Slide 1

Slide 1 text

No content

Slide 2

Slide 2 text

Android & WP7 Developer @Digicorp Wordpress blogger Head, Google Developers Group Ahmedabad @pareshmayani www.TechnoTalkative.com Who am I?

Slide 3

Slide 3 text

Oops….Congratulations??

Slide 4

Slide 4 text

Oops….Congratulations??

Slide 5

Slide 5 text

Common sense • Secure password • Keep Wordpress & plugins up-to-date • Delete unused files • Use a reputable web host • Clean your site/blog like you clean your house

Slide 6

Slide 6 text

Update, update & updates !!

Slide 7

Slide 7 text

Delete unused files • Delete unused themes • Delete unused plugins

Slide 8

Slide 8 text

Some security Steps 1. Regular backups are best friend 2. Change table prefix 3. Proper file & folder permissions 4. Use secret keys 5. Protect your wp-config.php file 6. Protect your .htaccess file 7. Remove the admin account 8. Do not advertise your WordPress version to the world 9. Limit the number of login attempts 10. Prevent users from browsing your Wordpress directories 11. Use security plugins

Slide 9

Slide 9 text

1. Regular backups are best friend • Take backups • plug-ins available – BackUpWordPress http://wordpress.org/extend/plugins/b ackupwordpres/ – BackWPup http://wordpress.org/extend/plugins/b ackwpup/

Slide 10

Slide 10 text

2. Change Table Prefix • Default table prefix is wp_ • Change the table prefix (wp_) to some random value.

Slide 11

Slide 11 text

2. Change Table Prefix Steps: 1. Open wp-config.php and change $table_prefix = 'wp_wordcamp'; 2. Change all database table name with this prefix (through phpmyadmin)

Slide 12

Slide 12 text

3. Proper Files & Folder permissions • Give users a minimal required access • Set file permissions at 644 & folders at 755 4 read 2 write 1 execute For example: • 755 (rwxr-xr-x) • 644 (rw-r–r–)

Slide 13

Slide 13 text

4. Use secure keys • To increase the security of passwords stored in your WordPress database, you should ensure that your wp- config.php file has unique values. • Step: Generate unique keys through https://api.wordpress.org/secret-key/1.1/ https://api.wordpress.org/secret-key/1.1/salt/

Slide 14

Slide 14 text

5. Protect your wp-config.php file Steps: 1. Open .htaccess file 2. Include below code: order allow,deny deny from all

Slide 15

Slide 15 text

6. Protect your .htaccess file Steps: 1. Open .htaccess file 2. Include below code: order allow,deny deny from all

Slide 16

Slide 16 text

7. Remove the admin account • The default account created for you in wordpress is admin • Steps: 1. Create a new user with Administrator permissions 2. Log out and then log back into wordpress with the new user you created 3. Delete the admin user account 4. When it asks you want to do with posts attributed to admin, select the user you created

Slide 17

Slide 17 text

8. Delete Wordpress version • WordPress sites always publish the version number thus making it easier for people to determine if you are running an outdated non-patched version of WordPress. Step: Include this line into functions.php: remove_action('wp_head', 'wp_generator');

Slide 18

Slide 18 text

9. Limit the number of login attempts • Limit Login Attempts – http://wordpress.org/extend/plugins/li mit-login-attempts/ • Login LockDown – http://wordpress.org/extend/plugins/lo gin-lockdown/

Slide 19

Slide 19 text

10. Prevent users from browsing Steps: 1. Open .htaccess file 2. Include Options -Indexes

Slide 20

Slide 20 text

11. Use Security plug-ins • Better WP Security – http://wordpress.org/extend/plugins/better-wp-security/ • BulletProof Security – http://wordpress.org/extend/plugins/bulletproof-security/

Slide 21

Slide 21 text

Get in Touch twitter.com/pareshmayani fb.com/GDGAhmedabad http://gplus.to/GDGAhmedabad www.TechnoTalkative.com gplus.to/paresh.mayani