcelonaBastian Grimm
 
SEO Social Blog: Wordpress SEO with Joost de Valk
SEO Social Blog:  Wordpress SEO with Joost de ValkSEO Social Blog:  Wordpress SEO with Joost de Valk
SEO Social Blog: Wordpress SEO with Joost de ValkSEO Social Blog
 
Your WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedYour WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedAngela Bowman
 
Your WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you checkYour WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you checkAngela Bowman
 
Plugins at WordCamp Phoenix
Plugins at WordCamp PhoenixPlugins at WordCamp Phoenix
Plugins at WordCamp PhoenixAndrew Ryno
 
Really Awesome WordPress Plugins You Should Know About
Really Awesome WordPress Plugins You Should Know AboutReally Awesome WordPress Plugins You Should Know About
Really Awesome WordPress Plugins You Should Know AboutAngela Bowman
 
SEO Tips For Bloggers
SEO Tips For BloggersSEO Tips For Bloggers
SEO Tips For Bloggersguest3c5779
 
Whitehat Seo Tips For Bloggers
Whitehat Seo Tips For BloggersWhitehat Seo Tips For Bloggers
Whitehat Seo Tips For BloggersClaudio Juliana
 
Whitehat seo tips for bloggers
Whitehat seo tips for bloggersWhitehat seo tips for bloggers
Whitehat seo tips for bloggersimarketingtrends
 
Make your website load really really fast - seo campus 2017
Make your website load really really fast  - seo campus 2017Make your website load really really fast  - seo campus 2017
Make your website load really really fast - seo campus 2017SEO Camp Association
 
How I learned to stop worrying and love the .htaccess file
How I learned to stop worrying and love the .htaccess fileHow I learned to stop worrying and love the .htaccess file
How I learned to stop worrying and love the .htaccess fileRoxana Stingu
 
Don't sh** in the Pool
Don't sh** in the PoolDon't sh** in the Pool
Don't sh** in the PoolChris Jean
 
SMX Advanced 2018 SEO for Javascript Frameworks by Patrick Stox
SMX Advanced 2018 SEO for Javascript Frameworks by Patrick StoxSMX Advanced 2018 SEO for Javascript Frameworks by Patrick Stox
SMX Advanced 2018 SEO for Javascript Frameworks by Patrick Stoxpatrickstox
 
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nl
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nlJoomla wireframing Template - Joomladay Netherlands 2014 #jd14nl
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nlPhilip Locke
 
Joost's Wordpress Affiliate Session @ LAC 2010
Joost's Wordpress Affiliate Session @ LAC 2010Joost's Wordpress Affiliate Session @ LAC 2010
Joost's Wordpress Affiliate Session @ LAC 2010a4u
 
Prebrowsing - Velocity NY 2013
Prebrowsing - Velocity NY 2013Prebrowsing - Velocity NY 2013
Prebrowsing - Velocity NY 2013Steve Souders
 

Was ist angesagt? (20)

10 Tips to make your Website lightning-fast - SMX Stockholm 2012
10 Tips to make your Website lightning-fast - SMX Stockholm 201210 Tips to make your Website lightning-fast - SMX Stockholm 2012
10 Tips to make your Website lightning-fast - SMX Stockholm 2012
 
The Need for Speed (5 Performance Optimization Tipps) - brightonSEO 2014
The Need for Speed (5 Performance Optimization Tipps) - brightonSEO 2014The Need for Speed (5 Performance Optimization Tipps) - brightonSEO 2014
The Need for Speed (5 Performance Optimization Tipps) - brightonSEO 2014
 
International Site Speed Tweaks - ISS 2017 Barcelona
International Site Speed Tweaks - ISS 2017 BarcelonaInternational Site Speed Tweaks - ISS 2017 Barcelona
International Site Speed Tweaks - ISS 2017 Barcelona
 
SEO Social Blog: Wordpress SEO with Joost de Valk
SEO Social Blog:  Wordpress SEO with Joost de ValkSEO Social Blog:  Wordpress SEO with Joost de Valk
SEO Social Blog: Wordpress SEO with Joost de Valk
 
Your WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedYour WordPress Website Is/Not Hacked
Your WordPress Website Is/Not Hacked
 
Your WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you checkYour WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you check
 
Plugins at WordCamp Phoenix
Plugins at WordCamp PhoenixPlugins at WordCamp Phoenix
Plugins at WordCamp Phoenix
 
Really Awesome WordPress Plugins You Should Know About
Really Awesome WordPress Plugins You Should Know AboutReally Awesome WordPress Plugins You Should Know About
Really Awesome WordPress Plugins You Should Know About
 
CONSEJOS PARA OPTIMIZAR EL BLOG
CONSEJOS PARA OPTIMIZAR EL BLOGCONSEJOS PARA OPTIMIZAR EL BLOG
CONSEJOS PARA OPTIMIZAR EL BLOG
 
SEO Tips For Bloggers
SEO Tips For BloggersSEO Tips For Bloggers
SEO Tips For Bloggers
 
Matt
MattMatt
Matt
 
Whitehat Seo Tips For Bloggers
Whitehat Seo Tips For BloggersWhitehat Seo Tips For Bloggers
Whitehat Seo Tips For Bloggers
 
Whitehat seo tips for bloggers
Whitehat seo tips for bloggersWhitehat seo tips for bloggers
Whitehat seo tips for bloggers
 
Make your website load really really fast - seo campus 2017
Make your website load really really fast  - seo campus 2017Make your website load really really fast  - seo campus 2017
Make your website load really really fast - seo campus 2017
 
How I learned to stop worrying and love the .htaccess file
How I learned to stop worrying and love the .htaccess fileHow I learned to stop worrying and love the .htaccess file
How I learned to stop worrying and love the .htaccess file
 
Don't sh** in the Pool
Don't sh** in the PoolDon't sh** in the Pool
Don't sh** in the Pool
 
SMX Advanced 2018 SEO for Javascript Frameworks by Patrick Stox
SMX Advanced 2018 SEO for Javascript Frameworks by Patrick StoxSMX Advanced 2018 SEO for Javascript Frameworks by Patrick Stox
SMX Advanced 2018 SEO for Javascript Frameworks by Patrick Stox
 
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nl
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nlJoomla wireframing Template - Joomladay Netherlands 2014 #jd14nl
Joomla wireframing Template - Joomladay Netherlands 2014 #jd14nl
 
Joost's Wordpress Affiliate Session @ LAC 2010
Joost's Wordpress Affiliate Session @ LAC 2010Joost's Wordpress Affiliate Session @ LAC 2010
Joost's Wordpress Affiliate Session @ LAC 2010
 
Prebrowsing - Velocity NY 2013
Prebrowsing - Velocity NY 2013Prebrowsing - Velocity NY 2013
Prebrowsing - Velocity NY 2013
 

Andere mochten auch

Ne explanation of the last tenth of the quran
Ne explanation of the last tenth of the quranNe explanation of the last tenth of the quran
Ne explanation of the last tenth of the quranLoveofpeople
 
Tekijänoikeusaineistot luokittelutavan valinta
Tekijänoikeusaineistot luokittelutavan valintaTekijänoikeusaineistot luokittelutavan valinta
Tekijänoikeusaineistot luokittelutavan valintaSanna Brauer
 
Internationalizing Ubuntu apps
Internationalizing Ubuntu appsInternationalizing Ubuntu apps
Internationalizing Ubuntu appsDavid Planella
 
Rasmus Lassen, Byggechef i Københavns Ejendomme
Rasmus Lassen, Byggechef i Københavns EjendommeRasmus Lassen, Byggechef i Københavns Ejendomme
Rasmus Lassen, Byggechef i Københavns EjendommeMikkel Rohde Madsen
 
Ciencias del Deporte
Ciencias del Deporte Ciencias del Deporte
Ciencias del Deporte Erika_Bello
 
Generalsekretærfrokost 23.05.16
Generalsekretærfrokost 23.05.16Generalsekretærfrokost 23.05.16
Generalsekretærfrokost 23.05.16Frivillighet Norge
 
BIM ir SOLIDWORKS
BIM ir SOLIDWORKSBIM ir SOLIDWORKS
BIM ir SOLIDWORKSIN RE UAB
 
“Η Logo στην εκπαίδευση: Μια κοινότητα πρακτικής και μάθησης” - i2fest 2015
“Η Logo στην εκπαίδευση: Μια κοινότητα πρακτικής και μάθησης” - i2fest 2015“Η Logo στην εκπαίδευση: Μια κοινότητα πρακτικής και μάθησης” - i2fest 2015
“Η Logo στην εκπαίδευση: Μια κοινότητα πρακτικής και μάθησης” - i2fest 2015Katerina Glezou
 
SOLIDWORKS Plastics LT
SOLIDWORKS Plastics LTSOLIDWORKS Plastics LT
SOLIDWORKS Plastics LTIN RE UAB
 
Agep welcome leipzig
Agep welcome leipzigAgep welcome leipzig
Agep welcome leipzigbfnd
 
history of cinema powerpoint in Malayalam
history of cinema powerpoint in Malayalamhistory of cinema powerpoint in Malayalam
history of cinema powerpoint in MalayalamAndur Sahadevan
 
KM-Report may-2015
KM-Report may-2015KM-Report may-2015
KM-Report may-2015Mobidays
 
Motivarea si evaluarea angajaților
Motivarea si evaluarea angajațilorMotivarea si evaluarea angajaților
Motivarea si evaluarea angajațilorOdooRomania
 
Content marketing: Sjarlatan eller superhelt?
Content marketing: Sjarlatan eller superhelt?Content marketing: Sjarlatan eller superhelt?
Content marketing: Sjarlatan eller superhelt?Sindre Holme
 
Quien sera
Quien seraQuien sera
Quien serafrani
 
e ID
e IDe ID
e ID
 
Российский фронт битвы гигантов
Российский фронт битвы гигантовРоссийский фронт битвы гигантов
Российский фронт битвы гигантовMik Chernomordikov
 
British Royal House
British Royal HouseBritish Royal House
British Royal HouseLorena GL
 

Andere mochten auch (20)

Ne explanation of the last tenth of the quran
Ne explanation of the last tenth of the quranNe explanation of the last tenth of the quran
Ne explanation of the last tenth of the quran
 
Tekijänoikeusaineistot luokittelutavan valinta
Tekijänoikeusaineistot luokittelutavan valintaTekijänoikeusaineistot luokittelutavan valinta
Tekijänoikeusaineistot luokittelutavan valinta
 
Internationalizing Ubuntu apps
Internationalizing Ubuntu appsInternationalizing Ubuntu apps
Internationalizing Ubuntu apps
 
Rasmus Lassen, Byggechef i Københavns Ejendomme
Rasmus Lassen, Byggechef i Københavns EjendommeRasmus Lassen, Byggechef i Københavns Ejendomme
Rasmus Lassen, Byggechef i Københavns Ejendomme
 
Ciencias del Deporte
Ciencias del Deporte Ciencias del Deporte
Ciencias del Deporte
 
Generalsekretærfrokost 23.05.16
Generalsekretærfrokost 23.05.16Generalsekretærfrokost 23.05.16
Generalsekretærfrokost 23.05.16
 
BIM ir SOLIDWORKS
BIM ir SOLIDWORKSBIM ir SOLIDWORKS
BIM ir SOLIDWORKS
 
“Η Logo στην εκπαίδευση: Μια κοινότητα πρακτικής και μάθησης” - i2fest 2015
“Η Logo στην εκπαίδευση: Μια κοινότητα πρακτικής και μάθησης” - i2fest 2015“Η Logo στην εκπαίδευση: Μια κοινότητα πρακτικής και μάθησης” - i2fest 2015
“Η Logo στην εκπαίδευση: Μια κοινότητα πρακτικής και μάθησης” - i2fest 2015
 
SOLIDWORKS Plastics LT
SOLIDWORKS Plastics LTSOLIDWORKS Plastics LT
SOLIDWORKS Plastics LT
 
Agep welcome leipzig
Agep welcome leipzigAgep welcome leipzig
Agep welcome leipzig
 
history of cinema powerpoint in Malayalam
history of cinema powerpoint in Malayalamhistory of cinema powerpoint in Malayalam
history of cinema powerpoint in Malayalam
 
KM-Report may-2015
KM-Report may-2015KM-Report may-2015
KM-Report may-2015
 
Motivarea si evaluarea angajaților
Motivarea si evaluarea angajațilorMotivarea si evaluarea angajaților
Motivarea si evaluarea angajaților
 
Content marketing: Sjarlatan eller superhelt?
Content marketing: Sjarlatan eller superhelt?Content marketing: Sjarlatan eller superhelt?
Content marketing: Sjarlatan eller superhelt?
 
Quien sera
Quien seraQuien sera
Quien sera
 
e ID
e IDe ID
e ID
 
vmchecker @SCS
vmchecker @SCSvmchecker @SCS
vmchecker @SCS
 
Российский фронт битвы гигантов
Российский фронт битвы гигантовРоссийский фронт битвы гигантов
Российский фронт битвы гигантов
 
British Royal House
British Royal HouseBritish Royal House
British Royal House
 
CCR&R Part Two (Planning)
CCR&R Part Two (Planning)CCR&R Part Two (Planning)
CCR&R Part Two (Planning)
 

Ähnlich wie Hardening WordPress - Friends of Search 2014 (WordPress Security)

Securing Word Press Blog
Securing Word Press BlogSecuring Word Press Blog
Securing Word Press BlogChetan Gole
 
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertComplete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertChetan Soni
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home OwnershipDenise (Dee) Teal
 
Security Presentation for Boulder WordPress Meetup
Security Presentation for Boulder WordPress MeetupSecurity Presentation for Boulder WordPress Meetup
Security Presentation for Boulder WordPress MeetupAngela Bowman
 
Developers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIDevelopers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIWP Engine
 
Wordpress Security & Hardening Steps
Wordpress Security & Hardening StepsWordpress Security & Hardening Steps
Wordpress Security & Hardening StepsPlasterdog Web Design
 
Locking Down Your WordPress Site
Locking Down Your WordPress SiteLocking Down Your WordPress Site
Locking Down Your WordPress SiteFrank Corso
 
Wordpress security issues
Wordpress security issuesWordpress security issues
Wordpress security issuesDeepu Thomas
 
WordPress Optimization & Security - LAC 2013, London
WordPress Optimization & Security - LAC 2013, LondonWordPress Optimization & Security - LAC 2013, London
WordPress Optimization & Security - LAC 2013, LondonBastian Grimm
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009Brad Williams
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security PresentationAndrew Paton
 
Advanced WordPress Optimization - iGaming Supershow 2012
Advanced WordPress Optimization - iGaming Supershow 2012Advanced WordPress Optimization - iGaming Supershow 2012
Advanced WordPress Optimization - iGaming Supershow 2012Bastian Grimm
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress SecurityNile Flores
 
How to Increase Security on your Wordpress Website
How to Increase Security on your Wordpress WebsiteHow to Increase Security on your Wordpress Website
How to Increase Security on your Wordpress WebsiteMeganGood12
 

Ähnlich wie Hardening WordPress - Friends of Search 2014 (WordPress Security) (20)

Securing Word Press Blog
Securing Word Press BlogSecuring Word Press Blog
Securing Word Press Blog
 
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertComplete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home Ownership
 
Security Presentation for Boulder WordPress Meetup
Security Presentation for Boulder WordPress MeetupSecurity Presentation for Boulder WordPress Meetup
Security Presentation for Boulder WordPress Meetup
 
Developers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIDevelopers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLI
 
Wordpress Security & Hardening Steps
Wordpress Security & Hardening StepsWordpress Security & Hardening Steps
Wordpress Security & Hardening Steps
 
Locking Down Your WordPress Site
Locking Down Your WordPress SiteLocking Down Your WordPress Site
Locking Down Your WordPress Site
 
Wordpress security issues
Wordpress security issuesWordpress security issues
Wordpress security issues
 
WordPress Optimization & Security - LAC 2013, London
WordPress Optimization & Security - LAC 2013, LondonWordPress Optimization & Security - LAC 2013, London
WordPress Optimization & Security - LAC 2013, London
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009
 
Killer word press-checklist
Killer word press-checklistKiller word press-checklist
Killer word press-checklist
 
WordPress Security
WordPress Security WordPress Security
WordPress Security
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security Presentation
 
Advanced WordPress Optimization - iGaming Supershow 2012
Advanced WordPress Optimization - iGaming Supershow 2012Advanced WordPress Optimization - iGaming Supershow 2012
Advanced WordPress Optimization - iGaming Supershow 2012
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress Security
 
How to Increase Security on your Wordpress Website
How to Increase Security on your Wordpress WebsiteHow to Increase Security on your Wordpress Website
How to Increase Security on your Wordpress Website
 

Mehr von Bastian Grimm

Migration Best Practices - Peak Ace on Air
Migration Best Practices - Peak Ace on AirMigration Best Practices - Peak Ace on Air
Migration Best Practices - Peak Ace on AirBastian Grimm
 
SEOday Köln 2020 - Surprise, Surprise - 5 SEO secrets
SEOday Köln 2020 - Surprise, Surprise - 5 SEO secretsSEOday Köln 2020 - Surprise, Surprise - 5 SEO secrets
SEOday Köln 2020 - Surprise, Surprise - 5 SEO secretsBastian Grimm
 
Technical SEO vs. User Experience - Bastian Grimm, Peak Ace AG
Technical SEO vs. User Experience - Bastian Grimm, Peak Ace AGTechnical SEO vs. User Experience - Bastian Grimm, Peak Ace AG
Technical SEO vs. User Experience - Bastian Grimm, Peak Ace AGBastian Grimm
 
Advanced data-driven technical SEO - SMX London 2019
Advanced data-driven technical SEO - SMX London 2019Advanced data-driven technical SEO - SMX London 2019
Advanced data-driven technical SEO - SMX London 2019Bastian Grimm
 
Migration Best Practices - SMX West 2019
Migration Best Practices - SMX West 2019Migration Best Practices - SMX West 2019
Migration Best Practices - SMX West 2019Bastian Grimm
 
Migration Best Practices - Search Y 2019, Paris
Migration Best Practices - Search Y 2019, ParisMigration Best Practices - Search Y 2019, Paris
Migration Best Practices - Search Y 2019, ParisBastian Grimm
 
Migration Best Practices - SEOkomm 2018
Migration Best Practices - SEOkomm 2018Migration Best Practices - SEOkomm 2018
Migration Best Practices - SEOkomm 2018Bastian Grimm
 
Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018
Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018
Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018Bastian Grimm
 
The need for Speed: Advanced #webperf - SEOday 2018
The need for Speed: Advanced #webperf - SEOday 2018The need for Speed: Advanced #webperf - SEOday 2018
The need for Speed: Advanced #webperf - SEOday 2018Bastian Grimm
 
OK Google, Whats next? - OMT Wiesbaden 2018
OK Google, Whats next? - OMT Wiesbaden 2018OK Google, Whats next? - OMT Wiesbaden 2018
OK Google, Whats next? - OMT Wiesbaden 2018Bastian Grimm
 
Super speed around the globe - SearchLeeds 2018
Super speed around the globe - SearchLeeds 2018Super speed around the globe - SearchLeeds 2018
Super speed around the globe - SearchLeeds 2018Bastian Grimm
 
Migration Best Practices - SMX London 2018
Migration Best Practices - SMX London 2018Migration Best Practices - SMX London 2018
Migration Best Practices - SMX London 2018Bastian Grimm
 
Welcome to a new reality - DeepCrawl Webinar 2018
Welcome to a new reality - DeepCrawl Webinar 2018Welcome to a new reality - DeepCrawl Webinar 2018
Welcome to a new reality - DeepCrawl Webinar 2018Bastian Grimm
 
Web Performance Madness - brightonSEO 2018
Web Performance Madness - brightonSEO 2018Web Performance Madness - brightonSEO 2018
Web Performance Madness - brightonSEO 2018Bastian Grimm
 
Digitale Assistenzsysteme - SMX München 2018
Digitale Assistenzsysteme - SMX München 2018Digitale Assistenzsysteme - SMX München 2018
Digitale Assistenzsysteme - SMX München 2018Bastian Grimm
 
AMP - SMX München 2018
AMP - SMX München 2018AMP - SMX München 2018
AMP - SMX München 2018Bastian Grimm
 
How fast is fast enough - SMX West 2018
How fast is fast enough - SMX West 2018How fast is fast enough - SMX West 2018
How fast is fast enough - SMX West 2018Bastian Grimm
 
Whats Next in SEO & CRO - 3XE Conference 2018 Dublin
Whats Next in SEO & CRO - 3XE Conference 2018 DublinWhats Next in SEO & CRO - 3XE Conference 2018 Dublin
Whats Next in SEO & CRO - 3XE Conference 2018 DublinBastian Grimm
 
Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017
Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017
Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017Bastian Grimm
 
Digitale Assistenten - OMX 2017
Digitale Assistenten - OMX 2017Digitale Assistenten - OMX 2017
Digitale Assistenten - OMX 2017Bastian Grimm
 

Mehr von Bastian Grimm (20)

Migration Best Practices - Peak Ace on Air
Migration Best Practices - Peak Ace on AirMigration Best Practices - Peak Ace on Air
Migration Best Practices - Peak Ace on Air
 
SEOday Köln 2020 - Surprise, Surprise - 5 SEO secrets
SEOday Köln 2020 - Surprise, Surprise - 5 SEO secretsSEOday Köln 2020 - Surprise, Surprise - 5 SEO secrets
SEOday Köln 2020 - Surprise, Surprise - 5 SEO secrets
 
Technical SEO vs. User Experience - Bastian Grimm, Peak Ace AG
Technical SEO vs. User Experience - Bastian Grimm, Peak Ace AGTechnical SEO vs. User Experience - Bastian Grimm, Peak Ace AG
Technical SEO vs. User Experience - Bastian Grimm, Peak Ace AG
 
Advanced data-driven technical SEO - SMX London 2019
Advanced data-driven technical SEO - SMX London 2019Advanced data-driven technical SEO - SMX London 2019
Advanced data-driven technical SEO - SMX London 2019
 
Migration Best Practices - SMX West 2019
Migration Best Practices - SMX West 2019Migration Best Practices - SMX West 2019
Migration Best Practices - SMX West 2019
 
Migration Best Practices - Search Y 2019, Paris
Migration Best Practices - Search Y 2019, ParisMigration Best Practices - Search Y 2019, Paris
Migration Best Practices - Search Y 2019, Paris
 
Migration Best Practices - SEOkomm 2018
Migration Best Practices - SEOkomm 2018Migration Best Practices - SEOkomm 2018
Migration Best Practices - SEOkomm 2018
 
Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018
Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018
Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018
 
The need for Speed: Advanced #webperf - SEOday 2018
The need for Speed: Advanced #webperf - SEOday 2018The need for Speed: Advanced #webperf - SEOday 2018
The need for Speed: Advanced #webperf - SEOday 2018
 
OK Google, Whats next? - OMT Wiesbaden 2018
OK Google, Whats next? - OMT Wiesbaden 2018OK Google, Whats next? - OMT Wiesbaden 2018
OK Google, Whats next? - OMT Wiesbaden 2018
 
Super speed around the globe - SearchLeeds 2018
Super speed around the globe - SearchLeeds 2018Super speed around the globe - SearchLeeds 2018
Super speed around the globe - SearchLeeds 2018
 
Migration Best Practices - SMX London 2018
Migration Best Practices - SMX London 2018Migration Best Practices - SMX London 2018
Migration Best Practices - SMX London 2018
 
Welcome to a new reality - DeepCrawl Webinar 2018
Welcome to a new reality - DeepCrawl Webinar 2018Welcome to a new reality - DeepCrawl Webinar 2018
Welcome to a new reality - DeepCrawl Webinar 2018
 
Web Performance Madness - brightonSEO 2018
Web Performance Madness - brightonSEO 2018Web Performance Madness - brightonSEO 2018
Web Performance Madness - brightonSEO 2018
 
Digitale Assistenzsysteme - SMX München 2018
Digitale Assistenzsysteme - SMX München 2018Digitale Assistenzsysteme - SMX München 2018
Digitale Assistenzsysteme - SMX München 2018
 
AMP - SMX München 2018
AMP - SMX München 2018AMP - SMX München 2018
AMP - SMX München 2018
 
How fast is fast enough - SMX West 2018
How fast is fast enough - SMX West 2018How fast is fast enough - SMX West 2018
How fast is fast enough - SMX West 2018
 
Whats Next in SEO & CRO - 3XE Conference 2018 Dublin
Whats Next in SEO & CRO - 3XE Conference 2018 DublinWhats Next in SEO & CRO - 3XE Conference 2018 Dublin
Whats Next in SEO & CRO - 3XE Conference 2018 Dublin
 
Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017
Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017
Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017
 
Digitale Assistenten - OMX 2017
Digitale Assistenten - OMX 2017Digitale Assistenten - OMX 2017
Digitale Assistenten - OMX 2017
 

Kürzlich hochgeladen

Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jNeo4j
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPTiSEO AI
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfUK Journal
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireExakis Nelite
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureFemke de Vroome
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 

Kürzlich hochgeladen (20)

Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4j
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 

Hardening WordPress - Friends of Search 2014 (WordPress Security)

  • 1. FRIENDS OF SEARCH HARDENING WORDPRESS VARIOUS TWEAKS FOR BETTER WP SECURITY
  • 2. WHAT REALLY MATTERS: TOP 3! IF YOU HAVE 5 MINS TO SPARE, JUST DO THESE…
  • 3. #1 Update your blogs regularly! http://wordpress.org/extend/plugins/wp-updates-notifier/
  • 4. Change update behavior… Be sure to REALLY know what you’re doing there…! # Disables ALL core updates: define('WP_AUTO_UPDATE_CORE', false); # Enables all core updates, including minor and majors: define('WP_AUTO_UPDATE_CORE', true); # Default: Enables core updates for minor releases: define('WP_AUTO_UPDATE_CORE', 'minor'); Want something more fine-grained? Check AUTO_UPDATE_$TYPE filter (e.g. auto_update_plugin, auto_update_theme, etc.) which is used for specific updates. http://github.com/georgestephanis/update-control/
  • 7. #2 Get rid of stuff you don’t use! Remove all inactive plug-ins as well as themes!
  • 8. #3 Backup Database & Files, often! http://wordpress.org/extend/plugins/backwpup/
  • 9. SECURITY STARTS AT SETUP MAKE THINGS RIGHT FROM THE BEGINNING…!
  • 10. #4 Setup WordPress properly Use unique keys and salts to add random elements for encryption! Use a cryptic prefix to prevent automated scripts and SQL injections. $table_prefix = ‘wp_VzQCxSJv7uL_ ‘; https://api.wordpress.org/secret-key/1.1/salt/
  • 11. #5 Protect your wp-config.php <files wp-config.php> order deny,allow deny from all </files> This needs to go into your WP roots’ .htaccess file to prevent external access Even better… move wpconfig.php outside of „www“. Also do chmod 400/440
  • 12. #6 Remove the default „admin“ Setup new user as admin; logout. Login w/ new admin; delete old one. Make sure to use a STRONG password, pleeaaasssseeee! http://www.random.org/passwords/
  • 13. #7 Protect your Login (and wp-admin) Recommended: Try the “Lockdown WP Admin” plug-in to protect PHP files in wpadmin as well as the login itself. Don’t just put an .htaccess for basic passwd. protection. It’s a lot of pain… http://wordpress.org/extend/plugins/lockdown-wp-admin/
  • 14. #8 Lock-out multiple failed logins Limit Login Attempts http://wordpress.org/extend/plugins/limit-login-attempts/
  • 15. #9 Even better: Two-factor Verification Info: http://gdig.de/1t - Download: http://gdig.de/1u
  • 16. #9 Even better: Two-factor Verification Google Authenticator http://wordpress.org/plugins/google-authenticator/
  • 17. #9 Even better: Two-factor Verification Provide your login credentials and get auth-code from your mobile phones‘ G-Auth-App.
  • 21. #10 Block malicious URL requests domain.com/?q=%2e%2e or domain.com/path/base64_ will return HTTP 403 (Forbidden). http://wordpress.org/plugins/block-bad-queries/
  • 22. ADDITIONAL TWEAKS THINGS YOU COULD DO IN YOUR CONFIG AS WELL…
  • 23. #11 SSL Logins & Administration define('FORCE_SSL_LOGIN', true); Set FORCE_SSL_LOGIN to “true” to force all logins to happen over SSL. (still allows non-SSL admin sessions) define('FORCE_SSL_ADMIN', true); Use FORCE_SSL_ADMIN to force all logins and all admin sessions to happen over SSL (can be slow…)
  • 24. #12 Move the “wp-content” folder define('WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'].'/blog/my-wp-content'); WP_CONTENT_DIR points to “new” the full local path (no trailing slash) define('WP_CONTENT_URL', 'http://domain.com/blog/my-wp-content'); WP_CONTENT_URL points to “new” full URI (no trailing slash either)
  • 25. #13 Disable File Editing define('DISALLOW_FILE_EDIT', true); Set DISALLOW_FILE_EDIT to “true” to disable editing files from dashboard. By default, admins are allowed to edit PHP files. Setting the above is equivalent to removing the 'edit_themes', 'edit_plugins' and 'edit_files' capabilities of all users.
  • 26. #14 Fix File & Folder Permissions WP-Security Scan Very important: chmod your wp-config.php to be read-only! http://wordpress.org/extend/plugins/wp-security-scan/
  • 29. @basgr SEO Trainings, Seminars & Strategy Consulting Berlin-based Full-Service Performance Marketing Agency WordPress Security, Consulting & Development www.bg.vu/fos14