Slide 1

Slide 1 text

Securing WordPress Presented by: Rachel Baker Freelance Web Developer @rachelbaker www.rachelbaker.me Founder of Plugged In Consulting www.pluggedinconsulting.com

Slide 2

Slide 2 text

Getting to Know WordPress Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 Image Credit: farmtowngrl via http://media.photobucket.com/image/recent/farmtowngrl/

Slide 3

Slide 3 text

L A M P Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 inux pache ySQL HP

Slide 4

Slide 4 text

Database Tables Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 = + Code Files WordPress

Slide 5

Slide 5 text

WP-Content Folder Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012

Slide 6

Slide 6 text

WP-Admin Folder Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012

Slide 7

Slide 7 text

WP-Includes Folder Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012

Slide 8

Slide 8 text

WP-Content Folder Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012

Slide 9

Slide 9 text

Take Ownership of Your Website Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012

Slide 10

Slide 10 text

Limit Access to Your Site Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012

Slide 11

Slide 11 text

Use Strong P@$$w0rdz! Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 Image Credit: formalfallacy via http://www.flickr.com/photos/formalfallacy/2057169454/

Slide 12

Slide 12 text

Do NOT Use Public Wifi Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 Image Credit: codebutler via http://codebutler.github.com/firesheep/tc12/#22

Slide 13

Slide 13 text

Stay Up To Date Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012

Slide 14

Slide 14 text

Remove Unused Themes & Plugins Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 Image Credit: mydoorsign via http://www.mydoorsign.com/Housekeeping-Clean-Signs/

Slide 15

Slide 15 text

Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 Image Credit: ilovegkr via http://www.ilovegkr.com/pages/fungames/colouri.html No, sir! That is wrong. Do you know where I can get a Facebook plugin for my blog?

Slide 16

Slide 16 text

Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 Image Credit: ilovegkr via http://www.ilovegkr.com/pages/fungames/colouri.html No, sir! That is wrong. Do you know where I can get a Facebook plugin for my blog?

Slide 17

Slide 17 text

Reviewing Plugins Research the Plugin Developer: How many plugins have they developed? When was the last time they updated their plugins? Are they responsive to support requests for their plugin? Do they work with WordPress professionally? Are they helpful to others in the WordPress Support Forums? Check the plugin against WP Engine’s Disallowed Plugins List: http://support.wpengine.com/disallowed-plugins/ Review the Plugin Code for Correct Use of: Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 WordPress Plugin API hooks, actions and filters WordPress Settings API for plugin options WPDB database class and query methods Sanitization on any data input fields Nonces instead of browser cookies

Slide 18

Slide 18 text

Reviewing Themes Research the Theme Developer: How many themes have they developed? When was the last time they updated their theme? Are they responsive to support requests for their theme? Do they work with WordPress professionally? What level of support is included along with any premium theme? Check the Theme Code: Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 Are the theme files organized? Do I know the purpose of every file included in the theme? Does the theme cause any Debug mode errors? Theme Check Plugin: http://wordpress.org/extend/plugins/theme-check/ Theme Authenticity Checker (TAC) Plugin: http://wordpress.org/extend/plugins/tac/

Slide 19

Slide 19 text

Move the WP-Config File to the Directory Above Your Public HTML Folder Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012

Slide 20

Slide 20 text

Secure WP-Includes with .htaccess Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 https://gist.github.com/3092744 Secured .htaccess File with WP-Config Added:

Slide 21

Slide 21 text

Are You Putting the Engine from a Yugo Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 ...into a BMW?

Slide 22

Slide 22 text

Use a Quality Hosting Company Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 Image Credit: chaosmanorreviews via http://www.chaosmanorreviews.com/open_archives/jep_column-318-b.php

Slide 23

Slide 23 text

Fun Questions to Ask Web Hosting Companies Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 1. What distribution/version of Linux do your servers run? 2. What version Apache, MySQL and PHP do your servers run? 3. Do you have a written policy regarding patching and updating your servers? 4. What steps do you take to make sure my hosting account is safe from other accounts on the same server? 5. Do you have a written backup policy? 6. How many hosting accounts do you stuff into each server?

Slide 24

Slide 24 text

Practice Safe WordPressing Secured .htaccess File: https://gist.github.com/3092744 Locking Down WordPress eBook: http://build.codepoet.com/2012/07/10/locking-down-wordpress/ Sucuri Security: http://sucuri.net/ Wordfence Security Plugin: http://wordpress.org/extend/plugins/wordfence/ Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 Hardening WordPress: http://codex.wordpress.org/Hardening_WordPress