wp adelaide - wordpress security (2012-03-27)
DESCRIPTION
A brief talk about WP security, presented by me (Evo). Likely topics include Preventing most of the hacking attempts, htaccess, File and Directories permissions, remotely monitoring WP installations and some harmfull plugins.TRANSCRIPT
![Page 1: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/1.jpg)
WORDPRESS SECURITY
![Page 2: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/2.jpg)
CORE AND PLUGINS
![Page 3: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/3.jpg)
CORE AND PLUGINS
• Always update the core (test first)
![Page 4: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/4.jpg)
CORE AND PLUGINS
• Always update the core (test first)
• If possible, update all plugins
![Page 5: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/5.jpg)
CORE AND PLUGINS
• Always update the core (test first)
• If possible, update all plugins
•Monitor website update status (wpremote.com)
![Page 6: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/6.jpg)
FILE PERMISSIONS
![Page 7: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/7.jpg)
FILE PERMISSIONS
• SSH, FTP or a Control Panel’s File Manager?
![Page 8: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/8.jpg)
FILE PERMISSIONS
• SSH, FTP or a Control Panel’s File Manager?
• Folders – 0755, files – 0644
![Page 9: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/9.jpg)
FILE PERMISSIONS
• SSH, FTP or a Control Panel’s File Manager?
• Folders – 0755, files – 0644
• Be careful with plugins setting directly permissions
![Page 10: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/10.jpg)
FILE PERMISSIONS
• SSH, FTP or a Control Panel’s File Manager?
• Folders – 0755, files – 0644
• Be careful with plugins setting directly permissions
• Safe WP uploads (WP Filesystem API)
![Page 11: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/11.jpg)
FILE PERMISSIONS
• SSH, FTP or a Control Panel’s File Manager?
• Folders – 0755, files – 0644
• Be careful with plugins setting directly permissions
• Safe WP uploads (WP Filesystem API)
![Page 12: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/12.jpg)
FILE PERMISSIONS
• SSH, FTP or a Control Panel’s File Manager?
• Folders – 0755, files – 0644
• Be careful with plugins setting directly permissions
• Safe WP uploads (WP Filesystem API)
![Page 13: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/13.jpg)
.HTACCESS
![Page 14: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/14.jpg)
.HTACCESS
• Perishable Press (http://perishablepress.com/5g-blacklist-2012/)
![Page 15: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/15.jpg)
.HTACCESS
• Perishable Press (http://perishablepress.com/5g-blacklist-2012/)
•HTML5 Boilerplate (http://html5boilerplate.com/)
![Page 16: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/16.jpg)
.HTACCESS
• Perishable Press (http://perishablepress.com/5g-blacklist-2012/)
•HTML5 Boilerplate (http://html5boilerplate.com/)
• Custom .htaccess (advanced)
![Page 17: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/17.jpg)
.HTACCESS
• Perishable Press (http://perishablepress.com/5g-blacklist-2012/)
•HTML5 Boilerplate (http://html5boilerplate.com/)
• Custom .htaccess (advanced)
• Check logs (advanced)
![Page 18: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/18.jpg)
HARMFUL PLUGINS
![Page 19: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/19.jpg)
HARMFUL PLUGINS
• Be very cautious of plugins that upload files (even images) and bypassing WP’s Filesystem API
![Page 20: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/20.jpg)
HARMFUL PLUGINS
• Be very cautious of plugins that upload files (even images) and bypassing WP’s Filesystem API
•One that does bypass it is Wordpress Download Monitor (by Mike Jolley)
![Page 21: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/21.jpg)
OTHER THINGS TO KEEP IN MIND
![Page 22: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/22.jpg)
OTHER THINGS TO KEEP IN MIND
• 24h monitoring site live status (http://uptimerobot.com/)
![Page 23: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/23.jpg)
OTHER THINGS TO KEEP IN MIND
• 24h monitoring site live status (http://uptimerobot.com/)
• Keep file and DB backups
![Page 24: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/24.jpg)
OTHER THINGS TO KEEP IN MIND
• 24h monitoring site live status (http://uptimerobot.com/)
• Keep file and DB backups
•Make sure your passwords to the DB and WP are safe:
![Page 25: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/25.jpg)
OTHER THINGS TO KEEP IN MIND
• 24h monitoring site live status (http://uptimerobot.com/)
• Keep file and DB backups
•Make sure your passwords to the DB and WP are safe:
• Capitals and lowercase letters, Numbers and Symbols
![Page 26: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/26.jpg)
OTHER THINGS TO KEEP IN MIND
• 24h monitoring site live status (http://uptimerobot.com/)
• Keep file and DB backups
•Make sure your passwords to the DB and WP are safe:
• Capitals and lowercase letters, Numbers and Symbols
• At least eight characters long
![Page 27: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/27.jpg)
OTHER THINGS TO KEEP IN MIND
• 24h monitoring site live status (http://uptimerobot.com/)
• Keep file and DB backups
•Make sure your passwords to the DB and WP are safe:
• Capitals and lowercase letters, Numbers and Symbols
• At least eight characters long
• If possible don’t use words that are found in the dictionary
![Page 28: WP Adelaide - Wordpress Security (2012-03-27)](https://reader033.vdocuments.us/reader033/viewer/2022061203/547e3352b379596a2b8b541d/html5/thumbnails/28.jpg)
Q?