Introduction to Security and Backups

Suzette Franck 
#wclax @suzette_franck
Introduction to backups
and security
1
by Suzette Franck
September 5, 2012

View Slide

Suzette Franck 
twitter: @suzette
_franck
2
Front-end Developer

at WebDevStudios

View Slide

Suzette Franck 
what we will cover
1. top vulnerabilities and risks

2. prevention

3. getting hacked

4. backups

5. resources
3

View Slide

Suzette Franck 
Top vulnerabilities
1. Virus-free computer

2. Weak or compromised passwords

3. Outdated server software

4. Unreliable hosting

5. Plugin or theme (bad or malicious
coding)
4

View Slide

Suzette Franck 
why do hackers hack?
1. gain your server’s resources

2. something malicious or spammy

3. promote propoganda

4. make money

5. spread viruses

6. because they can

7. yes, big or small, everyone is a target
5

View Slide

Suzette Franck 
Am i at risk? yes!
1. use internet

2. have passwords

3. own a website
6

View Slide

Suzette Franck 
steps to reduce risks?
1. prevention is the best medicine

2. best password practices

3. get good hosting

4. know your plugin and theme sources

5. keep software updated
7

View Slide

Suzette Franck 
password management
!
1. complicated passwords

2. don’t use FTP, use SFTP or SSH

3. diﬀerent passwords for everything

4. use a password manager (Lastpass)

5. practice least privilege

6. access only what is needed and when

7. remove old accounts
8

View Slide

Suzette Franck 
password creation
!
1. never use “password”

2. don’t use pet or children’s names

3. uppercase letters, lowercase letters,
numbers, special characters

4. longer is better than shorter

5. use password managers to create and
store new passwords
9

View Slide

Suzette Franck 
choosing hosting
!
1. use a reputable web hosting company

2. should oﬀer SFTP or SSH access

3. pay now for good hosting or pay later for bad
hosting

4. shared hosting or VPS?

5. keep server software PHP & MySQL up-to-
date (you or host)

6. do they have emergency backups? Fees?
10

View Slide

Suzette Franck 
wordpress hosting
11

View Slide

Suzette Franck 
wordpress application
!
1. update WordPress (1. vs .1 releases)

2. don’t login with admin, create new
account

3. each user should have their own account

4. use the user roles - admin, editor

5. always practice least privilege

6. remove unused accounts
12

View Slide

Suzette Franck 
wordpress application
!
1. limit login attempts plugin

2. file and folder permissions

1. files: 644 read write execute

2. folders: 755

3. don’t use: 777

3. move wp-config.php up a directory (not multisite)

4. wp-config.php: 
define(‘FORCE_SSL_LOGIN’, true);

5. define(‘FORCE_SSL_ADMIN’, true);

6. wp-config.php add secret keys
13

View Slide

Suzette Franck 
plugin and theme safety
!
1. know your sources (WordPress.org)

2. backup, then update plugins and
themes

3. test on a local or development server

4. delete inactive plugins and themes

5. use as few plugins as it takes to get the
job done
14

View Slide

Suzette Franck 
You’ve been hacked
!
1. reduce reinfection: clean up, restore, or
take down site ASAP

2. don’t get google blacklisted

3. hire experts, like Sucuri

4. restore site from recent backup

5. does your host oﬀer emergency backups?

6. time matters!
15

View Slide

Suzette Franck 
backups
!
1. hacked sites may be cleaned, but…

2. usually can not undo damage done

3. updates to software may break sites

4. maintaining backups is essential

5. set up an automatic schedule

6. know how to do a manual backup

7. backup ﬁles as well as database
16

View Slide

Suzette Franck 
manual database backup
17
!
1. login to PHPMyAdmin

2. export to .sql using default settings 
 
or 
3. install “WP Migrate DB” plugin

4. conﬁgure and run plugin

View Slide

Suzette Franck 
using phpmyadmin
18

View Slide

Suzette Franck 
Using wp migrate db
19
!
1. install and conﬁgure WP Migrate DB by
Delicious Brains

View Slide

Suzette Franck 
manual database backup
20
!
1. uncheck compress with .gzip & copy

View Slide

Suzette Franck 
backup your files, too!
21
!
1. Filezilla or other SFTP client

View Slide

Suzette Franck 
automatic backups
22

View Slide

Suzette Franck 
backup essentials
23
1. backup ﬁles and db before updates!

2. don’t store backups on your server

3. schedule backups based on how much
information you’re willing to lose

4. test backups periodically

5. keep backups accessible for emergencies

6. http://codex.wordpress.org/
WordPress_Backups

View Slide

Suzette Franck 
resources
1. http://blog.sucuri.net/

2. WordPress.tv WordCamp Sessions:

1. Dre Armeda

2. Brad Williams

3. Tony Perez

3. Google (recent articles)

4. “Locking Down WordPress” (Code Poet)
24

View Slide

Suzette Franck 
questions?
25
follow me on twitter:
@suzette
_franck

View Slide

Introduction to Security and Backups

Introduction to Security and Backups

Suzette Franck

More Decks by Suzette Franck

Other Decks in Technology

Featured

Transcript