Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Security and Backups

Suzette Franck
September 05, 2014

Introduction to Security and Backups

Introduction to Security and Backups

Suzette Franck

September 05, 2014
Tweet

More Decks by Suzette Franck

Other Decks in Technology

Transcript

  1. Suzette Franck

    #wclax @suzette_franck
    Introduction to backups
    and security
    1
    by Suzette Franck
    September 5, 2012

    View Slide

  2. Suzette Franck

    #wclax @suzette_franck
    twitter: @suzette
    _franck
    2
    Front-end Developer

    at WebDevStudios

    View Slide

  3. Suzette Franck

    #wclax @suzette_franck
    what we will cover
    1. top vulnerabilities and risks

    2. prevention

    3. getting hacked

    4. backups

    5. resources
    3

    View Slide

  4. Suzette Franck

    #wclax @suzette_franck
    Top vulnerabilities
    1. Virus-free computer

    2. Weak or compromised passwords

    3. Outdated server software

    4. Unreliable hosting

    5. Plugin or theme (bad or malicious
    coding)
    4

    View Slide

  5. Suzette Franck

    #wclax @suzette_franck
    why do hackers hack?
    1. gain your server’s resources

    2. something malicious or spammy

    3. promote propoganda

    4. make money

    5. spread viruses

    6. because they can

    7. yes, big or small, everyone is a target
    5

    View Slide

  6. Suzette Franck

    #wclax @suzette_franck
    Am i at risk? yes!
    1. use internet

    2. have passwords

    3. own a website
    6

    View Slide

  7. Suzette Franck

    #wclax @suzette_franck
    steps to reduce risks?
    1. prevention is the best medicine

    2. best password practices

    3. get good hosting

    4. know your plugin and theme sources

    5. keep software updated
    7

    View Slide

  8. Suzette Franck

    #wclax @suzette_franck
    password management
    !
    1. complicated passwords

    2. don’t use FTP, use SFTP or SSH

    3. different passwords for everything

    4. use a password manager (Lastpass)

    5. practice least privilege

    6. access only what is needed and when

    7. remove old accounts
    8

    View Slide

  9. Suzette Franck

    #wclax @suzette_franck
    password creation
    !
    1. never use “password”

    2. don’t use pet or children’s names

    3. uppercase letters, lowercase letters,
    numbers, special characters

    4. longer is better than shorter

    5. use password managers to create and
    store new passwords
    9

    View Slide

  10. Suzette Franck

    #wclax @suzette_franck
    choosing hosting
    !
    1. use a reputable web hosting company

    2. should offer SFTP or SSH access

    3. pay now for good hosting or pay later for bad
    hosting

    4. shared hosting or VPS?

    5. keep server software PHP & MySQL up-to-
    date (you or host)

    6. do they have emergency backups? Fees?
    10

    View Slide

  11. Suzette Franck

    #wclax @suzette_franck
    wordpress hosting
    11

    View Slide

  12. Suzette Franck

    #wclax @suzette_franck
    wordpress application
    !
    1. update WordPress (1. vs .1 releases)

    2. don’t login with admin, create new
    account

    3. each user should have their own account

    4. use the user roles - admin, editor

    5. always practice least privilege

    6. remove unused accounts
    12

    View Slide

  13. Suzette Franck

    #wclax @suzette_franck
    wordpress application
    !
    1. limit login attempts plugin

    2. file and folder permissions

    1. files: 644 read write execute

    2. folders: 755

    3. don’t use: 777

    3. move wp-config.php up a directory (not multisite)

    4. wp-config.php:

    define(‘FORCE_SSL_LOGIN’, true);

    5. define(‘FORCE_SSL_ADMIN’, true);

    6. wp-config.php add secret keys
    13

    View Slide

  14. Suzette Franck

    #wclax @suzette_franck
    plugin and theme safety
    !
    1. know your sources (WordPress.org)

    2. backup, then update plugins and
    themes

    3. test on a local or development server

    4. delete inactive plugins and themes

    5. use as few plugins as it takes to get the
    job done
    14

    View Slide

  15. Suzette Franck

    #wclax @suzette_franck
    You’ve been hacked
    !
    1. reduce reinfection: clean up, restore, or
    take down site ASAP

    2. don’t get google blacklisted

    3. hire experts, like Sucuri

    4. restore site from recent backup

    5. does your host offer emergency backups?

    6. time matters!
    15

    View Slide

  16. Suzette Franck

    #wclax @suzette_franck
    backups
    !
    1. hacked sites may be cleaned, but…

    2. usually can not undo damage done

    3. updates to software may break sites

    4. maintaining backups is essential

    5. set up an automatic schedule

    6. know how to do a manual backup

    7. backup files as well as database
    16

    View Slide

  17. Suzette Franck

    #wclax @suzette_franck
    manual database backup
    17
    !
    1. login to PHPMyAdmin

    2. export to .sql using default settings


    or

    3. install “WP Migrate DB” plugin

    4. configure and run plugin

    View Slide

  18. Suzette Franck

    #wclax @suzette_franck
    using phpmyadmin
    18

    View Slide

  19. Suzette Franck

    #wclax @suzette_franck
    Using wp migrate db
    19
    !
    1. install and configure WP Migrate DB by
    Delicious Brains

    View Slide

  20. Suzette Franck

    #wclax @suzette_franck
    manual database backup
    20
    !
    1. uncheck compress with .gzip & copy

    View Slide

  21. Suzette Franck

    #wclax @suzette_franck
    backup your files, too!
    21
    !
    1. Filezilla or other SFTP client

    View Slide

  22. Suzette Franck

    #wclax @suzette_franck
    automatic backups
    22

    View Slide

  23. Suzette Franck

    #wclax @suzette_franck
    backup essentials
    23
    1. backup files and db before updates!

    2. don’t store backups on your server

    3. schedule backups based on how much
    information you’re willing to lose

    4. test backups periodically

    5. keep backups accessible for emergencies

    6. http://codex.wordpress.org/
    WordPress_Backups

    View Slide

  24. Suzette Franck

    #wclax @suzette_franck
    resources
    1. http://blog.sucuri.net/

    2. WordPress.tv WordCamp Sessions:

    1. Dre Armeda

    2. Brad Williams

    3. Tony Perez

    3. Google (recent articles)

    4. “Locking Down WordPress” (Code Poet)
    24

    View Slide

  25. Suzette Franck

    #wclax @suzette_franck
    questions?
    25
    follow me on twitter:
    @suzette
    _franck

    View Slide