Are You Safe
Slides can be found at http://mlb.pw/LadyBlogger
WordPress Specialist, Site Cleaner,
and Trainer for
WP Security Lock
One Woman Wonder at
Can’t Speak Geek
WordPress Website Designer
Why is security
Every day hackers try to find
ways to get your information.
Why do hackers hack?
Build a zombie site army
Share their nasty malware with the world
Get your information
They are bored
They want to see if they can do it
How do they get in?
Guess your login. If you know it so can someone
else. (Brute force attack or man in the middle)
Denial of Service attack (DDoS) ﬂood your site with
more trafﬁc than it can handle
Through a theme, ﬁle or plugin
Through your FTP or CPanel. (Files set to read,
write,execute. Brute force, anonymous login,
shared hosting infection)
And now for the only thing
scary that I am going to say.
You are NEVER
Even a test site or a knitting site
with only 2 visitors can be hacked.
It can happen to your site.
It has happened to me, it can happen to you.
you like this guy.
there are ways to keep the
hacker attackers out!
I promise it is not all that painful!
Simple Online Safety
Be Mindful of what information
you put on your website.
If you will not put the the information on a ﬂier or
in a commercial, do not put it on your website.
Do NOT put your email
on your website
Use a contact form. Let your users
engage with you without them
ﬁnding out your important
If you fear you might lose information, save it in
more than one spot. Bitcasa, Carbonite, and
external hard drives are great options of
backing up data.
Back Up Your Information
ALWAYS use complex
“password” is never a
Use a different password for
each and every thing you log
Use something like
LastPass or One
Password to save your
passwords and to share
passwords with others.
Never email passwords to
anyone. Including yourself.
Use your password manager to share login information
Protect your unit!
Yes I even have an anti-virus on my Mac!
AVG and Avast have free versions as well as paid.
Kaspersky is great with Windows and Macs.
Update your Antivirus, Operating
Systems, and all the things
Be conscious when
using public WiFi.
Use a VPN when
connecting out in
If the login has a
Never ever ever use admin as user
name or password as password.
What to do when you have
temporary people in your
Set up a ﬁle change detection notiﬁcation to know
what they are changing in your site.
Always use Sftp
Regular FTP is not secure. Do not use it unless
the server is only set up for FTP.
Only give them access to what they
NEED not what they want.
Just because they want to be an admin does not
automatically make them one.
Guest bloggers should not be anymore than a contributor.
If it is only a temporary login, delete their login
when they have completed their job.
If they have posts on your site, you can knock them
down to subscribers so they can not change anything
on your site.
If they are only doing work, delete them when
their job is done.
iThemes Security Pro
Great all encompassing best practices WordPress security plugin.
Two versions a free and a premium.
If you are mainly worried about DDoS attacks, Brute
Protect has you covered.
Set up a ﬁle change detection notiﬁcation to
know what they are changing in your site.
iThemes Security and other security
plugins give you the option to see what
all users are doing when logged into the
Who can scan my site
Google Webmaster Tools http://google.com/
iThemes Security Pro htttp://ithemes.com/
Need an extra eye on
CloudFlare has a free and premium version.
Things you can do to
protect your website
Update core, update plugins, update themes,
update content, update everything and update
The biggest source of nearly all hacks as once
something is patched, it is trivial to get into the
If you use themes or plugins at any of
the envato (Themeforest, code canyon)
always check the box to be notified of
updates. they will not tell you otherwise
This is why the RevSlider SoakSoak infection was so
widespread. Many didn't know the plugin was built
within the theme.
Have a minimalist approach
to plugins and themes.
Only have the plugins you are using at that time
on your site. You can always upload them again
Only have your theme you are using on your
If something is not active, delete it.
Back up your site!
Somewhere, anywhere, just have a backup copy.
BackupBuddy from iThemes is a great choice.
iThemes Security will do a database backup for you.
Always back up to someplace
OTHER than your server. If the
server gets hacked, so does your
Even backing a copy to Dropbox or
your computer is a better option.
Don’t let your site get
Lonely sites can turn into zombie sites and
nobody wants a zombie
If your website get hacked it is not the
end of the world.
It can and will be fixed.
Who cleans hacked
Well I do over at WP Security Lock ~Smile~
I apologize… had to do one shameful plug.
Wanting more information
about website security?
Join the community at SafeWP
Thank you for
Slides can be found at https://mlb.pw/LadyBlogger