WordPress Security Best Practices
- 5. For the next 100 minutes,
we’ll cover the:
5 Rules
• 4 Tools and
• 3 Important Habits
•
To keep your site safe.
- 6. Sam Hotchkiss
I run a WordPress agency in Bath, Maine and am the lead
developer for the WordPress security plugin BruteProtect.
- 7. Brennen Byrne
I’m one of the founders of Clef, a security plugin for
WordPress that lets you log in without a password.
- 20. brute force + botnet
how long does it take an army to guess your
password?
- 22. bucket brigade
an attacker sits between you and a site you log in to, when
you send your password, they read it before passing it on
- 23. but really, insecure
plugins and themes
WordPress core has a team of security experts looking
for these flaws all the time. Most plugins do not.
- 24. Do you need to worry?
some people think that their site is too small to be
attacked
- 25. WordPress is 20% of
the web
most attackers are counting on a small success
rate across a huge number of sites
- 26. Bots attack every site
BruteProtect blocked more than 20m attacks last
year, and it’s on less than 0.01% of WordPress sites
- 38. do not write your own
SQL
or, if you do, clean it carefully before you use it
- 57. fresh install
you can restore a backup, save old themes, but
nothing works as well as starting from scratch