Beginners Security
WordCamp North Canton
Michele Butcher
CantSpeakGeek.com WPSecurityLock.com
@michele_butcher
Slide 2
Slide 2 text
Michele Butcher
WordPress Specialist, Site
Cleaner, and Trainer for WP
Security Lock
WordPress Evangelist for
InMotion Hosting
Geek behind Can’t Speak
Geek
Beginners and Intermediate
WordPress Instructor
Slide 3
Slide 3 text
Why is security
important?
Slide 4
Slide 4 text
Many do not think security is
important until it is too late.
Every single day hackers find new ways to get your
information.
Todays features are tomorrow’s vulnerabilities.
Stop them before they stop you
Slide 5
Slide 5 text
Why do hackers hack?
Make bank
build a zombie army
Share their nasty code with the world
Get your information
They are bored
They want to see if they can do it
Slide 6
Slide 6 text
But…Why are they
hacking me?
There is rarely ever a targeted hacking attack.
Typically all sites are considered targets. The big
and the small.
Slide 7
Slide 7 text
And how do they get in?
They guess your login information
Denial of Service Attack (DDoS)
Through a file in a theme, plugin, or anything
on your server where they found an exploit
Through your FTP and/or cPanel
configuration
Slide 8
Slide 8 text
Here is the only
scary thing I will say
in this talk
Slide 9
Slide 9 text
You are NEVER
100% secure
Slide 10
Slide 10 text
A test site or a site that might get
5 visitors a day can be hacked.
It happened to me and it can happen to you.
Slide 11
Slide 11 text
Don’t Let
Security
Make you like
this guy!
Slide 12
Slide 12 text
There are some
simple steps to keep
the hackers out
Slide 13
Slide 13 text
WordPress Security
Basics 101
Slide 14
Slide 14 text
Never ever never use “
admin” as
a username or “password” as
password. NEVER!!!!
Any questions?
Adm1n and Pa55w0rd do not count either!
Slide 15
Slide 15 text
Always use SFTP
“S” is for safe!!!
Slide 16
Slide 16 text
Only give users the
access they need
Just because they want to be an admin does not
mean they should.
Guest bloggers should rarely every be anything
more than a contributor.
Slide 17
Slide 17 text
If it is a temporary login, delete
the user when the job is done
If they do have posts, you can convert them to different
users or make them a subscriber with limited access.
Slide 18
Slide 18 text
Set up file detection
Many security plugins like iThemes Security and
WordFence will alert you when files have been changed
Slide 19
Slide 19 text
Only keep the theme you are
using and one backup theme on
your site.
The more themes that are on a site, the more open
chances you have to a vulnerability
Slide 20
Slide 20 text
Only keep the plugins you
have active on your site.
An uninstalled plugin is not a potential vulnerability.
Use the plugins repo favorites option to keep a list of
your favorite plugins
Slide 21
Slide 21 text
Security Plugins
iThemes Security (Free and Pro version
Securi Firewall
WordFence Security
Jetpack with Brute Protect and Vault Press
Slide 22
Slide 22 text
Always make backups!
Backup Buddy, UpDraftPlus, BackWPUp
Always save to someplace OTHER than your
server
Save them to Dropbox, AWS, email, or your
local machine
Have them scheduled to be made daily or at
least weekly
Slide 23
Slide 23 text
Malware Scanning? Do I
need it?
If you suspect an issue scan your site!
Google Webmaster Tools
VirusTotal
iThemes Security Pro
Sucuri Scanner
Slide 24
Slide 24 text
What else can I do to
protect my site?
Slide 25
Slide 25 text
Update!
Update!
Update!
Update core. Update themes update plugins!
The biggest reasons of updates is typically security or feature
related.
The biggest source of nearly all hacks is due to lack of updating.
Slide 26
Slide 26 text
If you use Envato products
(ThemeForest and CodeCanyon)
always check the box in the
downloads to be notified of updates.
That is the only way you will know if any of their products
need to be updated.
This is why the RevSlider infection was so widespread. Many
did not even know the plugin was built into their theme.
Slide 27
Slide 27 text
Don't ever let your
site get too lonely.
That is when the zombies come.
Nobody wants the zombies to come
Slide 28
Slide 28 text
If the unthinkable happens and
you do get hacked, it is not the
end of the world.
It can and will be fixed.
Slide 29
Slide 29 text
Who can clean my
hacked website?
Well I can!
And so can Securi and HackRepair
Slide 30
Slide 30 text
Great! Are there any other
ways I can be secure?
Slide 31
Slide 31 text
Always use complex
passwords
Slide 32
Slide 32 text
Never email
passwords
Slide 33
Slide 33 text
Never use the same
password twice
Slide 34
Slide 34 text
Use a Password Keeper
Last Pass
One Password
KeePass
Slide 35
Slide 35 text
If a login has a Two-
Factor Authentication,
USE IT!
Slide 36
Slide 36 text
Anti-virus!
Use it on all the things.
Yes, even a Mac!
Slide 37
Slide 37 text
Be conscious when
using public WiFi
Slide 38
Slide 38 text
Use a VPN if you use
Public WiFi
Torguard
Site Social
Hide My Ass
Slide 39
Slide 39 text
Update!
Update!
Update!
Slide 40
Slide 40 text
No one wants to lose their information
stored on their computer.
Back everything up
and back it up often!
Bitcasa
Carobinte
External Harddrives