WordPress Security Best Practices

Here are my slides from last nights WordPress Sydney Central meetup on WordPress Security Best Practices.

Also check out our WordPress Security Infographic.

I’ve been wanting to cover the topic of WordPress security ever since the automated bot attack against WordPress sites back in April/May 2013.

There are so many easy things that you can do to pimp your security and help avoid being one of those victims who has to foot the bill to get their site cleaned up again.

It was a mammoth session and took about 1 hour and 30 minutes to cover with plenty of others chipping in with their experiences and asking questions.

Thanks guys – that’s what the open source community is all about!

Topics Covered

  • Sun Tzu – The Art of War
  • The Ultimate Secure Site
  • Social Engineering
  • Usernames & Passwords
  • Unix File Permissions
  • WordPress Folder and File Permissions
  • WordPress Configuration Files & Securing Them
  • Server Malware & Services To Clean Them
  • Updating WordPress (even for a large number of sites)
  • Automatic WordPress Updates
  • Why You Shouldn’t Use Free Themes & Plugins (torrents especially)
  • How To Check For Malware In Themes & Plugins
  • The Evil TimbThumb Script
  • SSL Certificates, Secure WordPress Logins & Dashboard
  • Software Firewalls
  • Limit Login Attempts (stop brute force attacks)
  • WordPress Backups (free & paid)
  • Security For The Paranoid
  • Two Factor WordPress Authentication (Google Authenticator)
  • Biometric WordPress Authentication (VoxedIn)
  • Moving The WordPress wp-content Folder
  • Protecting wp-config.php
  • SQL/Script Injection Protection
  • Prevent Directory Browsing
  • Secure The WordPress wp-admin Folder
  • Disable The WordPress Dashboard Theme & Plugin Editors
  • Change The WordPress Default Database Table Prefix
  • Be “Big Brother” – WordPress Security Audit Logs
  • Change wp-login.php
  • Change wp-admin Folder
  • Dos & DDoS Attacks

Conversations continued in the pub afterwards.

Lime Canvas help organise WordPress meetups in Sydney (Central, North and Parrmatta) and Dublin.  Come along for a chat at the next one.