Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Practical WordPress Security 2018

744d1f74b6e2daa8264d70c4ed395663?s=47 Tim Nash
November 14, 2018

Practical WordPress Security 2018

We have all been to the scary WordPress security talk where Tim or someone else frightens you to death, in those talks there is a theme beyond despair and that’s ‘every little helps’. So this talk is low on scary tales and high on simple practical tips to improve your site’s security.

On their own they might not be the silver bullet, but they all add up. Tim will guide you through things anyone of any ability level can implement to improve their site’s security.

744d1f74b6e2daa8264d70c4ed395663?s=128

Tim Nash

November 14, 2018
Tweet

Transcript

  1. Don’t be scared - Practical security tips Psychological harm, paranoia,

    distrust in humanity, fear of toasters, mild language In Person Classified just like your porn… Imagine how much rubbish these folks watch *Warning this presentation hasn’t formally been classified by the BBFC or any organisation for age rating. It was however seen by my mother who said it was very pretty. She however wasn’t wearing her glasses.
  2. Practical Security Tips Twitter: @tnash A totally different talk

  3. WARNING This is not a GDPR talk or a talk

    on information governance. So relax!
  4. None
  5. Watford

  6. None
  7. None
  8. None
  9. None
  10. None
  11. None
  12. WordPress Platform Lead @34SP.com Former Pentester Ran a small dev

    agency Co run WPLeeds for 10 years Worked with PayPal, Cabinet Office, Orange and WFP Once nearly screwed up the British Soap Awards
  13. DevSecOps

  14. None
  15. Estimated $2Trillion cost to business in 2019

  16. Relax everything will be fine...

  17. Bad Actors

  18. State Actors

  19. Fighting drive by hacks

  20. Installing a plugin

  21. User Roles/Permissions

  22. PassPhrases

  23. None
  24. Password Manager

  25. Two Factor Authentication

  26. None
  27. Limit Logins

  28. Update WordPress Core

  29. Update Plugins

  30. Update themes (meet a child theme)

  31. Buy from reputable sources

  32. Monitoring

  33. Integrity Checking

  34. Logging and Audit trails

  35. None
  36. HTTPS://everything

  37. Good hosting

  38. TRUST ME “I work in hosting”

  39. Have a disaster recovery plan

  40. Two-Factor Plugin What I use… PassPhrases Keepass (KeepassXC, Keepassdroid) updown.io

    Let’s Encrypt / Code Guard Visual Ping/CodeCeption 34SP.com WordPress Hosting WP Fingerprint
  41. Photo credits: Siobhan Hancock Daniel Foster David Goehring Found Art

    Photography Gratisography Negativespace unsplash Caio xkcd comicvine.com Christopher Geary
 Mary Alex
  42. Tim Nash @tnash timnash.co.uk @34SP
 34SP.com Slides & bits: https://timnash.co.uk/security/

  43. WordPress Hosting Experts 3 MONTHS FREE TIMNASHWP