Hardening WordPress
Melbourne WordPress User Meetup - June 2014
What We'll Cover
- Why Security Matters
- Security Basics
- Is WordPress Secure?
- WordPress Security Basics
- Intermediate/Advanced WordPress Security
- What An Attack Looks Like
- Impact Of An Attack
- Cleaning Up After An Attack
- More Information
- Recap
http://www.verizonenterprise.com/DBIR/2014/
Security Basics
Defense In Depth
http://i.technet.microsoft.com/dynimg/IC78017.jpg
As many layers as possible...
Is WordPress Secure?
Some of the companies that use WordPress
"...especially in the US, people realise how secure WordPress is, it's not a conversation anymore..."
Matt Mullenweg - Melbourne WordPress Meetup June 2014
WordPress Security Basics
- Strong passwords
- Don't use admin (1-click Installs?)
- Don't use defaults
- Use a "Display Name"
- Keep WordPress updated
- Use quality Plugins and Themes
- Keep your Plugins and Themes updated
- Make regular backups
-
Use security Plugins/Services
- Keep in the loop!
Backups
Image: http://regretless.com/
Sucuri
https://sucuri.net/
iThemes Security Pro
http://ithemes.com/security/
Wordfence
http://www.wordfence.com/
Bulletproof Security
https://wordpress.org/plugins/bulletproof-security/
Intermediate/Advanced WordPress Security
Overview
- Harden Server
- Harden WordPress Installation
- Solid Dev Processes
- Solid User Processes
- User Awareness Training
- Use 3rd Party Services
-
Monitor
What An Attack Looks Like
What An Attack Looks Like
http://www.justtext.com/credit-card-fraud/pay-pal-scam/fraud-scam-website/phishing-website.html
Impact Of An Attack
Cleaning Up After An Attack
Google Webmaster Tools
https://www.google.com/webmasters/
More Info
-
WordPress.org (http://wordpress.org/)
-
WordPress Codex (http://codex.wordpress.org/Hardening_WordPress)
-
Sucuri Blog (https://sucuri.net/)
-
OWASP (https://www.owasp.org/)
- Verizon Data Breach Report (http://www.verizonenterprise.com/DBIR/)
Recap
- Why Security Matters
- Security Basics
- Is WordPress Secure?
- WordPress Security Basics
- Intermediate/Advanced WordPress Security
- What An Attack Looks Like
- Impact Of An Attack
- Cleaning Up After An Attack
- More Information
Hardening WordPress Melbourne WordPress User Meetup - June 2014 Chris Burgess @chrisburgess http://chrisburgess.com.au
