SlideShare a Scribd company logo

WordPress Security Best Practices

Jason Yingling
Jason Yingling

The document outlines best practices for WordPress security, highlighting common attacks such as cross-site scripting, brute-force attacks, SQL injections, and DDoS. It emphasizes the importance of using strong passwords, keeping software updated, implementing two-factor authentication, and utilizing security plugins like iThemes Security and Wordfence. The document also advises on the significance of regular backups and choosing trusted plugins to enhance overall site protection.

Technology
1 of 13
Download to read offline
1
2
Most read
3
Most read
4
Most read
5
6
7
8
9
10
11
12
13
BEST PRACTICES FOR WORDPRESS SECURITYJason Yingling (@jason_yingling)
COMMON ATTACKS Cross Site Scripting (XSS) Attackers can inject malicious scripts into a page that can be used to steal data from users. Common Cause(s) Bad / outdated plugins Non-sanitized code
 Not validating input data
COMMON ATTACKS Brute-force Attacks Attackers run scripts to try to crack logins by trying known user and password combos. Common Cause(s) Weak passwords Unlimited login attempts Tip
 https://haveibeenpwned.com/
COMMON ATTACKS SQL Injections Attackers inject SQL into the site’s database, typically through plugin vulnerabilities, allowing them access to the database to do as they please. Common Cause(s) Bad / outdated plugins Non-sanitized code
 Not validating input data
COMMON ATTACKS DDOS Multiple systems are used to target a single site causing it to overload and go down Common Cause(s) Lack of firewalls
PROTECT YOUR LOGIN Don’t use admin username Use strong passwords Hide the login page Two Factor Authentication Limit Login Attempts Plugins iThemes Security WordFence Limit Login Attempts reloaded Pro Tip Use site specific emails: example+domain@gmail.com
KEEP THINGS UP TO DATE Keep WordPress core updated Keep plugins and themes updated Use the latest version of PHP Pro-tip Used managed WordPress hosting
PICK GOOD PLUGINS Trusted sources Recent updates Active installs Check the support forums More Picking Good WordPress Plugins
TAKE FREQUENT BACKUPS Database and file system backups Test backups from time to time Store the backups off server
USE A FIREWALL Protect against known attacks Helps with DDoS mitigation Services Cloudflare Sucuri
USEFUL PLUGINS iThemes Security WordFence Limit Login Attempts Reloaded
SECURITY RESOURCES Kinsta WordPress Security Guide Wordfence - How to Prevent Cross Site Scripting Attacks wpbeginner - The Ultimate WordPress Security Guide WordPress Security: An Introduction to Hardening WordPress
SECURITY QUESTIONS QUESTIONS Twitter: @jason_yingling Email: jason@jasonyingling.me

More Related Content

What's hot (20)

PPTX
Application Security Vulnerabilities: OWASP Top 10 -2007
Vaibhav Gupta
 
DOCX
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
Samvel Gevorgyan
 
PPTX
Web application attacks
hruth
 
PPTX
Secure Code Warrior - Unrestricted file upload
Secure Code Warrior
 
PPTX
Secure Code Warrior - Authentication
Secure Code Warrior
 
PPTX
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
Quek Lilian
 
PPTX
3. backup file artifacts - mazin ahmed
Rashid Khatmey
 
PPT
Starwest 2008
Caleb Sima
 
PPT
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
PPTX
Joomla Security v3.0
Ajay Lulia
 
PDF
Owasp Top 10-2013
n|u - The Open Security Community
 
PPT
Security 101
George V. Reilly
 
PPTX
Cyber ppt
karthik menon
 
PDF
T04505103106
IJERA Editor
 
PPT
Web Application Security
Jason Leveille
 
PPTX
Content Management System Security
Samvel Gevorgyan
 
PPTX
A8 cross site request forgery (csrf) it 6873 presentation
Albena Asenova-Belal
 
PPT
Phpnw security-20111009
Paul Lemon
 
PPTX
Web application security: Threats & Countermeasures
Aung Thu Rha Hein
 
PPT
Cross Site Request Forgery Vulnerabilities
Marco Morana
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Vaibhav Gupta
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
Samvel Gevorgyan
 
Web application attacks
hruth
 
Secure Code Warrior - Unrestricted file upload
Secure Code Warrior
 
Secure Code Warrior - Authentication
Secure Code Warrior
 
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
Quek Lilian
 
3. backup file artifacts - mazin ahmed
Rashid Khatmey
 
Starwest 2008
Caleb Sima
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
Joomla Security v3.0
Ajay Lulia
 
Owasp Top 10-2013
n|u - The Open Security Community
 
Security 101
George V. Reilly
 
Cyber ppt
karthik menon
 
T04505103106
IJERA Editor
 
Web Application Security
Jason Leveille
 
Content Management System Security
Samvel Gevorgyan
 
A8 cross site request forgery (csrf) it 6873 presentation
Albena Asenova-Belal
 
Phpnw security-20111009
Paul Lemon
 
Web application security: Threats & Countermeasures
Aung Thu Rha Hein
 
Cross Site Request Forgery Vulnerabilities
Marco Morana
 

Similar to WordPress Security Best Practices (20)

PDF
A Guide To Secure WordPress Website – A Complete Guide.pdf
Host It Smart
 
PDF
WordPress Security WordCamp OC 2013
Brad Williams
 
PPTX
Protect Your WordPress From The Inside Out
SiteGround.com
 
PPT
Is your Wordpress safe enough?
saidmurat
 
PDF
Honolulu web designers
Webmaster Services Hawaii
 
PDF
WordPress security 101 - WP Turku Meetup 2.2.2017
Otto Kekäläinen
 
PPTX
Understanding word press security wwc-4-7-17
Nicholas Batik
 
DOCX
The Ultimate Guide to Wordpress Security
AidanChard
 
PDF
Seravo.com: WordPress Security 101
Seravo
 
PDF
Top Ten WordPress Security Tips for 2012
Brad Williams
 
PDF
ResellerClub Ctrl+F5 - WordPress Security session
Pratik Jagdishwala
 
PDF
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
Otto Kekäläinen
 
PDF
WordPress Security 2018
Adrian Mikeliunas
 
PDF
Word camp2011 introwordpresssecurity
David Wilemski
 
PDF
Types of Security Threats WordPress Websites Face - Part 2
WPWhiteBoard
 
PDF
WordPress Security - 12 WordPress Security Fundamentals
findingsimple
 
PDF
WordPress Server Security
Peter Baylies
 
PPTX
WordPress Security - What to do, What NOT to do
WordPress Trivandrum
 
PPT
Blog World 2010 - How to Keep Your Blog from Being Hacked
Brian Layman
 
PDF
Introduction to WordPress Security
Nile Flores
 
A Guide To Secure WordPress Website – A Complete Guide.pdf
Host It Smart
 
WordPress Security WordCamp OC 2013
Brad Williams
 
Protect Your WordPress From The Inside Out
SiteGround.com
 
Is your Wordpress safe enough?
saidmurat
 
Honolulu web designers
Webmaster Services Hawaii
 
WordPress security 101 - WP Turku Meetup 2.2.2017
Otto Kekäläinen
 
Understanding word press security wwc-4-7-17
Nicholas Batik
 
The Ultimate Guide to Wordpress Security
AidanChard
 
Seravo.com: WordPress Security 101
Seravo
 
Top Ten WordPress Security Tips for 2012
Brad Williams
 
ResellerClub Ctrl+F5 - WordPress Security session
Pratik Jagdishwala
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
Otto Kekäläinen
 
WordPress Security 2018
Adrian Mikeliunas
 
Word camp2011 introwordpresssecurity
David Wilemski
 
Types of Security Threats WordPress Websites Face - Part 2
WPWhiteBoard
 
WordPress Security - 12 WordPress Security Fundamentals
findingsimple
 
WordPress Server Security
Peter Baylies
 
WordPress Security - What to do, What NOT to do
WordPress Trivandrum
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Brian Layman
 
Introduction to WordPress Security
Nile Flores
 
Ad

More from Jason Yingling (14)

PPTX
Installing WP-CLI locally
Jason Yingling
 
PPTX
Getting Started with Gutenberg Development
Jason Yingling
 
PPTX
Plugin development
Jason Yingling
 
PPTX
Introducing CSS Grid
Jason Yingling
 
PPTX
Customizing the WordPress Customizer
Jason Yingling
 
PDF
Battling Google PageSpeed Insights
Jason Yingling
 
PPTX
Putting the Develop in Development
Jason Yingling
 
PPTX
Getting to Know Underscores
Jason Yingling
 
PPTX
Speeding Up WordPress sites
Jason Yingling
 
PPTX
Creating Dynamic Sidebars & Widgets in WordPress
Jason Yingling
 
PPTX
WordPress Template hierarchy
Jason Yingling
 
PPTX
Design todevelop
Jason Yingling
 
PPTX
Ithemes presentation
Jason Yingling
 
PPTX
Building Flexible Sites with Advanced Custom Fields
Jason Yingling
 
Installing WP-CLI locally
Jason Yingling
 
Getting Started with Gutenberg Development
Jason Yingling
 
Plugin development
Jason Yingling
 
Introducing CSS Grid
Jason Yingling
 
Customizing the WordPress Customizer
Jason Yingling
 
Battling Google PageSpeed Insights
Jason Yingling
 
Putting the Develop in Development
Jason Yingling
 
Getting to Know Underscores
Jason Yingling
 
Speeding Up WordPress sites
Jason Yingling
 
Creating Dynamic Sidebars & Widgets in WordPress
Jason Yingling
 
WordPress Template hierarchy
Jason Yingling
 
Design todevelop
Jason Yingling
 
Ithemes presentation
Jason Yingling
 
Building Flexible Sites with Advanced Custom Fields
Jason Yingling
 
Ad

Recently uploaded (20)

PDF
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
Human-centred design in online workplace learning and relationship to engagem...
Tracy Tang
 
PDF
Empowering Cloud Providers with Apache CloudStack and Stackbill
ShapeBlue
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PPTX
Building and Operating a Private Cloud with CloudStack and LINBIT CloudStack ...
ShapeBlue
 
PDF
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
PPTX
Extensions Framework (XaaS) - Enabling Orchestrate Anything
ShapeBlue
 
PDF
CloudStack GPU Integration - Rohit Yadav
ShapeBlue
 
PPTX
✨Unleashing Collaboration: Salesforce Channels & Community Power in Patna!✨
SanjeetMishra29
 
PDF
Ampere Offers Energy-Efficient Future For AI And Cloud
ShapeBlue
 
PDF
Women in Automation Presents: Reinventing Yourself — Bold Career Pivots That ...
DianaGray10
 
PDF
Why Orbit Edge Tech is a Top Next JS Development Company in 2025
mahendraalaska08
 
PDF
Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdf
Pavel Shukhman
 
PDF
Français Patch Tuesday - Juillet
Ivanti
 
PDF
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
PDF
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
Human-centred design in online workplace learning and relationship to engagem...
Tracy Tang
 
Empowering Cloud Providers with Apache CloudStack and Stackbill
ShapeBlue
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
Building and Operating a Private Cloud with CloudStack and LINBIT CloudStack ...
ShapeBlue
 
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
Extensions Framework (XaaS) - Enabling Orchestrate Anything
ShapeBlue
 
CloudStack GPU Integration - Rohit Yadav
ShapeBlue
 
✨Unleashing Collaboration: Salesforce Channels & Community Power in Patna!✨
SanjeetMishra29
 
Ampere Offers Energy-Efficient Future For AI And Cloud
ShapeBlue
 
Women in Automation Presents: Reinventing Yourself — Bold Career Pivots That ...
DianaGray10
 
Why Orbit Edge Tech is a Top Next JS Development Company in 2025
mahendraalaska08
 
Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdf
Pavel Shukhman
 
Français Patch Tuesday - Juillet
Ivanti
 
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 

WordPress Security Best Practices