Hardening WordPress

Melbourne WordPress User Meetup - June 2014
Chris Burgess
@chrisburgess


What We'll Cover

  • Why Security Matters
  • Security Basics
  • Is WordPress Secure?
  • WordPress Security Basics
  • Intermediate/Advanced WordPress Security
  • What An Attack Looks Like
  • Impact Of An Attack
  • Cleaning Up After An Attack
  • More Information
  • Recap

Why Security Matters



http://www.verizonenterprise.com/DBIR/2014/

Security Basics


Defense In Depth


http://i.technet.microsoft.com/dynimg/IC78017.jpg

As many layers as possible...

Is WordPress Secure?

Some of the companies that use WordPress






Do your own research...



"...especially in the US, people realise how secure WordPress is, it's not a conversation anymore..."

Matt Mullenweg - Melbourne WordPress Meetup June 2014

WordPress Security Basics

  • Strong passwords
  • Don't use admin (1-click Installs?)
  • Don't use defaults
  • Use a "Display Name"
  • Keep WordPress updated
  • Use quality Plugins and Themes
  • Keep your Plugins and Themes updated
  • Make regular backups
  • Use security Plugins/Services
  • Keep in the loop!


Password Managers






Backups

Image: http://regretless.com/

Sucuri

https://sucuri.net/


iThemes Security Pro

http://ithemes.com/security/


Wordfence

http://www.wordfence.com/


Bulletproof Security

 https://wordpress.org/plugins/bulletproof-security/





Intermediate/Advanced WordPress Security

Overview

  • Harden Server
  • Harden WordPress Installation
  • Solid Dev Processes
  • Solid User Processes
  • User Awareness Training
  • Use 3rd Party Services
  • Monitor

What An Attack Looks Like

What An Attack Looks Like

http://www.justtext.com/credit-card-fraud/pay-pal-scam/fraud-scam-website/phishing-website.html




Impact Of An Attack

Cleaning Up After An Attack

Go to your backups...

Google Webmaster Tools

https://www.google.com/webmasters/


More Info

  • WordPress.org (http://wordpress.org/)
  • WordPress Codex (http://codex.wordpress.org/Hardening_WordPress)
  • Sucuri Blog (https://sucuri.net/)
  • OWASP (https://www.owasp.org/)
  • Verizon Data Breach Report (http://www.verizonenterprise.com/DBIR/)

Recap

  • Why Security Matters
  • Security Basics
  • Is WordPress Secure?
  • WordPress Security Basics
  • Intermediate/Advanced WordPress Security
  • What An Attack Looks Like
  • Impact Of An Attack
  • Cleaning Up After An Attack
  • More Information


Thanks/Questions

wordpress-security

By Chris Burgess