Backing up WordPress & Basic Security presented at WordCamp Atlanta, 2013. Security myths, 3 ways to backup WordPress, and numerous security tips, including some plugins.
Backing up WordPress & Basic Security presented at WordCamp Atlanta, 2013.
1. BACKING UP WORDPRESS
&
BASIC SECURITY
Carel Bekker - @ClickHOST & @carelbekker
Saturday, March 16, 13
2. Who is this guy?
• From South Africa
• In US since 1998
• 25+ years in technology
• Owner of ClickHOST.com
• Loves my wife, 3 children, technology,
reading, travel and occasional round of
golf.
• linkedin.com/in/cbekker
Carel Bekker - @ClickHOST 2
Saturday, March 16, 13
4. What will we cover?
“I’m going to show your where the windows and doors are on
your WordPress house and how to lock them!”
• Basics needed to protect your WordPress website or blog
• Very little technical skills are needed
• Some definitions
• Resource list
• Security Myths
•3 ways to Backup WordPress
•3 security tips that will safe your life, ok, at least your website
Carel Bekker - @ClickHOST 4
Saturday, March 16, 13
5. What is malware?
• Malware = malicious software.
• Anything loaded onto your website (or
computer) that you didn’t authorize.
• Malware, short for malicious (or malevolent) software, is
software used or created by attackers to disrupt computer
operation, gather sensitive information, or gain access to private
computer systems. It can appear in the form of code, scripts,
active content, and other software. 'Malware' is a general term
used to refer to a variety of forms of hostile or intrusive
software. - wikipedia.org
Carel Bekker - @ClickHOST 5
Saturday, March 16, 13
6. Other definitions
• SQL Injections: Entering SQL statements
into form fields.
• Cross-site contamination: WordPress
sites infecting sites in the same hosting account.
• Phishing or Spoofing: Email or website
that looks like the real thing
• Social engineering, e.g., Wired reporter
story
Carel Bekker - @ClickHOST 6
Saturday, March 16, 13
7. Security Myths
• #1: Who would want to hack my website
• #2: I will see when my website is hacked
• #3: My website is 100% secure
• #4: My hosting provider will have a backup for me
• #5: I use strong passwords -- I’m ok
Carel Bekker - @ClickHOST 7
Saturday, March 16, 13
8. Backing up
WordPress
Carel Bekker - @ClickHOST 8
Saturday, March 16, 13
9. Backup Basics
• What is a backup?
• Reliable recent copy of your website.
• Should be easy to restore from your backup.
• Why should I backup?
• Bad things happen, especially in the WWW = wild, wild west.
• How often & when should I backup?
• Before any major updates to your website
• Before updating WordPress, plugins or themes
• Daily, Weekly, Monthly.
• 1-2 different backup copies.
Carel Bekker - @ClickHOST 9
Saturday, March 16, 13
10. Use a WordPress plugin
• Installa plugin to backup your WordPress
website.
• Most offer option to backup to: hosting
account, cloud, local or email the backup.
• Numerous FREE WordPress backup plugins:
• One-click installers like Softaculous
• BackWPup (free and pro versions)
• WordPress Backup to Dropbox
• or Paid plugins:
• BackupBuddy ($$$)
• VaultPress ($$)
Carel Bekker - @ClickHOST 10
Saturday, March 16, 13
11. DIY Backups
• Use tools provided by hosting
company
• cPanel most common control panel
• Select the Database to download.
• Only backup the database.
• Backup will be downloaded to your
local directory.
• You can then upload the database
to restore your WordPress website.
• Paid services: CodeGuard,
SiteAutoBackup,
Carel Bekker - @ClickHOST 11
Saturday, March 16, 13
12. Ask your hosting provider
• This is not specific to WordPress.
• Some hosting providers provide automatic backups
• Full account backups
• Some offer free restore services
• Others charge a fee to restore a from a backup
• Ask your hosting provider to setup a backup schedule
• Don’t keep too many backups in your hosting account
• Download to your local machine
Carel Bekker - @ClickHOST 12
Saturday, March 16, 13
13. Top Tips to
Secure WordPress
Carel Bekker - @ClickHOST 13
Saturday, March 16, 13
14. Don’t use ADMIN
• Don’t use admin as your username.
• This is the default when installing
• Almost as bad as using password for your password :)
• How to fix this!
• Create a new administrator user.
• Log out, then log in as the new admin user.
• Delete the old “admin” user.
Carel Bekker - @ClickHOST 14
Saturday, March 16, 13
15. Update! Update!
• New versions/updates include security
fixes and new functionality.
• Always keep your WordPress
installation current!
• Keep your plugins updated.
• Try to keep your theme current too,
however be careful and only upgrade if you
are sure that a child theme was used.
• Make a backup BEFORE you update
WordPress, plugins or themes.
Carel Bekker - @ClickHOST 15
Saturday, March 16, 13
16. Passwords
• Use strong passwords, not 123456 or Password
• Use Pass-phrases, correcthorsebatterystaple
• Better yet, use a password manager:
• Generate very strong passwords
• No need to remember 100’s of password
• Easy to use with browser addons.
• LastPass.com, 1password.com, RoboForm.
Carel Bekker - @ClickHOST 16
Saturday, March 16, 13
17. Anti-spam techniques
• How do I prevent comment spam? Unwanted comments in my blog posts.
• Don’t allow comments.
• Also to moderate all comments.
• Use a comment system plugin:
• Disqus
• Livefyre
• Use Facebook Comment system.
• Comment spam control plugins:
• Akismet ($5/month)
• Growmap Anti Spambot (free)
Carel Bekker - @ClickHOST 17
Saturday, March 16, 13
19. Random security tips
• Make sure you have anti-virus installed on your computer
• Even on a Mac (Sophos)
• Email spam filtering
• Only download themes, and plugins from trusted sources.
• WordPress and reputable theme/plugin sources
• Delete unused themes, and plugins! (not just de-activate)
• Delete unused WordPress installations.
Carel Bekker - @ClickHOST 19
Saturday, March 16, 13
21. Resources
• More great WordCamp presentations:
• WordPress End-User Security, Dre Armeda
• Building secure WordPress sites, Sakin Shrestha
• or goto wordpress.tv and search for security
• WordPress Codex: http://codex.wordpress.org/WordPress_Backups
• WordPress Backup options: http://www.clickhost.com/wordpress-backup/
• Search clickhost.com/blog for WordPress
• How to make your WordPress installation Secure
• WordPress Security: 5 Steps To Reduce Your Risk
• Three sure fire ways to prevent being hacked!
Carel Bekker - @ClickHOST 21
Saturday, March 16, 13
22. Carel Bekker
President&Owner
carel@clickhost.com
Twitter: @clickhost, @carelbekker
Tel: 404.220.8110
Friends don’t let friends host on Go Daddy!
Carel Bekker - @ClickHOST 22
Saturday, March 16, 13