2. When Should You Consider
Security?
➔
Every Step of the Process!!!
➔
Buying Domain – Keys To The Kingdom
➔
Hosting
➔
PCI Compliance (Credit Cards)
➔
Updates and Maintenance
➔
Privacy Policy
➔
Sharing Of Information & Credentials
4. Hosting Questions
➔ Are SFTP or SSH Offered?
➔ Are PHP (5.2.4+) & MySQL (5.0+) at Latest
Versions?
➔ Do They Have 24/7 Phone Support?
➔ How Have They Handled Past Security
Breaches And Down Times?
➔ Is There An Uptime Guarantee?
➔ Do They Do Backups? How Often?
5. Making WordPress More Secure
➔
Update Core When Updates Available
ASAP
➔
.1 Upgrades Are Security & Bug
Fixes
➔
1. Upgrades Are New Features
➔
Carefully Update Plugins (Backup First!)
➔
Use SFTP or SSH, not FTP
➔
Use Strong Passwords
6. Account B P
est ractices
➔
Delete Default “Admin” Account
➔
Unique Accounts for Each Person
➔
No Sharing Of Accounts and Passwords
➔
Do Not Store Your Credentials In Clear
Text (No Stickies, Excel, or Notepad)
➔
Principle of Least Privilege/Role Based
Access Controls
➔
Always Use Strong Passwords
7. WordPress Roles
➔
Super Admin - Network Administration
(Multi-User Sites)
➔
Administrator - Access To All
➔
Editor - Other Users' Posts
➔
Author - Own Posts Only
➔
Contributor - Submit But Not Publish
➔
Subscriber - Manage Their Own Profile
*Members Plugin - Add and Change Roles
8. Strong Passwords
➔
a=4 e=3 s=5 i=1 o=0 Is Not Secure!!!!
➔
Combination of Uppercase and
Lowercase Letters, Numbers & Special
Characters
➔
Passwords Should Be Pass Phrases (8-15
characters minimum)
➔
Change Passwords Often & Never Share
(like a Tooth Brush!)
➔
Use A Password Manager (i.e. LastPass
or KeePass)
9. P Data Security Standard
CI
➔
Follows Common Sense Best Security
Practices
➔
Handled Through The Payment Processor
That Accepts Credit Cards (PayPal or 3 rd
Party Shopping Cart)
➔
Requires Credit Card and Client
Information To Be Stored And Transmitted
Securely (HTTPS/SSL)
➔
Strong Secure Passwords Changed Often
10. Privacy Policy
➔
If You Are Collecting Any Information on
Your Website, You Should Have One
➔
Type of Collected Information, Intents
➔
Shows Commitment to Data Security
➔
How to Contact You & Update Information
➔
Third Party Apps Such as Mailchimp,
Constant Contact, PayPal Have Their
Own Privacy Policies
11. I've Been Hacked!!!
➔
Stay Calm, Breathe
➔
Isolate the Infection – Take Site Offline
➔
Change All Passwords
➔
Update Clients – Phone Calls Are Best
➔
Cure The Problem or Hand Off
➔
Restore Service
➔
Analyze Cause and Prevent Future
Infections