introduction to backups and security
TRANSCRIPT
Suzette Franck #wclax @suzette_franck
Introduction to backups and security
1
by Suzette Franck September 5, 2012
Suzette Franck #wclax @suzette_franck
twitter: @suzette_franck
2
Front-end Developerat WebDevStudios
Suzette Franck #wclax @suzette_franck
what we will cover1. top vulnerabilities and risks2. prevention3. getting hacked4. backups5. resources
3
Suzette Franck #wclax @suzette_franck
Top vulnerabilities1. Virus-free computer2. Weak or compromised passwords3. Outdated server software4. Unreliable hosting5. Plugin or theme (bad or malicious
coding)
4
Suzette Franck #wclax @suzette_franck
why do hackers hack?1. gain your server’s resources2. something malicious or spammy3. promote propoganda4. make money5. spread viruses6. because they can7. yes, big or small, everyone is a target
5
Suzette Franck #wclax @suzette_franck
Am i at risk? yes!1. use internet2. have passwords3. own a website
6
Suzette Franck #wclax @suzette_franck
steps to reduce risks?1. prevention is the best medicine2. best password practices3. get good hosting4. know your plugin and theme sources5. keep software updated
7
Suzette Franck #wclax @suzette_franck
password management!
1. complicated passwords2. don’t use FTP, use SFTP or SSH3. different passwords for everything4. use a password manager (Lastpass)5. practice least privilege6. access only what is needed and when7. remove old accounts
8
Suzette Franck #wclax @suzette_franck
password creation!
1. never use “password”2. don’t use pet or children’s names3. uppercase letters, lowercase letters,
numbers, special characters4. longer is better than shorter5. use password managers to create and
store new passwords
9
Suzette Franck #wclax @suzette_franck
choosing hosting!1. use a reputable web hosting company2. should offer SFTP or SSH access3. pay now for good hosting or pay later for bad
hosting4. shared hosting or VPS?5. keep server software PHP & MySQL up-to-
date (you or host)6. do they have emergency backups? Fees?
10
Suzette Franck #wclax @suzette_franck
wordpress hosting
11
Suzette Franck #wclax @suzette_franck
wordpress application!
1. update WordPress (1. vs .1 releases)2. don’t login with admin, create new
account3. each user should have their own account4. use the user roles - admin, editor5. always practice least privilege6. remove unused accounts
12
Suzette Franck #wclax @suzette_franck
wordpress application!1. limit login attempts plugin2. file and folder permissions
1. files: 644 read write execute2. folders: 7553. don’t use: 777
3. move wp-config.php up a directory (not multisite)4. wp-config.php:
define(‘FORCE_SSL_LOGIN’, true);5. define(‘FORCE_SSL_ADMIN’, true);6. wp-config.php add secret keys
13
Suzette Franck #wclax @suzette_franck
plugin and theme safety!
1. know your sources (WordPress.org) 2. backup, then update plugins and
themes3. test on a local or development server4. delete inactive plugins and themes5. use as few plugins as it takes to get the
job done
14
Suzette Franck #wclax @suzette_franck
You’ve been hacked!
1. reduce reinfection: clean up, restore, or take down site ASAP
2. don’t get google blacklisted3. hire experts, like Sucuri4. restore site from recent backup5. does your host offer emergency backups?6. time matters!
15
Suzette Franck #wclax @suzette_franck
backups!
1. hacked sites may be cleaned, but…2. usually can not undo damage done3. updates to software may break sites4. maintaining backups is essential5. set up an automatic schedule6. know how to do a manual backup7. backup files as well as database
16
Suzette Franck #wclax @suzette_franck
manual database backup
17
!
1. login to PHPMyAdmin2. export to .sql using default settings
or
3. install “WP Migrate DB” plugin4. configure and run plugin
Suzette Franck #wclax @suzette_franck
using phpmyadmin
18
Suzette Franck #wclax @suzette_franck
Using wp migrate db
19
!
1. install and configure WP Migrate DB by Delicious Brains
Suzette Franck #wclax @suzette_franck
manual database backup
20
!
1. uncheck compress with .gzip & copy
Suzette Franck #wclax @suzette_franck
backup your files, too!
21
!
1. Filezilla or other SFTP client
Suzette Franck #wclax @suzette_franck
automatic backups
22
Suzette Franck #wclax @suzette_franck
backup essentials
23
1. backup files and db before updates! 2. don’t store backups on your server3. schedule backups based on how much
information you’re willing to lose4. test backups periodically5. keep backups accessible for emergencies6. http://codex.wordpress.org/
WordPress_Backups
Suzette Franck #wclax @suzette_franck
resources1. http://blog.sucuri.net/2. WordPress.tv WordCamp Sessions:
1. Dre Armeda2. Brad Williams3. Tony Perez
3. Google (recent articles)4. “Locking Down WordPress” (Code Poet)
24
Suzette Franck #wclax @suzette_franck
questions?
25
follow me on twitter: @suzette_franck