Upcoming SlideShare
Wordpress security best practices - WordCamp Waukesha 2017
- 1. Security Best Practices
- 2. @VicDrover Panama Papers
- 3. @VicDrover Panama Papers
- 4. @VicDrover Infected Websites by Platform Hacked Website Report - Sucuri
- 5. @VicDrover % Out-of-Date CMS Hacked Website Report - Sucuri
- 6. @VicDrover Is YOUR website is vulnerable?
- 7. @VicDrover Top 3 WordPress causing hacks Hacked Website Report - Sucuri
- 8. @VicDrover RevSlider < 3.0.95 = vulnerable https://www.wordfence.com/blog/2016/04/mossack-fonseca-breach-vulnerable-slider-revolution/
- 9. @VicDrover WordPress host for Ransomware http://www.tomsguide.com/us/wordpress-ransomware-epidemic,news-22219.html
- 10. @VicDrover Levels of website security
- 11. @VicDrover Levels of website security
- 12. Client Passwords
- 13. @VicDrover Password Managers
- 14. @VicDrover Agency Passwords
- 15. @VicDrover Trust extends to your team
- 16. @VicDrover Email security
- 17. @VicDrover Staff
- 18. Staff
- 19. @VicDrover Disaster Response Plan
- 20. @VicDrover Initial response → Who, What, When → Emergency contact info → Service provider info ◆ DNS, Server/Host, Data Center, Backups → 1-time use passwords
- 21. Agency 7
- 22. Agency 7
- 23. @VicDrover Security policy → Email usage → Resource access → Password strength → Password duration → Account sharing → Team composition → Disaster planning → Ongoing Education
- 24. @VicDrover Levels of website security Local Remote
- 25. @VicDrover Local Resources
- 26. @VicDrover PHP Usage (Joomla 3.5) PHP 5.5 PHP 5.2 PHP 5.3 PHP 5.6 PHP 7.x PHP 5.4
- 27. @VicDrover Webserver security
- 28. @VicDrover Heartbleed
- 29. @VicDrover filippo.io/Heartbleed/
- 30. @VicDrover Other local issues → SSH on non-default port, encryption keys → Disable FTP (vs. secure FTP) → Strong database password + table prefix → Enable logging (usually off by default) → Disable magic_quotes
- 31. @VicDrover Levels of website security Local Remote
- 32. @VicDrover Remote services - email
- 33. @VicDrover Remote services - DNS
- 34. @VicDrover Remote services - reverse proxy
- 35. @VicDrover Managed Hosting
- 36. @VicDrover Levels of website security
- 37. @VicDrover Update all the things
- 38. @VicDrover Well-known WordPress best-practices → Unique administrator account → Disable file editing, PHP Execution → Limit Login Attempts → Remove unused themes + plugins → Block editing of config file
- 39. @VicDrover Enforce stronger passwords
- 40. @VicDrover Control New Users
- 41. @VicDrover Secure failed login message function wrong_login() { return 'Wrong username or password.'; } add_filter('login_errors', 'wrong_login'); functions.php http://geckogullywebsites.com/wordpress-security-tips-check-for-display-of-unnecessary-information-on-failed-login-attempts/
- 42. @VicDrover Backup your site + test
- 43. @VicDrover Akeeba Backup https://www.akeebabackup.com/
- 44. @VicDrover Use Redundant firewalls
- 45. @VicDrover Use Redundant firewalls
- 46. @VicDrover Use Redundant firewalls
- 47. @VicDrover Use Redundant firewalls
- 48. @VicDrover Use Redundant firewalls
- 49. Security Best Practices
Login to see the comments