WordPress Security 2014

June 28, 2014

Here’s my notes from my joint presentationI with Dylan Kuhn on WordPresss security “Honey It’s Always About Security” to the Reno WordPress Meet-up Group on Thursday the 13th 2014 at the Reno Collective enjoy.

Backup:

Is A Key Part of WordPress Security:

Here’s good post on backup choices for WordPress However, personally I would highly recommend UpdraftPlus 5 stars!

BackWPup: 

Requires: 3.4 or higher
Compatible up to: 3.8.1
Last Updated: 2013-12-23
Downloads: 1,108,699

UpdraftPlus:

Requires: 3.2 or higher
Compatible up to: 3.8.1
Last Updated: 2014-2-7
Downloads: 610,538

BackupBuddy:

VaultPress: 

Passwords:

A Horse A Horse A Kingdom For A Bloody Good Password.

Having strong passwords on all your WordPress accounts is always very important here a post/video”WordPress Security Essentials” that gives some good advice.

Strong Passwords:

Force Strong Passwords:

Bulk Password Reset:

Keeping WordPress Up to Date:

Keeping WordPress Up to Date: If you want to keep your site secure and safe you must keep the core files of WordPress up to date, plus all your themes and plugin.

Core Files

Plugins

Themes

WP Updates Notifier:

WordPress Key Roles:

Roles:

Administrator:

Editor:

Author:

Contributor:

Subscriber:

https://www.bobwp.com/user-roles-who-can-do/

Be Careful:

On What Plugins and Themes You Use:

Cleaning Things

Up: It’s All About Good WordPress House Keeping

Remove these files

wp-config-sample.php

readme.html

license.txt

Hardening

Hardening your WordPress powered website is important i.e. moving your WordPress site’s wp-config.php  is a great method of making your live WordPress website more

secure. Here’s post that explains this in more detail.
1) Protecting your wp-config.php

A) Restricting access via .htaccess

B) Restricting access via file permissions

2) Secret Keys: https://api.wordpress.org/secret-key/1.1/salt

3) Using your own database prefixes:  $table_prefix = ‘wp’; TO wp_s3CUr3_

4) Don’t us “Admin” as your username on a live website

5) Permissions (recommended CHMOD setting?)

6) Stopping Directory Views (Options -indexes)

7) Removing version numbers & letters

Popular WordPress Security Plugins:

Here’s a list of some of the most popular security plugins that can help make your site more secure.
Akismet:     https://wordpress.org/plugins/akismet/

Login Lock:  https://wordpress.org/plugins/search.php?q=Login+Lock&sort=

Limit Login Attempts:  https://wordpress.org/plugins/limit-login-attempts/

ThreeWP Activity Monitor: https://wordpress.org/plugins/threewp-activity-monitor/

Exploit code: https://wordpress.org/plugins/exploit-scanner/

Summary:

WordPress security is like insurance which you only understand it’s true value when something goes wrong. Unfortunately this “wrong” normally happens at the the precise moment maximum inconvenience!

 

 

WordPress Security 2014 was last modified: by