SlideShare a Scribd company logo

WCBham Beginner WordPress Security

G
Gerroald Barron

Beginner tips to secure your WordPress site.

Internet
1 of 24
Download to read offline
Beginner WordPress Security Tips to Help Secure Your WordPress Site WordCamp Birmingham, 2016 #wcbham
Gerroald Barron gerroald@ithemes.com - @gerroald https://profiles.wordpress.org/gerroald https://ithemes.com/security/ https://wordpress.org/plugins/better-wp-security/
Why Would Someone Want to Hack My Site? Twitter - @gerroald http://www.slideshare.net/GerroaldBarron
There are currently over 1 Billion websites on the web. https://sucuri.net/website-security/website-hacked-report WordPress powers about 26% of them. Twitter - @gerroald http://www.slideshare.net/GerroaldBarron
You’re likely not the target, WordPress is. Twitter - @gerroald www.slideshare.net/GerroaldBarron
It’s not about if you get attacked, but rather how to prevent it from being successful. Twitter - @gerroald www.slideshare.net/GerroaldBarron
If you know your passwords, they’re likely too weak. Strong Passwords
Password Managers https://www.dashlane.com/passwordmanager https://1password.com/ https://lastpass.com/ Twitter - @gerroald www.slideshare.net/GerroaldBarron
Two-Factor Authentication Two-Factor Authentication is not a mere nuisance, it’s Real Security. Twitter - @gerroald www.slideshare.net/GerroaldBarron
Two Factor Plugins WordPress Two-Factor Plugins https://ithemes.com/security/ Twitter - @gerroald www.slideshare.net/GerroaldBarron
Two-Factor Mobile Apps Google Authenticator Android Authy for iOS and Android Google Authenticator iOS Twitter - @gerroald www.slideshare.net/GerroaldBarron
Changing the Salts Salted Keys further protect your login credentials stored in your cookies. https://api.wordpress.org/secret-key/1.1/salt/ *tutorial*
Plugins to Change Your Salts https://wordpress.org/plugins/better-wp-security/ https://wordpress.org/plugins/wp-config-file-editor/ Twitter - @gerroald www.slideshare.net/GerroaldBarron
Secure File Permissions How secure is your site if anyone can view or write to your server files? It’s not. Secure file permissions are a must. Twitter - @gerroald www.slideshare.net/GerroaldBarron
Using sFTP Encryption vs FTP The SFTP and FTP protocols both transfer data, that’s where their similarities end.
FTP stands for File Transfer Protocol sFTP stands for (SSH) File Transfer Protocol FTP transfers data between two remote connections, in plain text. sFTP ensures that data is securely transferred privately with use of the SSH2 protocol. Twitter - @gerroald www.slideshare.net/GerroaldBarron
SSL (Secure Sockets Layer) What is it? Why should I use it? Twitter - @gerroald www.slideshare.net/GerroaldBarron
SSL creates an encrypted connection between your web server and your visitors' web browser. Twitter - @gerroald www.slideshare.net/GerroaldBarron
HTTP stands for Hyper Text Protocol HTTPS stands for Hyper Text Protocol Secure When using HTTP to transfer information it’s relatively easy for a knowledgable person to intercept, and view it. When using HTTPS if anyone is able to intercept it, they still won’t be able to decipher it because it’s encrypted. SSL Secure Socket Layers is the security during the transfer while using HTTPS. Twitter - @gerroald www.slideshare.net/GerroaldBarron
Free SSL Certificates https://letsencrypt.org/ https://ssl.comodo.com/free-ssl-certificate.php Twitter - @gerroald www.slideshare.net/GerroaldBarron
Maintenance Keep WordPress Core up to date. Keep your plugins and themes up to date Regularly update your passwords Remove plugins, themes and users that aren't being used. ALWAYS have a recent backup. Twitter - @gerroald www.slideshare.net/GerroaldBarron
Summary Use a strong password with the help of a password manager Two-Factor for ALL THE THINGS Regularly change your Salts Use secure file permissions Use sFTP when ever possible Use SSL on all of your sites Please keep your site and everything on it up to date

Recommended

The Slow Death of Passwords
The Slow Death of PasswordsThe Slow Death of Passwords
The Slow Death of PasswordsForgeRock Identity Tech Talks
 
Account Fraud Situation and Prevention in Rakuten
Account Fraud Situation and Prevention in RakutenAccount Fraud Situation and Prevention in Rakuten
Account Fraud Situation and Prevention in RakutenRakuten Group, Inc.
 
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users SafeTBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users SafeTony Perez
 
Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Paris Android User Group
 
Webinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecurityWebinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecuritySucuri
 
Strong Passwords
Strong PasswordsStrong Passwords
Strong PasswordsNorth Carolina State University
 
Sucuri Webinar: Simple Steps To Secure Your Online Store
Sucuri Webinar: Simple Steps To Secure Your Online StoreSucuri Webinar: Simple Steps To Secure Your Online Store
Sucuri Webinar: Simple Steps To Secure Your Online StoreSucuri
 
Safe Browsing in 2016
Safe Browsing in 2016Safe Browsing in 2016
Safe Browsing in 2016Gabor Szathmari
 

Recommended

The Slow Death of Passwords
The Slow Death of PasswordsThe Slow Death of Passwords
The Slow Death of PasswordsForgeRock Identity Tech Talks
 
Account Fraud Situation and Prevention in Rakuten
Account Fraud Situation and Prevention in RakutenAccount Fraud Situation and Prevention in Rakuten
Account Fraud Situation and Prevention in RakutenRakuten Group, Inc.
 
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users SafeTBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users SafeTony Perez
 
Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Paris Android User Group
 
Webinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecurityWebinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecuritySucuri
 
Strong Passwords
Strong PasswordsStrong Passwords
Strong PasswordsNorth Carolina State University
 
Sucuri Webinar: Simple Steps To Secure Your Online Store
Sucuri Webinar: Simple Steps To Secure Your Online StoreSucuri Webinar: Simple Steps To Secure Your Online Store
Sucuri Webinar: Simple Steps To Secure Your Online StoreSucuri
 
Safe Browsing in 2016
Safe Browsing in 2016Safe Browsing in 2016
Safe Browsing in 2016Gabor Szathmari
 
Digitalks #15 - Sicherheit im Netz
Digitalks #15 - Sicherheit im NetzDigitalks #15 - Sicherheit im Netz
Digitalks #15 - Sicherheit im NetzMartin Leyrer
 
Hack Snapchat Account
Hack Snapchat AccountHack Snapchat Account
Hack Snapchat Accountjack ordert
 
probed
probedprobed
probedSecureBacklink1
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From HacksTony Perez
 
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri
 
Wannacry
WannacryWannacry
Wannacryemeka onuzuruike
 
Sucuri Webinar: How Websites Get Hacked
Sucuri Webinar: How Websites Get HackedSucuri Webinar: How Websites Get Hacked
Sucuri Webinar: How Websites Get HackedSucuri
 
obtain additional security
obtain additional security obtain additional security
obtain additional security snobbishmishap958
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry RansomwareZoho Corporation
 
Irm 13-phishing
Irm 13-phishingIrm 13-phishing
Irm 13-phishingKasper de Waard
 
Usable security
Usable securityUsable security
Usable securityRachel Ilan Simpson
 
Cybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allCybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allSophos Benelux
 
Ransomware - Mark Chimely
Ransomware - Mark ChimelyRansomware - Mark Chimely
Ransomware - Mark ChimelyIISPEastMids
 
Conectarse shh linux
Conectarse shh linuxConectarse shh linux
Conectarse shh linuxJames Jara
 
LTSTricks.net
LTSTricks.netLTSTricks.net
LTSTricks.netSandeep Kumar
 
obtain additional security
obtain additional security obtain additional security
obtain additional security offbeatnominee633
 
Google Penguin and Panda - Algorithm explanation
Google Penguin and Panda - Algorithm explanationGoogle Penguin and Panda - Algorithm explanation
Google Penguin and Panda - Algorithm explanationWoptimo
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityTony Perez
 
Logs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress SiteLogs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress SiteSucuri
 
Getting Started With SlideShare
Getting Started With SlideShareGetting Started With SlideShare
Getting Started With SlideShareSlideShare
 
2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShareSlideShare
 

More Related Content

What's hot

Digitalks #15 - Sicherheit im Netz
Digitalks #15 - Sicherheit im NetzDigitalks #15 - Sicherheit im Netz
Digitalks #15 - Sicherheit im NetzMartin Leyrer
 
Hack Snapchat Account
Hack Snapchat AccountHack Snapchat Account
Hack Snapchat Accountjack ordert
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From HacksTony Perez
 
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri
 
Sucuri Webinar: How Websites Get Hacked
Sucuri Webinar: How Websites Get HackedSucuri Webinar: How Websites Get Hacked
Sucuri Webinar: How Websites Get HackedSucuri
 
obtain additional security
obtain additional security obtain additional security
obtain additional security snobbishmishap958
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
 
Cybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allCybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allSophos Benelux
 
Ransomware - Mark Chimely
Ransomware - Mark ChimelyRansomware - Mark Chimely
Ransomware - Mark ChimelyIISPEastMids
 
Conectarse shh linux
Conectarse shh linuxConectarse shh linux
Conectarse shh linuxJames Jara
 
obtain additional security
obtain additional security obtain additional security
obtain additional security offbeatnominee633
 
Google Penguin and Panda - Algorithm explanation
Google Penguin and Panda - Algorithm explanationGoogle Penguin and Panda - Algorithm explanation
Google Penguin and Panda - Algorithm explanationWoptimo
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityTony Perez
 
Logs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress SiteLogs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress SiteSucuri
 

What's hot (20)

Digitalks #15 - Sicherheit im Netz
Digitalks #15 - Sicherheit im NetzDigitalks #15 - Sicherheit im Netz
Digitalks #15 - Sicherheit im Netz
 
Hack Snapchat Account
Hack Snapchat AccountHack Snapchat Account
Hack Snapchat Account
 
probed
probedprobed
probed
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From Hacks
 
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
 
Wannacry
WannacryWannacry
Wannacry
 
Sucuri Webinar: How Websites Get Hacked
Sucuri Webinar: How Websites Get HackedSucuri Webinar: How Websites Get Hacked
Sucuri Webinar: How Websites Get Hacked
 
obtain additional security
obtain additional security obtain additional security
obtain additional security
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
 
Irm 13-phishing
Irm 13-phishingIrm 13-phishing
Irm 13-phishing
 
Usable security
Usable securityUsable security
Usable security
 
Cybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allCybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after all
 
Ransomware - Mark Chimely
Ransomware - Mark ChimelyRansomware - Mark Chimely
Ransomware - Mark Chimely
 
Conectarse shh linux
Conectarse shh linuxConectarse shh linux
Conectarse shh linux
 
LTSTricks.net
LTSTricks.netLTSTricks.net
LTSTricks.net
 
obtain additional security
obtain additional security obtain additional security
obtain additional security
 
Google Penguin and Panda - Algorithm explanation
Google Penguin and Panda - Algorithm explanationGoogle Penguin and Panda - Algorithm explanation
Google Penguin and Panda - Algorithm explanation
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of Security
 
Logs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress SiteLogs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress Site
 

Viewers also liked

Getting Started With SlideShare
Getting Started With SlideShareGetting Started With SlideShare
Getting Started With SlideShareSlideShare
 
2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShareSlideShare
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-securityDigamber Pradhan
 
What to Upload to SlideShare
What to Upload to SlideShareWhat to Upload to SlideShare
What to Upload to SlideShareSlideShare
 
Wordpress Security Top 10 Protections
Wordpress Security Top 10 ProtectionsWordpress Security Top 10 Protections
Wordpress Security Top 10 ProtectionsRoshni Kumar Yambem
 
WordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionWordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionTony Perez
 
Startup - Big Data - Data Science
Startup - Big Data - Data ScienceStartup - Big Data - Data Science
Startup - Big Data - Data ScienceTeguh Nugraha
 
WordPress Security for Beginners
WordPress Security for BeginnersWordPress Security for Beginners
WordPress Security for BeginnersAdam W. Warner
 
Data integration with embulk
Data integration with embulkData integration with embulk
Data integration with embulkTeguh Nugraha
 
Savremena ekonomija azije
Savremena ekonomija azije Savremena ekonomija azije
Savremena ekonomija azije Andrea Širočka
 
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...Otto Kekäläinen
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersVladimír Smitka
 
Portafolio Electrónico
Portafolio ElectrónicoPortafolio Electrónico
Portafolio Electrónicokalvaraddo
 
Surviving a Crisis of Confidence
Surviving a Crisis of ConfidenceSurviving a Crisis of Confidence
Surviving a Crisis of ConfidenceNathan Ingram
 
WordCamp Birmingham 2016 -- Do You Really Need a 3-lb Pocket Knife?
WordCamp Birmingham 2016 -- Do You Really Need a 3-lb Pocket Knife?WordCamp Birmingham 2016 -- Do You Really Need a 3-lb Pocket Knife?
WordCamp Birmingham 2016 -- Do You Really Need a 3-lb Pocket Knife?Kate Newbill
 
Redes sociales [recuperado]
Redes sociales [recuperado]Redes sociales [recuperado]
Redes sociales [recuperado]Karol Mendez
 
Lucija Kočiš i Marina Mijatović - Indija
Lucija Kočiš i Marina Mijatović - IndijaLucija Kočiš i Marina Mijatović - Indija
Lucija Kočiš i Marina Mijatović - IndijaMoja Geografija
 
Website Pricing 101: Don’t Be a Commodity
Website Pricing 101: Don’t Be a CommodityWebsite Pricing 101: Don’t Be a Commodity
Website Pricing 101: Don’t Be a CommodityGeoff Myers
 

Viewers also liked (20)

Getting Started With SlideShare
Getting Started With SlideShareGetting Started With SlideShare
Getting Started With SlideShare
 
2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-security
 
What to Upload to SlideShare
What to Upload to SlideShareWhat to Upload to SlideShare
What to Upload to SlideShare
 
Wordpress Security Top 10 Protections
Wordpress Security Top 10 ProtectionsWordpress Security Top 10 Protections
Wordpress Security Top 10 Protections
 
WordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionWordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" Version
 
Startup - Big Data - Data Science
Startup - Big Data - Data ScienceStartup - Big Data - Data Science
Startup - Big Data - Data Science
 
WordPress Security for Beginners
WordPress Security for BeginnersWordPress Security for Beginners
WordPress Security for Beginners
 
Data integration with embulk
Data integration with embulkData integration with embulk
Data integration with embulk
 
Savremena ekonomija azije
Savremena ekonomija azije Savremena ekonomija azije
Savremena ekonomija azije
 
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invaders
 
Portafolio Electrónico
Portafolio ElectrónicoPortafolio Electrónico
Portafolio Electrónico
 
Surviving a Crisis of Confidence
Surviving a Crisis of ConfidenceSurviving a Crisis of Confidence
Surviving a Crisis of Confidence
 
Indija
IndijaIndija
Indija
 
Alternativa telemática en los países en desarrollo
Alternativa telemática en los países en desarrolloAlternativa telemática en los países en desarrollo
Alternativa telemática en los países en desarrollo
 
WordCamp Birmingham 2016 -- Do You Really Need a 3-lb Pocket Knife?
WordCamp Birmingham 2016 -- Do You Really Need a 3-lb Pocket Knife?WordCamp Birmingham 2016 -- Do You Really Need a 3-lb Pocket Knife?
WordCamp Birmingham 2016 -- Do You Really Need a 3-lb Pocket Knife?
 
Redes sociales [recuperado]
Redes sociales [recuperado]Redes sociales [recuperado]
Redes sociales [recuperado]
 
Lucija Kočiš i Marina Mijatović - Indija
Lucija Kočiš i Marina Mijatović - IndijaLucija Kočiš i Marina Mijatović - Indija
Lucija Kočiš i Marina Mijatović - Indija
 
Website Pricing 101: Don’t Be a Commodity
Website Pricing 101: Don’t Be a CommodityWebsite Pricing 101: Don’t Be a Commodity
Website Pricing 101: Don’t Be a Commodity
 

Similar to WCBham Beginner WordPress Security

Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and InfraLock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and InfraVMware Tanzu
 
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...Matt Raible
 
Believe It Or Not SSL Attacks
Believe It Or Not SSL AttacksBelieve It Or Not SSL Attacks
Believe It Or Not SSL AttacksAkash Mahajan
 
Word camp pune 2013 security
Word camp pune 2013 securityWord camp pune 2013 security
Word camp pune 2013 securityGaurav Singh
 
Web Browser Basics, Tips & Tricks - Draft 20 (Revised 5/18/17)
Web Browser Basics, Tips & Tricks - Draft 20 (Revised 5/18/17)Web Browser Basics, Tips & Tricks - Draft 20 (Revised 5/18/17)
Web Browser Basics, Tips & Tricks - Draft 20 (Revised 5/18/17)msz
 
Javascript Security
Javascript SecurityJavascript Security
Javascript Securityjgrahamc
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security pptCheap SSL Coupon Code
 
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Joker...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Joker...Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Joker...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Joker...Matt Raible
 
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...Matt Raible
 
Let's Encrypt! Wait. Why? How? - WC Pune
Let's Encrypt! Wait. Why? How? - WC PuneLet's Encrypt! Wait. Why? How? - WC Pune
Let's Encrypt! Wait. Why? How? - WC PuneNancy Thanki
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
Building & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsBuilding & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsSecuRing
 
Building&Hacking modern iOS apps
Building&Hacking modern iOS appsBuilding&Hacking modern iOS apps
Building&Hacking modern iOS appsSecuRing
 
jquerySF: https://<your>
jquerySF: https://<your>jquerySF: https://<your>
jquerySF: https://<your>Emily Stark
 
WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011Dre Armeda
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureBrian Ritchie
 
Security and Privacy on the Web in 2016
Security and Privacy on the Web in 2016Security and Privacy on the Web in 2016
Security and Privacy on the Web in 2016Francois Marier
 
Sinn und Unsinn von SSL
Sinn und Unsinn von SSLSinn und Unsinn von SSL
Sinn und Unsinn von SSLWalter Ebert
 
Time to Migrate to HTTPS – The Simple Way to Do It Right, And the Ways That t...
Time to Migrate to HTTPS – The Simple Way to Do It Right, And the Ways That t...Time to Migrate to HTTPS – The Simple Way to Do It Right, And the Ways That t...
Time to Migrate to HTTPS – The Simple Way to Do It Right, And the Ways That t...Click Consult (Part of Ceuta Group)
 

Similar to WCBham Beginner WordPress Security (20)

Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and InfraLock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra
 
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
 
Believe It Or Not SSL Attacks
Believe It Or Not SSL AttacksBelieve It Or Not SSL Attacks
Believe It Or Not SSL Attacks
 
Word camp pune 2013 security
Word camp pune 2013 securityWord camp pune 2013 security
Word camp pune 2013 security
 
Web Browser Basics, Tips & Tricks - Draft 20 (Revised 5/18/17)
Web Browser Basics, Tips & Tricks - Draft 20 (Revised 5/18/17)Web Browser Basics, Tips & Tricks - Draft 20 (Revised 5/18/17)
Web Browser Basics, Tips & Tricks - Draft 20 (Revised 5/18/17)
 
Javascript Security
Javascript SecurityJavascript Security
Javascript Security
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security ppt
 
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Joker...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Joker...Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Joker...
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Joker...
 
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...
 
Let's Encrypt! Wait. Why? How? - WC Pune
Let's Encrypt! Wait. Why? How? - WC PuneLet's Encrypt! Wait. Why? How? - WC Pune
Let's Encrypt! Wait. Why? How? - WC Pune
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
Breaking ssl
Breaking sslBreaking ssl
Breaking ssl
 
Building & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsBuilding & Hacking Modern iOS Apps
Building & Hacking Modern iOS Apps
 
Building&Hacking modern iOS apps
Building&Hacking modern iOS appsBuilding&Hacking modern iOS apps
Building&Hacking modern iOS apps
 
jquerySF: https://<your>
jquerySF: https://<your>jquerySF: https://<your>
jquerySF: https://<your>
 
WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & Secure
 
Security and Privacy on the Web in 2016
Security and Privacy on the Web in 2016Security and Privacy on the Web in 2016
Security and Privacy on the Web in 2016
 
Sinn und Unsinn von SSL
Sinn und Unsinn von SSLSinn und Unsinn von SSL
Sinn und Unsinn von SSL
 
Time to Migrate to HTTPS – The Simple Way to Do It Right, And the Ways That t...
Time to Migrate to HTTPS – The Simple Way to Do It Right, And the Ways That t...Time to Migrate to HTTPS – The Simple Way to Do It Right, And the Ways That t...
Time to Migrate to HTTPS – The Simple Way to Do It Right, And the Ways That t...
 

Recently uploaded

定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 

Recently uploaded (20)

young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 

WCBham Beginner WordPress Security

  • 1. Beginner WordPress Security Tips to Help Secure Your WordPress Site WordCamp Birmingham, 2016 #wcbham
  • 2. Gerroald Barron gerroald@ithemes.com - @gerroald https://profiles.wordpress.org/gerroald https://ithemes.com/security/ https://wordpress.org/plugins/better-wp-security/
  • 3. Why Would Someone Want to Hack My Site? Twitter - @gerroald http://www.slideshare.net/GerroaldBarron
  • 4. There are currently over 1 Billion websites on the web. https://sucuri.net/website-security/website-hacked-report WordPress powers about 26% of them. Twitter - @gerroald http://www.slideshare.net/GerroaldBarron
  • 5. You’re likely not the target, WordPress is. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  • 6.
  • 7. It’s not about if you get attacked, but rather how to prevent it from being successful. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  • 8. If you know your passwords, they’re likely too weak. Strong Passwords
  • 10. Two-Factor Authentication Two-Factor Authentication is not a mere nuisance, it’s Real Security. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  • 11. Two Factor Plugins WordPress Two-Factor Plugins https://ithemes.com/security/ Twitter - @gerroald www.slideshare.net/GerroaldBarron
  • 12. Two-Factor Mobile Apps Google Authenticator Android Authy for iOS and Android Google Authenticator iOS Twitter - @gerroald www.slideshare.net/GerroaldBarron
  • 13. Changing the Salts Salted Keys further protect your login credentials stored in your cookies. https://api.wordpress.org/secret-key/1.1/salt/ *tutorial*
  • 14. Plugins to Change Your Salts https://wordpress.org/plugins/better-wp-security/ https://wordpress.org/plugins/wp-config-file-editor/ Twitter - @gerroald www.slideshare.net/GerroaldBarron
  • 15. Secure File Permissions How secure is your site if anyone can view or write to your server files? It’s not. Secure file permissions are a must. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  • 16. Using sFTP Encryption vs FTP The SFTP and FTP protocols both transfer data, that’s where their similarities end.
  • 17. FTP stands for File Transfer Protocol sFTP stands for (SSH) File Transfer Protocol FTP transfers data between two remote connections, in plain text. sFTP ensures that data is securely transferred privately with use of the SSH2 protocol. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  • 18. SSL (Secure Sockets Layer) What is it? Why should I use it? Twitter - @gerroald www.slideshare.net/GerroaldBarron
  • 19. SSL creates an encrypted connection between your web server and your visitors' web browser. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  • 20. HTTP stands for Hyper Text Protocol HTTPS stands for Hyper Text Protocol Secure When using HTTP to transfer information it’s relatively easy for a knowledgable person to intercept, and view it. When using HTTPS if anyone is able to intercept it, they still won’t be able to decipher it because it’s encrypted. SSL Secure Socket Layers is the security during the transfer while using HTTPS. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  • 22.
  • 23. Maintenance Keep WordPress Core up to date. Keep your plugins and themes up to date Regularly update your passwords Remove plugins, themes and users that aren't being used. ALWAYS have a recent backup. Twitter - @gerroald www.slideshare.net/GerroaldBarron
  • 24. Summary Use a strong password with the help of a password manager Two-Factor for ALL THE THINGS Regularly change your Salts Use secure file permissions Use sFTP when ever possible Use SSL on all of your sites Please keep your site and everything on it up to date