Here are my slides from the WordPress Sydney Central meetup on WordPress Security Best Practices.
There are so many easy things that you can do to pimp your security and help avoid being one of those victims who has to foot the bill to get their site cleaned up again.
It was a mammoth session and took about 1 hour and 30 minutes to cover with plenty of others chipping in with their experiences and asking questions.
Thanks, guys – that’s what the open-source community is all about!
- Sun Tzu – The Art of War
- The Ultimate Secure Site
- Social Engineering
- Usernames & Passwords
- Unix File Permissions
- WordPress Folder and File Permissions
- WordPress Configuration Files & Securing Them
- Server Malware & Services To Clean Them
- Updating WordPress (even for a large number of sites)
- Automatic WordPress Updates
- Why You Shouldn’t Use Free Themes & Plugins (torrents especially)
- How To Check For Malware In Themes & Plugins
- The Evil TimbThumb Script
- SSL Certificates, Secure WordPress Logins & Dashboard
- Software Firewalls
- Limit Login Attempts (stop brute force attacks)
- WordPress Backups (free & paid)
- Security For The Paranoid
- Two Factor WordPress Authentication (Google Authenticator)
- Biometric WordPress Authentication (VoxedIn)
- Moving The WordPress wp-content Folder
- Protecting wp-config.php
- SQL/Script Injection Protection
- Prevent Directory Browsing
- Secure The WordPress wp-admin Folder
- Disable The WordPress Dashboard Theme & Plugin Editors
- Change The WordPress Default Database Table Prefix
- Be “Big Brother” – WordPress Security Audit Logs
- Change wp-login.php
- Change wp-admin Folder
- Dos & DDoS Attacks
Conversations continued in the pub afterwards.
Zero Point Development helps organise WordPress meetups in Sydney. Come along for a chat at the next one.