WP Site ManagementKeeping your Creation Happy, Healthy,

and Secure

Meagan Hanes @mhanes

WordCamp Hamilton 2016

A Bit About Me

Freelance designer & developer 15+ years

10+ years creating WP sites of all sizes & styles

TheWPCrowd Member

#training teammake.wordpress.org/training

Favourite colour:Rainbow!

Say Hi to my Friend Roy:http://hiroy.club

What is Web Security?

What is Web Security?Protecting your website from malicious threats

Bots, Hackers

Ex-employees

Competing Businesses

Reducing vectors of attack

Plugins and themes

Weak passwords

Unused user accounts

Reducing the risk of an attack

Backups & Security

Why does web security matter?

$$$

Why does web security matter?

Protect your investment

Websites aren’t cheap or easy to build - why risk losing that investment?

Reduce your stress levels, sleep well at night

Web Security = insurance policy for your website

Make your web employees happy

As much as developers love money, they don’t like fixing hacked sites!

Access

Who has access? How do they access the server? Where do they access it from?

Backups

How often are backups made? What’s involved in restoring a backup? Whose job is it?

Check for Updates

What kind of updates? How do I update my site with no risk of it breaking?

ABCs of Website Security

Who has access to your site?What level of access do they need?How do they access your site?

Current Users

Modify their User Role based on what level of access they need1

Encourage server connections with SFTP or SSH vs FTP

Old Users

Delete from Users section of WordPress

* Check Server-level Access As Well! *

1. https://codex.wordpress.org/Roles_and_Capabilities

Access

Dolphin12 is not a password, it’s a Hotmail account.

Not easily guessable- No birth years

Never write it down- LastPass, KeyPass

Never reuse a password

Weird mind tricks work!

Password Reset Links are your friends!

Strong Passwords

When was your last website backup made?Where is that backup?How do you restore your site from a backup?

Manually1

Copy WordPress file directory, export the database, store on a third party server

Automagically2

Via a plugin: UpdraftPlus, BackupBuddy, WP-DB Backup, etc

Via a centralized hub: ManageWP, InfiniteWP

* Test your Backup Restore Routine Tomorrow! *

1. https://codex.wordpress.org/WordPress_Backups

2. http://www.wpbeginner.com/plugins/7-best-wordpress-backup-plugins-compared-pros-and-cons/

Backups

What version of WordPress are you using?What plugins do you have installed and activated on your site? What theme are you using? What themes do you have installed but not active?

Core Updates

Point updates are done automatically (4.5.1 to 4.5.2) -> security patches, etcMajor updates are done manually (4.3 to 4.5) -> get on the most recent version for :)

Plugins and Themes

If you don’t need them, delete them! -> fewer attack vectorsIf they’re old, update them! -> missing features & compatibility with themes/pluginsIf they’ve been modified, get a developer to help!

* Set Up A Staging Server for Maximum Win! *

Check for Updates

Who’s tried logging in to your site, from where, and when?Does your site have any suspicious code? When were site files last modified?

Security Plugins for WordPress

iThemes Security WordFence Sucuri AllInOne WP Security

Limit user login attempts (# of times), geolocation, time of access, IP address

Detect if/when files are changed

Two-factor authentication

Forcing secure passwords

.htaccess monitoring

Blacklists, firewalls, etc

… and more!

* Peace of mind comes at a cost - budget accordingly! *

BONUS: Security Plugins

Question Time!

Meagan Hanes @mhanes

WordCamp Hamilton 2016