November 09, 2016

01:07:25

140 What Are the Best Practices For WordPress Security?

140 What Are the Best Practices For WordPress Security?
WP-Tonic | WordPress | SaaS | Bootstrap SaaS | Startups
140 What Are the Best Practices For WordPress Security?

Nov 09 2016 | 01:07:25

/

Show Notes

In this WP-Tonic round-table we look at WordPress and security with an excellent panel of WordPress community experts.


Our panel this week:
Brian Jackson from https://woorkup.com/ and https://kinsta.com/
Sallie Goetsch from https://wpfangirl.com/
Jackie D'Elia from https://jackiedelia.com/
Jonathan Denwood from https://www.wp-tonic.com/
John Locke from Lockedown SEO


Episode 140 Table of Contents
0:00 Podcast intros
1:50 WordPress Security – 18+ Steps to Lock Down Your Site
https://kinsta.com/blog/wordpress-security

3:12 Learning From Buggy WordPress Wp-login Malware
https://blog.sucuri.net/2016/10/learning-buggy-wordpress-wp-login-malware.html

6:49 Updating your WordPress plugins is one of the most important things you can do
10:22 Test all plugin and theme updates on a staging server

12:25 Surviving Electmageddon: Protecting against a wave of DNS outages
https://www.wordfence.com/blog/2016/11/surviving-electmageddon-protecting-wave-dns-outages/
(DDoS attacks and advantages of having a secondary DNS server)

17:34 Securing WordPress from the Start
https://ithemes.com/2016/11/02/securing-wordpress/

21:29 It's a good idea to have redundant backups for your website. You can't have enough of these.

24:35 What is one WordPress security tip that you should use right from the start?

25:48 Brian has a story about what sort of long-lasting damage to your SEO a single hack can produce.

27:20 Cleaning Up a Massive Negative SEO Attack with Web CEO
https://woorkup.com/cleaning-negative-seo-attack-web-ceo/

29:52 Changing the default login URL can prevent automated attacks. Also, always use strong passwords.

31:11 Always check your code for hidden backlinks to spam sites.

32: 35 We discuss Negative SEO.

33:12 Linkpocalypse Now – The Horror of Negative SEO
http://www.jacobking.com/negative-seo-truth

35:05 Limit the login attempts people can make to prevent a brute force attack. Consider two-factor authentication for logins.

36:16 Deactivate and delete any themes and plugins you're not using. Don't use the automatic WordPress install scripts that your hosting company provides.

38:24 Many people use weak passwords, and that's why they get hacked.

40:37 Install an audit log so you can see what activity is happening on your site. Clients will often be freaked out by how often the site is scanned.

42:25 Don't use themes where plugins are bundled into the theme (like on ThemeForest)
https://www.lockedownseo.com/why-we-shouldnt-bundle-wordpress-plugins-in-themes/

43:37 Do not allow everyone on your site to have Administrator access

46:15 XML-RPC: What is it? Why should you limit it's use? HOw do hackers use it?

49:03 Be careful about using public Wi-Fi to FTP or login to your site. Always use HTTPS on your site to encrypt your password when logging in publicly.

52:01 Use a virus scan on your own computer. Your computer can be an attack vector. Keep your version of PHP and MySQL versions up to date on your hosting account.

53:48 Shared hosting is not the most secure option for hosting. Large companies with internal IT departments are also prime for attack.

57:43 How much resistance is there with getting clients on board with WordPress security best practices?

1:02:44 If possible, use a service like LastPass to use strong passwords.
https://www.lastpass.com/

1:03:40 Podcast outros

===============

Other lInks mentioned during the show:

Maximum Overdrive (imdb)
http://www.imdb.com/title/tt0091499/

rmoov - The Backlink Removal Tool That Helps You Clean Up Bad Links
https://www.rmoov.com/index.php

Unmasked: What 10 million passwords reveal about the people who choose them
https://wpengine.com/unmasked/

WP White Security
https://www.wpwhitesecurity.com/

WP Security Audit Log
https://www.wpsecurityauditlog.com/

Co-Authors Plus
https://wordpress.org/plugins/co-authors-plus/

iThemes Security
https://ithemes.com/security/

Google Authenticator
https://wordpress.org/plugins/google-authenticator/

WP Clef
https://wordpress.org/plugins/wpclef/

KeyCDN
https://www.keycdn.com/


===============

For bonus content on this episode, go to the WP-Tonic website:
https://www.wp-tonic.com/podcast/140-best-practices-for-wordpress-security/

===================


Subscribe to WP-Tonic on iTunes
https://itunes.apple.com/us/podcast/wp-tonic-wordpress-podcast/id893083124?mt=2


===================


WP-Tonic is a both a WordPress maintenance and support service, and publisher of a twice weekly WordPress podcast where we talk with some of the most successful people in WordPress development, business, and online marketing.

Other Episodes