Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

WordPress Security Basics

WordPress Theme Frameworks
by

John Overall

on 27 November 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of WordPress Security Basics

Remove Admin account and any other unnecessary Admins
have only the themes you need installed
Remove all unused themes
Remove all unused plugins
Choose & use only the plugins you need
10 ways to keep your WordPress site secure
Re-Salt your WordPress secret keys in the wp-config file.
Your wp-config file has a section that adds random elements to the password encryption.
Use Fresh and Complex Salt
List of links and plugins to help you secure your WordPress website.
Tools
Create your salt - https://api.wordpress.org/secret-key/1.1/salt/
How to choose a strong password - http://nakedsecurity.sophos.com/2010/02/03/choose-strong-password/

Plugins
WordFence - http://wordpress.org/plugins/wordfence/
WordPress File Monitor Plus - http://wordpress.org/plugins/wordpress-file-monitor-plus/
WP Security Audit Log - http://wordpress.org/plugins/wp-security-audit-log/
Login Security Solution - http://wordpress.org/plugins/login-security-solution/
Emergency Password Reset - http://wordpress.org/plugins/emergency-password-reset/
BulletProof Security - http://wordpress.org/plugins/bulletproof-security/

WordPress Hosting
GreenGeeks Hosting
BlueHost
Synthesis
WP Engine

Tools to help you secure WordPress
A few simple checks and plugins can go a long way to keep you secure.
Don't become a statistic…
SEO Smart links makes it easy to create internal links.
Internal links are important for your SEO and
They also encourage your reader to look around your site
Have you ever been caught in the link loop?
SEO Smart Links
build internal links for better SEO…
Default Salt looks like this.
www.JohnOverall.com
WordPress Security
You can help protect yourself by installing a plugin firewall like WordFence
Install a Firewall
WordPress Security
Use a two factor authentication plugin such as Rublon

Enable Two Factor Authentication
There are hundreds of hosting companies out there:
It is important you choose a good one as hosting is one thing that will impact your site performance and security.
Choose a quality Hosting Company
To insure all users have a strong password install a plugin that forces a strong password. Also use a plugin to reset all passwords forcing users to change their password to a better one.
Insure all users have a strong password
supported by the WordPress Medic Podcast @ WPMedic.ca
Keeping WordPress core and plugins upto date is the #1 way you can keep yourself secure.
Keep WordPress Upto Date
Avoid becoming one of the 73% of sites vulnerable to hacking
Don't Become a Statistic
With an estimated 1 Billion WordPress websites in existance it not unexpected that some of them will be vulnerable to attack.
The goal is to make sure you are not one of them.
This presentation can be found at WPMedic.ca/WPsecure
The default Admin if you still have one needs to be removed as well as any other unnecessary ones.
If you are running a website that uses WordPress here are 10 suggestions to help you avoid ending up in the 73% (or whatever large number it is) of vulnerable sites.
• Always run the very latest version of WordPress
• Always run the very latest versions of your plugins and themes
• Choose and use only plugins you need
• Remove unused themes
• Delete the admin user and remove unused plugins, themes and users
• Make sure every user has their own strong password
• Enable two factor authentication for all your users
• Generate complex secret keys for your wp-config.php file
• Choose a trusted hosting company and Consider hosting with dedicated WordPress hosting company
• Put a Web Application Firewall in front of your website

define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
define('AUTH_KEY', '6++]42ZS@Y]IF)AG+ShJx6K@[X0(KZ>!}1ygrNv|}{AVIKqebZ,?xXBu^||~`u(]');
define('SECURE_AUTH_KEY', 'XYWRtcX2p]XS=7*U{-k3.>qnZjkU/.?)J46V-5ImvRxkfr^Gf_y=H-%Qly>~I$+z');
define('LOGGED_IN_KEY', 'kg]] b,a}tn.i!15nb;8uWN9BekoHw(] )5am-ZEB6*|@|FdW|=TDTE-i@Y,CoZ ');
define('NONCE_KEY', 'g8TE#VU_&dB66X^G_b/>{H,WVM(so=i!A6~Fd TG2LuJh|9j1bT=s1&U[sTrQ59[');
define('AUTH_SALT', '4NM+]l,HG7btT:45p-yL!-+;a+30QN$u8HI,K)F0?e4nT.;.i]sLNI=xa1uF!ol,');
define('SECURE_AUTH_SALT', 'MQV/rs-0/2c`Ph3VoO}0Xi:$<diZ32jje-q|%I|M$.u9g-WJJO]Y:aU6:Jnem*E ');
define('LOGGED_IN_SALT', 'k!NxR?q;dN>M4~04`oW?2xilbKWg;Pp-+Kv-RUIJiDN{<awRwyPi>s_F*G4QaeW!');
define('NONCE_SALT', 'DbPLoovMzFDR+psArHwO%*`}{9xSLq!pZX^j-oS>{<O?BAl#QvL x-VZvYyOWo`+');
Change the Salt to something like this.
Visit https://api.wordpress.org/secret-key/1.1/salt/
to generate your own random salt.
Full transcript