Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security for Beginners

Security for Beginners

Learn the basics to keep your WordPress site secure. Make security important before it is too late.


Michele Butcher

May 09, 2015

More Decks by Michele Butcher

Other Decks in Technology


  1. Beginners Security WordCamp North Canton Michele Butcher
 CantSpeakGeek.com WPSecurityLock.com

  2. Michele Butcher WordPress Specialist, Site Cleaner, and Trainer for WP

    Security Lock WordPress Evangelist for InMotion Hosting Geek behind Can’t Speak Geek Beginners and Intermediate WordPress Instructor
  3. Why is security important?

  4. Many do not think security is important until it is

    too late. Every single day hackers find new ways to get your information. Todays features are tomorrow’s vulnerabilities. Stop them before they stop you
  5. Why do hackers hack? Make bank build a zombie army

    Share their nasty code with the world Get your information They are bored They want to see if they can do it
  6. But…Why are they hacking me? There is rarely ever a

    targeted hacking attack. Typically all sites are considered targets. The big and the small.
  7. And how do they get in? They guess your login

    information Denial of Service Attack (DDoS) Through a file in a theme, plugin, or anything on your server where they found an exploit Through your FTP and/or cPanel configuration
  8. Here is the only scary thing I will say in

    this talk
  9. You are NEVER 100% secure

  10. A test site or a site that might get 5

    visitors a day can be hacked. It happened to me and it can happen to you.
  11. Don’t Let Security Make you like this guy!

  12. There are some simple steps to keep the hackers out

  13. WordPress Security Basics 101

  14. Never ever never use “ admin” as a username or

    “password” as password. NEVER!!!! Any questions? Adm1n and Pa55w0rd do not count either!
  15. Always use SFTP “S” is for safe!!!

  16. Only give users the access they need Just because they

    want to be an admin does not mean they should. Guest bloggers should rarely every be anything more than a contributor.
  17. If it is a temporary login, delete the user when

    the job is done If they do have posts, you can convert them to different users or make them a subscriber with limited access.
  18. Set up file detection Many security plugins like iThemes Security

    and WordFence will alert you when files have been changed
  19. Only keep the theme you are using and one backup

    theme on your site. The more themes that are on a site, the more open chances you have to a vulnerability
  20. Only keep the plugins you have active on your site.

    An uninstalled plugin is not a potential vulnerability. Use the plugins repo favorites option to keep a list of your favorite plugins
  21. Security Plugins iThemes Security (Free and Pro version Securi Firewall

    WordFence Security Jetpack with Brute Protect and Vault Press
  22. Always make backups! Backup Buddy, UpDraftPlus, BackWPUp Always save to

    someplace OTHER than your server Save them to Dropbox, AWS, email, or your local machine Have them scheduled to be made daily or at least weekly
  23. Malware Scanning? Do I need it? If you suspect an

    issue scan your site! Google Webmaster Tools VirusTotal iThemes Security Pro Sucuri Scanner
  24. What else can I do to protect my site?

  25. Update! Update! Update! Update core. Update themes update plugins! The

    biggest reasons of updates is typically security or feature related. The biggest source of nearly all hacks is due to lack of updating.
  26. If you use Envato products (ThemeForest and CodeCanyon) always check

    the box in the downloads to be notified of updates. That is the only way you will know if any of their products need to be updated. This is why the RevSlider infection was so widespread. Many did not even know the plugin was built into their theme.
  27. Don't ever let your site get too lonely. That is

    when the zombies come. 
 Nobody wants the zombies to come
  28. If the unthinkable happens and you do get hacked, it

    is not the end of the world. It can and will be fixed.
  29. Who can clean my hacked website? Well I can! And

    so can Securi and HackRepair
  30. Great! Are there any other ways I can be secure?

  31. Always use complex passwords

  32. Never email passwords

  33. Never use the same password twice

  34. Use a Password Keeper Last Pass One Password KeePass

  35. If a login has a Two- Factor Authentication, USE IT!

  36. Anti-virus! Use it on all the things. Yes, even a

  37. Be conscious when using public WiFi

  38. Use a VPN if you use Public WiFi Torguard Site

    Social Hide My Ass
  39. Update! Update! Update!

  40. No one wants to lose their information stored on their

    computer. Back everything up and back it up often! Bitcasa Carobinte External Harddrives
  41. Questions?

  42. Thank you!!! Michele Butcher CantSpeakGeek.com WPSecurityLock.com @michele_butcher