Getting started with wordpress hosting and security
Download as PPTX, PDF1 like462 views
Powerpoint Presentation by Philip Hess at the Pittsburgh WordPress Meetup March 2, 2016 that goes over hosting and security.
Ad
More Related Content
What's hot (20)
Viewers also liked (17)
Ad
Similar to Getting started with wordpress hosting and security (20)
Ad
More from WP Pittsburgh Meetup Group (6)
Recently uploaded (16)
![5-Ways-To-Future-Proof-Your-SIEM-Securonix[1].pdf](https://cdn.slidesharecdn.com/ss_thumbnails/5-ways-to-future-proof-your-siem-securonix1-250426114439-c707b6bf-thumbnail.jpg?width=560&fit=bounds)
Getting started with wordpress hosting and security
- 1. Philip Hess GETTING STARTED WITH WORDPRESS HOSTING AND SECURITY
- 3. • Not really necessary • But www.mydomain.com looks better than… • www.mysite.hostingcompany.com or • www.hostingcompany.com/~mysite/ • I use PairNic.com • Local, in the south side • Clean interface (but somewhat dated) • Ad free DOMAIN NAME
- 4. • What kind of site you want will determine what kind of hosting is best. • eCommerce • Medical/Professional • Education • Hobby HOSTING
- 5. • eCommerce • Security • Credit card processing • Not down during shopping times HOSTING
- 6. • Medical/Professional • Security • HIPPA requirements HOSTING
- 7. HOSTING • Education • Security • FERPA requirements
- 8. HOSTING • Hobby • Security against hacking • Personal embarrassment
- 9. HOSTING • My short list • www.wordpress.com • www.pair.com • www.asmallorange.com • Select the best host you can afford
- 10. HOSTING • Who I chose and why • cPanel – used it before, familiar with it • One click install of WordPress • $35.00/year – cheapest hosting I’ve found • Even a Raspberry Pi would cost more
- 11. SECURITY • If it’s on the internet someone will be trying to hack it • Change the admin account to something else • Don’t use admin, administrator, your name, any part of your site name • Use the admin account to administer your site and nothing else • Use a separate account to post content
- 12. SECURITY • Learn how to secure WordPress • Hardening WordPress • WordFence Security Learning Center • Google is your BFF – but verify • Learn how to use the security features of your server – most likely Linux (LAMP) • Apache (web server) security features • .htacess files
- 13. SECURITY • .htaccess files • You can protect the .htaccess file itself by adding the following lines to the file: <files .htaccess> order allow,deny deny from all </files>
- 14. SECURITY • .htaccess • Limiting access to /wp-admin/ <LIMIT GET> order deny,allow deny from all allow from ww.xx.yy.zz replace with own IP address </LIMIT>
- 15. SECURITY • .htaccess • Disable directory browsing • Options –Indexes • Disable PHP execution (/wp-content/uploads/) • <files *.php> • deny from all • </Files>
- 16. SECURITY • Editing the wp-config.php file • Automatically update WordPress core files • define( 'WP_AUTO_UPDATE_CORE', true ); • Disallow editing of PHP from within WordPress • define('DISALLOW_FILE_EDIT', true); • Supressing PHP run time errors • error_reporting (0); • @ini_set ('display_errors', 0);
- 17. SECURITY • Use HTTPS if you have an eCommerce site or collect any sort of data from customers/visitors • Will need a “certificate” in this case, an extra annual charge • Good idea to use this for login on to your site • Generate new WordPress security keys • https://api.wordpress.org/secret-key/1.1/ • Keep your own computer clean and safe
- 18. CONTROL PANELS • Help you manage your site without using the command line • Home Grown • Plesk • cPanel
- 19. INSTALLING WORDPRESS • From control panel • Easy • Default options • Can install and delete as often as you wish • Change the table_prefix
- 20. INSTALLING WORDPRESS • Manually • From the command line • Change the table_prefix
- 21. INSTALLING WORDPRESS • Themes – Changes the appearance of WordPress site • There are thousands! • Get from a reputable site • WordPress.org • Don’t limit yourself to just a theme based on a keyword • Only one theme can be active at a time • Theme checkers – checks for hidden malware
- 22. INSTALLING WORDPRESS • Plugins – Adds or changes features of your WordPress site • There are thousands! • Get from reputable sources or develop own • Take time to review and try them out before deciding • Look at the last time it was updated • Potential security issues • Deactivate/delete plugins not being used
- 23. INSTALLING WORDPRESS • Security Plugins • There are hundreds! • Look for one that is updated frequently • Free vs. paid
- 24. SUMMARY • What I’m doing… • Theme – using a theme designed for hosting services • Plugins – none except for WordFence • Reviewing and evaluating several others • Security • WordFence free – may upgrade to paid • .htaccess to block IP addresses identified by WordFence
- 25. SUMMARY • Security • Unique logins for site admin and content • Password protecting /wp-admin/ directory • Blocking access from all but a few selected IP adresses
- 26. SUMMARY • Security (cont) • Limit access to /wp-admin/ directory to just my IP address • Changes every few days though • Sanitizing output of WordPress • Modifying WordPress core files
- 27. RESOURCES • Hosting • www.wordpress.com • www.pair.com • www.asmallorange.com
- 28. RESOURCES • WordPress • WordPress Codex • codex.wordpress.org • WordPress Themes • wordpress.org/themes/ • WordPress Plugins • wordpress.org/plugins/ • WordPress Lessons • codex.wordpress.org/WordPress_Lessons
- 29. RESOURCES • Security • Hardening WordPress • codex.wordpress.org/Hardening_WordPress • WordFence • www.wordfence.com • WordFence Security Learning Center • https://www.wordfence.com/learn/