Here’s my notes from my joint presentationI with Dylan Kuhn on WordPresss security “Honey It’s Always About Security” to the Reno WordPress Meet-up Group on Thursday the 13th 2014 at the Reno Collective enjoy.
Backup:
Is A Key Part of WordPress Security:
Here’s good post on backup choices for WordPress However, personally I would highly recommend UpdraftPlus 5 stars!
Requires: 3.4 or higher
Compatible up to: 3.8.1
Last Updated: 2013-12-23
Downloads: 1,108,699
Requires: 3.2 or higher
Compatible up to: 3.8.1
Last Updated: 2014-2-7
Downloads: 610,538
Passwords:
A Horse A Horse A Kingdom For A Bloody Good Password.
Having strong passwords on all your WordPress accounts is always very important here a post/video”WordPress Security Essentials” that gives some good advice.
Strong Passwords:
Keeping WordPress Up to Date:
Keeping WordPress Up to Date: If you want to keep your site secure and safe you must keep the core files of WordPress up to date, plus all your themes and plugin.
Core Files
Plugins
Themes
WordPress Key Roles:
Roles:
Administrator:
Editor:
Author:
Contributor:
Subscriber:
https://www.bobwp.com/user-roles-who-can-do/
Be Careful:
On What Plugins and Themes You Use:
Cleaning Things
Up: It’s All About Good WordPress House Keeping
Remove these files
wp-config-sample.php
readme.html
license.txt
Hardening
Hardening your WordPress powered website is important i.e. moving your WordPress site’s wp-config.php is a great method of making your live WordPress website more
secure. Here’s post that explains this in more detail.
1) Protecting your wp-config.php
A) Restricting access via .htaccess
B) Restricting access via file permissions
2) Secret Keys: https://api.wordpress.org/secret-key/1.1/salt
3) Using your own database prefixes: $table_prefix = ‘wp’; TO wp_s3CUr3_
4) Don’t us “Admin” as your username on a live website
5) Permissions (recommended CHMOD setting?)
6) Stopping Directory Views (Options -indexes)
7) Removing version numbers & letters
Popular WordPress Security Plugins:
Here’s a list of some of the most popular security plugins that can help make your site more secure.
Akismet: https://wordpress.org/plugins/akismet/
Login Lock: https://wordpress.org/plugins/search.php?q=Login+Lock&sort=
Limit Login Attempts: https://wordpress.org/plugins/limit-login-attempts/
ThreeWP Activity Monitor: https://wordpress.org/plugins/threewp-activity-monitor/
Exploit code: https://wordpress.org/plugins/exploit-scanner/
Summary:
WordPress security is like insurance which you only understand it’s true value when something goes wrong. Unfortunately this “wrong” normally happens at the the precise moment maximum inconvenience!