$30 off During Our Annual Pro Sale. View Details »

Are You Safe From Bloggers

Are You Safe From Bloggers

LadyBlogger 2015 St Louis

Michele Butcher

April 11, 2015
Tweet

More Decks by Michele Butcher

Other Decks in Technology

Transcript

  1. Are You Safe
    From Hackers
    Michele Butcher
    CantSpeakGeek.com WPSecurityLock.com
    @Michele_Butcher
    Slides can be found at http://mlb.pw/LadyBlogger

    View Slide

  2. Michele Butcher
    WordPress Specialist, Site Cleaner, 

    and Trainer for 

    WP Security Lock
    One Woman Wonder at 

    Can’t Speak Geek
    WordPress Website Designer
    @michele_butcher

    View Slide

  3. Why is security
    important?
    @michele_butcher

    View Slide

  4. Every day hackers try to find
    ways to get your information.
    @michele_butcher

    View Slide

  5. Why do hackers hack?
    Make bank
    Build a zombie site army
    Share their nasty malware with the world
    Get your information
    They are bored
    They want to see if they can do it
    @michele_butcher

    View Slide

  6. How do they get in?
    Guess your login. If you know it so can someone
    else. (Brute force attack or man in the middle)
    Denial of Service attack (DDoS) flood your site with
    more traffic than it can handle
    Through a theme, file or plugin
    Through your FTP or CPanel. (Files set to read,
    write,execute. Brute force, anonymous login,
    shared hosting infection)
    @michele_butcher

    View Slide

  7. And now for the only thing
    scary that I am going to say.
    @michele_butcher

    View Slide

  8. You are NEVER
    100% secure
    @michele_butcher

    View Slide

  9. Even a test site or a knitting site
    with only 2 visitors can be hacked.
    It can happen to your site.
    @michele_butcher
    It has happened to me, it can happen to you.

    View Slide

  10. Don’t let
    security make
    you like this guy.
    @michele_butcher

    View Slide

  11. Never fear…
    there are ways to keep the
    hacker attackers out!
    @michele_butcher
    I promise it is not all that painful!

    View Slide

  12. Simple Online Safety
    Tips

    View Slide

  13. Be Mindful of what information
    you put on your website.
    If you will not put the the information on a flier or
    in a commercial, do not put it on your website.

    View Slide

  14. Do NOT put your email
    on your website
    Use a contact form. Let your users
    engage with you without them
    finding out your important
    information.

    View Slide

  15. If you fear you might lose information, save it in
    more than one spot. Bitcasa, Carbonite, and
    external hard drives are great options of
    backing up data.
    @michele_butcher
    Back Up Your Information

    View Slide

  16. ALWAYS use complex
    passwords. ALWAYS!
    For everything!
    “password” is never a
    good password!
    @michele_butcher

    View Slide

  17. Use a different password for
    each and every thing you log
    into.

    View Slide

  18. Use something like
    LastPass or One
    Password to save your
    passwords and to share
    passwords with others.

    View Slide

  19. Never email passwords to
    anyone. Including yourself.
    @michele_butcher
    Use your password manager to share login information

    View Slide

  20. Anti-virus
    Protect your unit!
    Yes I even have an anti-virus on my Mac!
    AVG and Avast have free versions as well as paid.
    Kaspersky is great with Windows and Macs.
    @michele_butcher

    View Slide

  21. Update!
    Update!
    Update!
    Update your Antivirus, Operating
    Systems, and all the things

    View Slide

  22. Be conscious when
    using public WiFi.
    @michele_butcher

    View Slide

  23. Use a VPN when
    connecting out in
    the wild.
    torguard.com
    stacksocial.com
    @michele_butche

    View Slide

  24. If the login has a
    Two-Factor authentication,
    use it!
    @michele_butcher

    View Slide

  25. WordPress Security
    Basics
    @michele_butcher

    View Slide

  26. Never ever ever use admin as user
    name or password as password.
    Never!
    @michele_butcher
    Got it?

    View Slide

  27. What to do when you have
    temporary people in your
    dashboard
    Set up a file change detection notification to know
    what they are changing in your site.
    @michele_butcher

    View Slide

  28. Always use Sftp
    Regular FTP is not secure. Do not use it unless
    the server is only set up for FTP.

    View Slide

  29. Only give them access to what they
    NEED not what they want.
    Just because they want to be an admin does not
    automatically make them one.
    Guest bloggers should not be anymore than a contributor.

    View Slide

  30. If it is only a temporary login, delete their login
    when they have completed their job.
    If they have posts on your site, you can knock them
    down to subscribers so they can not change anything
    on your site.
    If they are only doing work, delete them when
    their job is done.

    View Slide

  31. iThemes Security Pro
    Great all encompassing best practices WordPress security plugin.
    Two versions a free and a premium.
    http://ithemes.com/security
    @michele_butcher
    Brute Protect
    If you are mainly worried about DDoS attacks, Brute
    Protect has you covered.
    http://bruteprotect.com

    View Slide

  32. Set up a file change detection notification to
    know what they are changing in your site.
    iThemes Security and other security
    plugins give you the option to see what
    all users are doing when logged into the
    dashboard.

    View Slide

  33. Who can scan my site
    for malware?
    Google Webmaster Tools http://google.com/
    webmaster
    VirusTotal https://virustotal.com
    iThemes Security Pro htttp://ithemes.com/
    security
    @michele_butcher

    View Slide

  34. Need an extra eye on
    your site?
    CloudFlare has a free and premium version.
    http://cloudflare.com
    @michele_butcher

    View Slide

  35. Things you can do to 

    protect your website

    View Slide

  36. Update!
    Update!
    Update!
    Update core, update plugins, update themes,
    update content, update everything and update
    often!
    The biggest source of nearly all hacks as once
    something is patched, it is trivial to get into the
    old stuff.
    @michele_butcher

    View Slide

  37. If you use themes or plugins at any of
    the envato (Themeforest, code canyon)
    always check the box to be notified of
    updates. they will not tell you otherwise
    This is why the RevSlider SoakSoak infection was so
    widespread. Many didn't know the plugin was built
    within the theme.

    View Slide

  38. Have a minimalist approach
    to plugins and themes.
    Only have the plugins you are using at that time
    on your site. You can always upload them again
    later.
    Only have your theme you are using on your
    site.
    If something is not active, delete it.
    @michele_butcher

    View Slide

  39. Back up your site!
    Somewhere, anywhere, just have a backup copy.
    BackupBuddy from iThemes is a great choice.
    iThemes Security will do a database backup for you.
    http://ithemes.com/backupbuddy
    @michele_butcher

    View Slide

  40. Always back up to someplace
    OTHER than your server. If the
    server gets hacked, so does your
    backup.
    Even backing a copy to Dropbox or
    your computer is a better option.
    @michele_butcher

    View Slide

  41. Don’t let your site get
    lonely.
    Lonely sites can turn into zombie sites and
    nobody wants a zombie
    @michele_butcher

    View Slide

  42. If your website get hacked it is not the
    end of the world.
    It can and will be fixed.
    @michele_butcher

    View Slide

  43. Who cleans hacked
    websites?
    Well I do over at WP Security Lock ~Smile~
    http://wpsecuritylock.com
    I apologize… had to do one shameful plug.
    @michele_butcher

    View Slide

  44. Wanting more information
    about website security?
    Join the community at SafeWP
    https://SafeWP.com

    View Slide

  45. Questions?
    @michele_butcher

    View Slide

  46. Thank you for
    attending!
    Slides can be found at https://mlb.pw/LadyBlogger
    Michele Butcher
    @michele_butcher
    http://wpsecuritylock.com
    http://cantspeakgeek.com

    View Slide