Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Are You Safe From Bloggers

Are You Safe From Bloggers

LadyBlogger 2015 St Louis

Michele Butcher

April 11, 2015

More Decks by Michele Butcher

Other Decks in Technology


  1. Are You Safe From Hackers Michele Butcher CantSpeakGeek.com WPSecurityLock.com @Michele_Butcher

    Slides can be found at http://mlb.pw/LadyBlogger
  2. Michele Butcher WordPress Specialist, Site Cleaner, 
 and Trainer for

 WP Security Lock One Woman Wonder at 
 Can’t Speak Geek WordPress Website Designer @michele_butcher
  3. Why is security important? @michele_butcher

  4. Every day hackers try to find ways to get your

    information. @michele_butcher
  5. Why do hackers hack? Make bank Build a zombie site

    army Share their nasty malware with the world Get your information They are bored They want to see if they can do it @michele_butcher
  6. How do they get in? Guess your login. If you

    know it so can someone else. (Brute force attack or man in the middle) Denial of Service attack (DDoS) flood your site with more traffic than it can handle Through a theme, file or plugin Through your FTP or CPanel. (Files set to read, write,execute. Brute force, anonymous login, shared hosting infection) @michele_butcher
  7. And now for the only thing scary that I am

    going to say. @michele_butcher
  8. You are NEVER 100% secure @michele_butcher

  9. Even a test site or a knitting site with only

    2 visitors can be hacked. It can happen to your site. @michele_butcher It has happened to me, it can happen to you.
  10. Don’t let security make you like this guy. @michele_butcher

  11. Never fear… there are ways to keep the hacker attackers

    out! @michele_butcher I promise it is not all that painful!
  12. Simple Online Safety Tips

  13. Be Mindful of what information you put on your website.

    If you will not put the the information on a flier or in a commercial, do not put it on your website.
  14. Do NOT put your email on your website Use a

    contact form. Let your users engage with you without them finding out your important information.
  15. If you fear you might lose information, save it in

    more than one spot. Bitcasa, Carbonite, and external hard drives are great options of backing up data. @michele_butcher Back Up Your Information
  16. ALWAYS use complex passwords. ALWAYS! For everything! “password” is never

    a good password! @michele_butcher
  17. Use a different password for each and every thing you

    log into.
  18. Use something like LastPass or One Password to save your

    passwords and to share passwords with others.
  19. Never email passwords to anyone. Including yourself. @michele_butcher Use your

    password manager to share login information
  20. Anti-virus Protect your unit! Yes I even have an anti-virus

    on my Mac! AVG and Avast have free versions as well as paid. Kaspersky is great with Windows and Macs. @michele_butcher
  21. Update! Update! Update! Update your Antivirus, Operating Systems, and all

    the things
  22. Be conscious when using public WiFi. @michele_butcher

  23. Use a VPN when connecting out in the wild. torguard.com

    stacksocial.com @michele_butche
  24. If the login has a Two-Factor authentication, use it! @michele_butcher

  25. WordPress Security Basics @michele_butcher

  26. Never ever ever use admin as user name or password

    as password. Never! @michele_butcher Got it?
  27. What to do when you have temporary people in your

    dashboard Set up a file change detection notification to know what they are changing in your site. @michele_butcher
  28. Always use Sftp Regular FTP is not secure. Do not

    use it unless the server is only set up for FTP.
  29. Only give them access to what they NEED not what

    they want. Just because they want to be an admin does not automatically make them one. Guest bloggers should not be anymore than a contributor.
  30. If it is only a temporary login, delete their login

    when they have completed their job. If they have posts on your site, you can knock them down to subscribers so they can not change anything on your site. If they are only doing work, delete them when their job is done.
  31. iThemes Security Pro Great all encompassing best practices WordPress security

    plugin. Two versions a free and a premium. http://ithemes.com/security @michele_butcher Brute Protect If you are mainly worried about DDoS attacks, Brute Protect has you covered. http://bruteprotect.com
  32. Set up a file change detection notification to know what

    they are changing in your site. iThemes Security and other security plugins give you the option to see what all users are doing when logged into the dashboard.
  33. Who can scan my site for malware? Google Webmaster Tools

    http://google.com/ webmaster VirusTotal https://virustotal.com iThemes Security Pro htttp://ithemes.com/ security @michele_butcher
  34. Need an extra eye on your site? CloudFlare has a

    free and premium version. http://cloudflare.com @michele_butcher
  35. Things you can do to 
 protect your website

  36. Update! Update! Update! Update core, update plugins, update themes, update

    content, update everything and update often! The biggest source of nearly all hacks as once something is patched, it is trivial to get into the old stuff. @michele_butcher
  37. If you use themes or plugins at any of the

    envato (Themeforest, code canyon) always check the box to be notified of updates. they will not tell you otherwise This is why the RevSlider SoakSoak infection was so widespread. Many didn't know the plugin was built within the theme.
  38. Have a minimalist approach to plugins and themes. Only have

    the plugins you are using at that time on your site. You can always upload them again later. Only have your theme you are using on your site. If something is not active, delete it. @michele_butcher
  39. Back up your site! Somewhere, anywhere, just have a backup

    copy. BackupBuddy from iThemes is a great choice. iThemes Security will do a database backup for you. http://ithemes.com/backupbuddy @michele_butcher
  40. Always back up to someplace OTHER than your server. If

    the server gets hacked, so does your backup. Even backing a copy to Dropbox or your computer is a better option. @michele_butcher
  41. Don’t let your site get lonely. Lonely sites can turn

    into zombie sites and nobody wants a zombie @michele_butcher
  42. If your website get hacked it is not the end

    of the world. It can and will be fixed. @michele_butcher
  43. Who cleans hacked websites? Well I do over at WP

    Security Lock ~Smile~ http://wpsecuritylock.com I apologize… had to do one shameful plug. @michele_butcher
  44. Wanting more information about website security? Join the community at

    SafeWP https://SafeWP.com
  45. Questions? @michele_butcher

  46. Thank you for attending! Slides can be found at https://mlb.pw/LadyBlogger

    Michele Butcher @michele_butcher http://wpsecuritylock.com http://cantspeakgeek.com