Securing WordPress

Transcript

1. Securing WordPress Presented by: Rachel Baker Freelance Web Developer @rachelbaker

   www.rachelbaker.me Founder of Plugged In Consulting www.pluggedinconsulting.com

2. Getting to Know WordPress Rachel Baker - Chicago Northside WordPress

   Meetup Group - July 2012 Image Credit: farmtowngrl via http://media.photobucket.com/image/recent/farmtowngrl/

3. L A M P Rachel Baker - Chicago Northside WordPress

   Meetup Group - July 2012 inux pache ySQL HP

4. Database Tables Rachel Baker - Chicago Northside WordPress Meetup Group

   - July 2012 = + Code Files WordPress

5. WP-Content Folder Rachel Baker - Chicago Northside WordPress Meetup Group

   - July 2012

6. WP-Admin Folder Rachel Baker - Chicago Northside WordPress Meetup Group

   - July 2012

7. WP-Includes Folder Rachel Baker - Chicago Northside WordPress Meetup Group

   - July 2012

8. WP-Content Folder Rachel Baker - Chicago Northside WordPress Meetup Group

   - July 2012

9. Take Ownership of Your Website Rachel Baker - Chicago Northside

   WordPress Meetup Group - July 2012

10. Limit Access to Your Site Rachel Baker - Chicago Northside

    WordPress Meetup Group - July 2012

11. Use Strong P@$$w0rdz! Rachel Baker - Chicago Northside WordPress Meetup

    Group - July 2012 Image Credit: formalfallacy via http://www.flickr.com/photos/formalfallacy/2057169454/

12. Do NOT Use Public Wifi Rachel Baker - Chicago Northside

    WordPress Meetup Group - July 2012 Image Credit: codebutler via http://codebutler.github.com/firesheep/tc12/#22

13. Stay Up To Date Rachel Baker - Chicago Northside WordPress

    Meetup Group - July 2012

14. Remove Unused Themes & Plugins Rachel Baker - Chicago Northside

    WordPress Meetup Group - July 2012 Image Credit: mydoorsign via http://www.mydoorsign.com/Housekeeping-Clean-Signs/

15. Rachel Baker - Chicago Northside WordPress Meetup Group - July

    2012 Image Credit: ilovegkr via http://www.ilovegkr.com/pages/fungames/colouri.html No, sir! That is wrong. Do you know where I can get a Facebook plugin for my blog?

16. Rachel Baker - Chicago Northside WordPress Meetup Group - July

    2012 Image Credit: ilovegkr via http://www.ilovegkr.com/pages/fungames/colouri.html No, sir! That is wrong. Do you know where I can get a Facebook plugin for my blog?

17. Reviewing Plugins Research the Plugin Developer: How many plugins have

    they developed? When was the last time they updated their plugins? Are they responsive to support requests for their plugin? Do they work with WordPress professionally? Are they helpful to others in the WordPress Support Forums? Check the plugin against WP Engine’s Disallowed Plugins List: http://support.wpengine.com/disallowed-plugins/ Review the Plugin Code for Correct Use of: Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 WordPress Plugin API hooks, actions and filters WordPress Settings API for plugin options WPDB database class and query methods Sanitization on any data input fields Nonces instead of browser cookies

18. Reviewing Themes Research the Theme Developer: How many themes have

    they developed? When was the last time they updated their theme? Are they responsive to support requests for their theme? Do they work with WordPress professionally? What level of support is included along with any premium theme? Check the Theme Code: Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 Are the theme files organized? Do I know the purpose of every file included in the theme? Does the theme cause any Debug mode errors? Theme Check Plugin: http://wordpress.org/extend/plugins/theme-check/ Theme Authenticity Checker (TAC) Plugin: http://wordpress.org/extend/plugins/tac/

19. Move the WP-Config File to the Directory Above Your Public

    HTML Folder Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012

20. Secure WP-Includes with .htaccess Rachel Baker - Chicago Northside WordPress

    Meetup Group - July 2012 https://gist.github.com/3092744 Secured .htaccess File with WP-Config Added:

21. Are You Putting the Engine from a Yugo Rachel Baker

    - Chicago Northside WordPress Meetup Group - July 2012 ...into a BMW?

22. Use a Quality Hosting Company Rachel Baker - Chicago Northside

    WordPress Meetup Group - July 2012 Image Credit: chaosmanorreviews via http://www.chaosmanorreviews.com/open_archives/jep_column-318-b.php

23. Fun Questions to Ask Web Hosting Companies Rachel Baker -

    Chicago Northside WordPress Meetup Group - July 2012 1. What distribution/version of Linux do your servers run? 2. What version Apache, MySQL and PHP do your servers run? 3. Do you have a written policy regarding patching and updating your servers? 4. What steps do you take to make sure my hosting account is safe from other accounts on the same server? 5. Do you have a written backup policy? 6. How many hosting accounts do you stuff into each server?

24. Practice Safe WordPressing Secured .htaccess File: https://gist.github.com/3092744 Locking Down WordPress

    eBook: http://build.codepoet.com/2012/07/10/locking-down-wordpress/ Sucuri Security: http://sucuri.net/ Wordfence Security Plugin: http://wordpress.org/extend/plugins/wordfence/ Rachel Baker - Chicago Northside WordPress Meetup Group - July 2012 Hardening WordPress: http://codex.wordpress.org/Hardening_WordPress