Hardening WordPress
Melbourne WordPress User Meetup - June 2014
Chris Burgess
@chrisburgess
@chrisburgess
What We'll Cover
- Why Security Matters
- Security Basics
- Is WordPress Secure?
- WordPress Security Basics
- Intermediate/Advanced WordPress Security
- What An Attack Looks Like
- Impact Of An Attack
- Cleaning Up After An Attack
- More Information
- Recap
Why Security Matters
http://www.verizonenterprise.com/DBIR/2014/
Security Basics
Defense In Depth
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476268/Defense_in_Depth_Layers.jpg)
http://i.technet.microsoft.com/dynimg/IC78017.jpg
As many layers as possible...
Is WordPress Secure?
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476247/elephant-in-the-room.jpg)
Some of the companies that use WordPress
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476277/Screen_Shot_2014-06-18_at_3.49.11_pm.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476278/Screen_Shot_2014-06-18_at_3.49.22_pm.png)
Do your own research...
"...especially in the US, people realise how secure WordPress is, it's not a conversation anymore..."
Matt Mullenweg - Melbourne WordPress Meetup June 2014
WordPress Security Basics
- Strong passwords
- Don't use admin (1-click Installs?)
- Don't use defaults
- Use a "Display Name"
- Keep WordPress updated
- Use quality Plugins and Themes
- Keep your Plugins and Themes updated
- Make regular backups
-
Use security Plugins/Services
- Keep in the loop!
Password Managers
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476323/LastPassLogo.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476332/1password.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476335/Screen_Shot_2014-06-18_at_4.39.04_pm.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476342/Screen_Shot_2014-06-18_at_4.40.18_pm.png)
Backups
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476432/Backup.gif)
Image: http://regretless.com/
Sucuri
https://sucuri.net/
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476287/Screen_Shot_2014-06-18_at_3.57.12_pm.png)
iThemes Security Pro
http://ithemes.com/security/
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476291/Screen_Shot_2014-06-18_at_4.03.46_pm.png)
Wordfence
http://www.wordfence.com/
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476299/Screen_Shot_2014-06-18_at_4.08.42_pm.png)
Bulletproof Security
https://wordpress.org/plugins/bulletproof-security/
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476304/Screen_Shot_2014-06-18_at_4.15.31_pm.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476414/wordpress-logo-2x.png)
Intermediate/Advanced WordPress Security
Overview
- Harden Server
- Harden WordPress Installation
- Solid Dev Processes
- Solid User Processes
- User Awareness Training
- Use 3rd Party Services
-
Monitor
What An Attack Looks Like
What An Attack Looks Like
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476497/phishing-scam-example.gif)
http://www.justtext.com/credit-card-fraud/pay-pal-scam/fraud-scam-website/phishing-website.html
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476492/Screen_Shot_2014-06-18_at_1.30.33_pm.png)
Impact Of An Attack
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476449/Screen_Shot_2014-03-21_at_4.09.29_pm.png)
Cleaning Up After An Attack
Go to your backups...
Google Webmaster Tools
https://www.google.com/webmasters/
![](https://s3.amazonaws.com/media-p.slid.es/uploads/chrisburgess/images/476322/Screen_Shot_2014-06-18_at_4.28.16_pm.png)
More Info
-
WordPress.org (http://wordpress.org/)
- WordPress Codex (http://codex.wordpress.org/Hardening_WordPress)
- Sucuri Blog (https://sucuri.net/)
-
OWASP (https://www.owasp.org/)
- Verizon Data Breach Report (http://www.verizonenterprise.com/DBIR/)
Recap
- Why Security Matters
- Security Basics
- Is WordPress Secure?
- WordPress Security Basics
- Intermediate/Advanced WordPress Security
- What An Attack Looks Like
- Impact Of An Attack
- Cleaning Up After An Attack
- More Information
Thanks/Questions
wordpress-security
By Chris Burgess
wordpress-security
- 4,406