wordpress security tips by wooninjas - wordpress development services
TRANSCRIPT
WordPress Security Tips
WooNinjas - WordPress Development Services
Is Your Web-site Secure?
WooNinjas - WordPress Development Services
If A Hacker Gains Access To Your Web-Site (CMS), What Can They Really do?
WooNinjas - WordPress Development Services
Anything They Want :-O
WooNinjas - WordPress Development Services
What Inspires A Hacker?
WooNinjas - WordPress Development Services
To spy on friends, family members or even business rivals
For thrill and excitement
Intellectual challenge
Money – a main motivator
To steal services and/or valuable files
WooNinjas - WordPress Development Services
Causes Of Being Hacked?
WooNinjas - WordPress Development Services
Vulnerable Plugins And Themes
Brute Force On Administration
Password And Cookie Tapping
“Neighbour“ SitesOn Shared Hosting
Indirect Ways– Phishing, Malware (Keylogger, Saved FTP Password)
Vulnerabilities In WP Core
WooNinjas - WordPress Development Services
WooNinjas - WordPress Development Services
WooNinjas - WordPress Development Services
How You Can Eradicate That?
WooNinjas - WordPress Development Services
WooNinjas - WordPress Development Services
Use Strong Username And Password
• Recommended to change the Username ‘Admin’ to something Different
• Use Password Generator to create Strong Passwords
WooNinjas - WordPress Development Services
Use Recommended Plugins
Use Renowned Plugins such as Woo-Commerce, Yoast SEO etc.
WooNinjas - WordPress Development Services
Update Update Update!Keep your WordPress Core, Plugins and Themes Up-To-Date for better performance, higher security protocols and bug fixes.
WooNinjas - WordPress Development Services
Disable File Edits
Disable file edit access else the Hacker can harm your site in various kind of ways with the help of
“Define ( ‘DISALLOW_FILE_EDIT’, true );”
WooNinjas - WordPress Development Services
Shared HostingWhile using a Shared Hosting, Hackers got a huge chance to easily hack your site.To abolish that risk, Ask your Hosting provider for safety measures to encounter this issue.
WooNinjas - WordPress Development Services
Move The Wp-config.Php FileWordPress added the ability to move the wp-config.php
file one directory above your WordPress root file
If WordPress is located here:
public_html/wordpress/wp-config.phpYou can move your wp-config.php file to here:
public_html/wp-config.php
WordPress automatically checks the parent directory if a wp-config.php file is not found in your root directory
This makes it nearly impossible for anyone to access your wp-config.php file as it now resides outside of your website’s root directory
WooNinjas - WordPress Development Services
Use Strong Encryption Avoid plain text protocols
Everyone should use SSL (and make sure it’s configured correctly)
WooNinjas - WordPress Development Services
Backup Backup!Backup your: Database Uploaded media (wp-content/uploads) Custom themes and plugins Wp-config.Php Keep a list of your installed third-party plugins
WooNinjas - WordPress Development Services
Last But Certainly Not Least Use Trusted source for themes and plugins.
Know your admins, limit codes of accounts (WP, FTP Hosting) Etc.
Use multiple tools and tactics to protect your site.’
Be careful of bad certificates.
Don‘t believe everything that comes by mail.
WooNinjas - WordPress Development Services
THANKYOU
WooNinjas - WordPress Development Services