SlideShare a Scribd company logo

WordPress Security 2018

Adrian Mikeliunas
Adrian Mikeliunas

This document discusses securing a WordPress website. It covers securing the server, application, and user/admin layers. Topics include securing the database and server, enabling SSL, regular backups, updating WordPress core and plugins, selecting secure plugins, restricting file access, using strong passwords, and installing security plugins. The goal is to implement a defense in depth approach with multiple layers of security controls.

1 of 20
Download to read offline
Intro to WordPress Security By Adrian Mikeliunas, CISSP, CISA https://learnwp.us/security/
 WordPress Architecture  Securing the server layer  Securing the application layer  Securing the user & admin Agenda http://farm4.static.flickr.com/3036/2913018697_ccbb33e993_b.jpg WordPress Security 2
 Adrian Mikeliunas, FCPS Instructor  Certified Information System Security Professional (CISSP)  Certified Information Systems Auditor (CISA)  30+ years of IT experience, 15 in Security  7+ years of WordPress experience  Adrian@Mikeliunas.com  https://learnwp.us WordPress Security 3 Speaker
WordPress Security 4 WordPress Architecture Web Server APACHE Students Or Users + Admins App Server PHP Database Server MYSQL
 Multiple layers of security controls (defense) are placed throughout an information technology (IT) system.  Database --- inner layer  Application  Web server --- outermost layer  The Goal is to provide redundancy in the event a security control fails or a vulnerability is exploited  Also known as the “Castle Approach” WordPress Security 5 Defense in depth
 KEEP A FULL COPY (just in case) of:  Database with user list and content  Installed Themes and Plugins  Customizations and much more…  Enable Secure Sockets Layer (SSL) and update server configuration https://wordpress.org/plugins/really-simple-ssl/ WordPress Security 6 Securing the Database Server
 How often should you back up?  How many backups should I keep?  Where should I keep the backups?  Can backups be automated?  Online or Offline?  Check your Hosting provider https://premium.wpmudev.org/blog/backup-plugins-compared/ https://wordpress.org/plugins/updraftplus https://wordpress.org/plugins/backwpup https://ithemes.com/purchase/backupbuddy $ WordPress #6 7 Backups
With a PAID monthly subscription ($39/99/299 per year): 1. The VaultPress plugin will backup:  Your site’s content  Themes & plugins in real time 2. Perform regular security scans for common threats and attacks https://vaultpress.com/plans/ http://wordpress.org/plugins/vaultpress WordPress #6 8 VaultPress (if you use Jetpack)
 Updating software is necessary to maintain or improve your security! Makes your website faster!  Update your  WordPress site (core)  WordPress themes  WordPress plugins  Which version? https://www.wappalyzer.com/ WordPress Security 9 Core Updates
 Easy Updates Manager  Better control of your updates! Avoids updating troublesome plugins or themes  https://wordpress.org/plugins/stops-core-theme-and-plugin- updates/  Easy Theme and Plugin Upgrades  WordPress does not upgrade uploaded commercial themes or plugins by default  https://wordpress.org/plugins/easy-theme-and-plugin- upgrades/ WordPress Security 10 Automating Updates
 Plugins can extend WordPress to do almost anything you can imagine!  Active plugins run in your server as ADMINISTRATOR  Plugins from the WordPress community are located at https://wordpress.org/plugins/  Unfortunately NOT all plugins are safe, secure or supported  WordPress got the memo and started to clean up the directory!  https://wordpress.org/plugins/tags/deprecated/  Newer versions of WP have many media enhancements (YouTube, images, …) so you may NOT need extra plugins Plugins WordPress #3 11
My 3 factors criteria for selecting a good plugin [or widget or theme]  Check Rating, at least 4 out of 5 stars, and from more than 1000 installs!  At least version 1.01! [many plugins are still version 0.x or BETA]  Date: preferably less than 1 year old [older plugins may NOT be compatible with your site] Plugin Selection Criteria WordPress #3 12
WordPress Security 13 WordPress Plugins Folder
 Apache web server has an .htaccess file to restrict content among other functions  Can be used to block bad people or hide content!  Like Lesson material, backups, etc.  Protect uploads is a easy plugin to protect content  https://wordpress.org/plugins/protect-uploads/ WordPress Security 14 Protect Content
 Don’t use the “Admin” username to administer your site  Use a new, separate account…  Don’t share admin accounts. Create as few as necessary!  Don’t use the default login URL! [It’s UGLY! Hackers know it!]  Brand login form with your school logo!  https://wordpress.org/plugins/theme-my-login/  Login plugins and two factor authentication https://wordpress.org/plugins/search/login+two+factor/ WordPress Security 15 Accounts & Passwords
 Hosting Account [or Operating System if self managed]  Server login (via SSH or third party plugins)  FTP or SFTP account and password  Database account and password  Email account and password WordPress Security 16 Other Accounts
 Firewall  Detect and Block malicious activity!  Two-Factor Authentication  Malware Scan Scheduling  Password Security / Expiration WordPress Security 17 Multifunctional Security
 Install a security plugin… from free to paid  WordFence https://wordpress.org/plugins/wordfence  iThemes https://wordpress.org/plugins/better-wp-security/  https://wordpress.org/plugins/bulletproof-security/  Other security options:  Hosting provider (extra $)  Content Delivery Network (CDN) WordPress Security 18 Security Plugins
 OWASP WordPress Security Implementation Guideline  https://www.owasp.org/index.php/OWASP_Wordpress_ Security_Implementation_Guideline  The Ultimate Guide to WordPress Security  https://premium.wpmudev.org/blog/ultimate-guide- wordpress-security/  https://premium.wpmudev.org/blog/a-complete-guide-to- wordpress-password-security/  WordPress Setup Checklist – 72 steps  http://www.wpmentor.net 14 steps in security WordPress Security Tips WordPress Security 19
??? ? WordPress Security 20 Questions?
Ad

Recommended

How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your Wordpress
Chelsea O'Brien
 
Locking down word press
Locking down word pressLocking down word press
Locking down word press
Zachary Russell
 
WordPress Security
WordPress Security WordPress Security
WordPress Security
Christina Hawkins
 
Joomla Security
Joomla SecurityJoomla Security
Joomla Security
Ruth Cheesley
 
Bảo Mật Website WordPress
Bảo Mật Website WordPressBảo Mật Website WordPress
Bảo Mật Website WordPress
Lê Quốc Toàn
 
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSHOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
Elsner Technologies Pvt Ltd
 
Security Risks In WordPress And Ways To Avoid Them | thoughtfulminds
Security Risks In WordPress And Ways To Avoid Them | thoughtfulmindsSecurity Risks In WordPress And Ways To Avoid Them | thoughtfulminds
Security Risks In WordPress And Ways To Avoid Them | thoughtfulminds
Thoughtful Minds Web Services Pvt. Ltd,
 
Wordpress security issues
Wordpress security issuesWordpress security issues
Wordpress security issues
Deepu Thomas
 
WordPress Security 101
WordPress Security 101WordPress Security 101
WordPress Security 101
Shady A. Sharaf
 
WordPress Security - What to do, What NOT to do
WordPress Security - What to do, What NOT to doWordPress Security - What to do, What NOT to do
WordPress Security - What to do, What NOT to do
WordPress Trivandrum
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
Acodez IT Solutions
 
The moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp SofiaThe moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp Sofia
Marko Heijnen
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security ppt
Cheap SSL Coupon Code
 
Joomla spécialiste
Joomla spécialisteJoomla spécialiste
Joomla spécialiste
Romain Caisse
 
HOWTO: Protect your websites/apps from cyber attacks
HOWTO: Protect your websites/apps from cyber attacksHOWTO: Protect your websites/apps from cyber attacks
HOWTO: Protect your websites/apps from cyber attacks
University of Toronto
 
WordPress and the Enterprise
WordPress and the EnterpriseWordPress and the Enterprise
WordPress and the Enterprise
Prasad Ajinkya
 
Migrating to WP Engine
Migrating to WP EngineMigrating to WP Engine
Migrating to WP Engine
mesmonde
 
7 tips to make word press website secure in 2021
7 tips to make word press website secure in 20217 tips to make word press website secure in 2021
7 tips to make word press website secure in 2021
WebConnect Pvt Ltd
 
10 Steps to Optimize Mozilla Firefox for Google Apps Security
10 Steps to Optimize Mozilla Firefox for Google Apps Security10 Steps to Optimize Mozilla Firefox for Google Apps Security
10 Steps to Optimize Mozilla Firefox for Google Apps Security
Datto
 
Securing Word Press Blog
Securing Word Press BlogSecuring Word Press Blog
Securing Word Press Blog
Chetan Gole
 
The Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress SecurityThe Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress Security
AidanChard
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
Brad Williams
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
jhon wilson
 
Protect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes SecurityProtect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes Security
Red8 Interactive
 
OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgery
Nikola Milosevic
 
Symbaloo Topics for discussion
Symbaloo Topics for discussionSymbaloo Topics for discussion
Symbaloo Topics for discussion
lsuffich
 
WordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best PracticesWordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best Practices
Jonathan Hall
 
CMS and security / privacy
CMS and security / privacyCMS and security / privacy
CMS and security / privacy
ImpessCMS
 
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertComplete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Chetan Soni
 
WordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your WebsiteWordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your Website
ReliqusConsulting
 
Ad

More Related Content

What's hot (20)

WordPress Security 101
WordPress Security 101WordPress Security 101
WordPress Security 101
Shady A. Sharaf
 
WordPress Security - What to do, What NOT to do
WordPress Security - What to do, What NOT to doWordPress Security - What to do, What NOT to do
WordPress Security - What to do, What NOT to do
WordPress Trivandrum
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
Acodez IT Solutions
 
The moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp SofiaThe moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp Sofia
Marko Heijnen
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security ppt
Cheap SSL Coupon Code
 
Joomla spécialiste
Joomla spécialisteJoomla spécialiste
Joomla spécialiste
Romain Caisse
 
HOWTO: Protect your websites/apps from cyber attacks
HOWTO: Protect your websites/apps from cyber attacksHOWTO: Protect your websites/apps from cyber attacks
HOWTO: Protect your websites/apps from cyber attacks
University of Toronto
 
WordPress and the Enterprise
WordPress and the EnterpriseWordPress and the Enterprise
WordPress and the Enterprise
Prasad Ajinkya
 
Migrating to WP Engine
Migrating to WP EngineMigrating to WP Engine
Migrating to WP Engine
mesmonde
 
7 tips to make word press website secure in 2021
7 tips to make word press website secure in 20217 tips to make word press website secure in 2021
7 tips to make word press website secure in 2021
WebConnect Pvt Ltd
 
10 Steps to Optimize Mozilla Firefox for Google Apps Security
10 Steps to Optimize Mozilla Firefox for Google Apps Security10 Steps to Optimize Mozilla Firefox for Google Apps Security
10 Steps to Optimize Mozilla Firefox for Google Apps Security
Datto
 
Securing Word Press Blog
Securing Word Press BlogSecuring Word Press Blog
Securing Word Press Blog
Chetan Gole
 
The Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress SecurityThe Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress Security
AidanChard
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
Brad Williams
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
jhon wilson
 
Protect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes SecurityProtect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes Security
Red8 Interactive
 
OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgery
Nikola Milosevic
 
Symbaloo Topics for discussion
Symbaloo Topics for discussionSymbaloo Topics for discussion
Symbaloo Topics for discussion
lsuffich
 
WordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best PracticesWordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best Practices
Jonathan Hall
 
CMS and security / privacy
CMS and security / privacyCMS and security / privacy
CMS and security / privacy
ImpessCMS
 
WordPress Security 101
WordPress Security 101WordPress Security 101
WordPress Security 101
Shady A. Sharaf
 
WordPress Security - What to do, What NOT to do
WordPress Security - What to do, What NOT to doWordPress Security - What to do, What NOT to do
WordPress Security - What to do, What NOT to do
WordPress Trivandrum
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
Acodez IT Solutions
 
The moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp SofiaThe moment my site got hacked - WordCamp Sofia
The moment my site got hacked - WordCamp Sofia
Marko Heijnen
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security ppt
Cheap SSL Coupon Code
 
Joomla spécialiste
Joomla spécialisteJoomla spécialiste
Joomla spécialiste
Romain Caisse
 
HOWTO: Protect your websites/apps from cyber attacks
HOWTO: Protect your websites/apps from cyber attacksHOWTO: Protect your websites/apps from cyber attacks
HOWTO: Protect your websites/apps from cyber attacks
University of Toronto
 
WordPress and the Enterprise
WordPress and the EnterpriseWordPress and the Enterprise
WordPress and the Enterprise
Prasad Ajinkya
 
Migrating to WP Engine
Migrating to WP EngineMigrating to WP Engine
Migrating to WP Engine
mesmonde
 
7 tips to make word press website secure in 2021
7 tips to make word press website secure in 20217 tips to make word press website secure in 2021
7 tips to make word press website secure in 2021
WebConnect Pvt Ltd
 
10 Steps to Optimize Mozilla Firefox for Google Apps Security
10 Steps to Optimize Mozilla Firefox for Google Apps Security10 Steps to Optimize Mozilla Firefox for Google Apps Security
10 Steps to Optimize Mozilla Firefox for Google Apps Security
Datto
 
Securing Word Press Blog
Securing Word Press BlogSecuring Word Press Blog
Securing Word Press Blog
Chetan Gole
 
The Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress SecurityThe Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress Security
AidanChard
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
Brad Williams
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
jhon wilson
 
Protect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes SecurityProtect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes Security
Red8 Interactive
 
OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgery
Nikola Milosevic
 
Symbaloo Topics for discussion
Symbaloo Topics for discussionSymbaloo Topics for discussion
Symbaloo Topics for discussion
lsuffich
 
WordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best PracticesWordPress Security 101: Practical Techniques & Best Practices
WordPress Security 101: Practical Techniques & Best Practices
Jonathan Hall
 
CMS and security / privacy
CMS and security / privacyCMS and security / privacy
CMS and security / privacy
ImpessCMS
 

Similar to WordPress Security 2018 (20)

Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertComplete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Chetan Soni
 
WordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your WebsiteWordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your Website
ReliqusConsulting
 
WordPress Security - Kulpreet Singh
WordPress Security - Kulpreet SinghWordPress Security - Kulpreet Singh
WordPress Security - Kulpreet Singh
guest4fe370
 
Wordpress best practices
Wordpress best practicesWordpress best practices
Wordpress best practices
Allanki Srinivas
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security Hardening
Timothy Wood
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
Dre Armeda
 
WordPress security
WordPress securityWordPress security
WordPress security
Shelley Magnezi
 
Securing Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad LaskySecuring Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad Lasky
wordcampgc
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011
Vlad Lasky
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!
Marko Heijnen
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
Brad Williams
 
WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018
Abul Khayer
 
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Bastian Grimm
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
Angela Bowman
 
Joomla Security
Joomla SecurityJoomla Security
Joomla Security
ViryaTechnologies
 
Wordpress Security & Hardening Steps
Wordpress Security & Hardening StepsWordpress Security & Hardening Steps
Wordpress Security & Hardening Steps
Plasterdog Web Design
 
WordPress Insider Meetup Group - Jan, 7, 2016 meeting
WordPress Insider Meetup Group - Jan, 7, 2016 meetingWordPress Insider Meetup Group - Jan, 7, 2016 meeting
WordPress Insider Meetup Group - Jan, 7, 2016 meeting
Michelle Castillo
 
EssentiEssential WordPress Security Tips to Protect Your Website in 2024al Wo...
EssentiEssential WordPress Security Tips to Protect Your Website in 2024al Wo...EssentiEssential WordPress Security Tips to Protect Your Website in 2024al Wo...
EssentiEssential WordPress Security Tips to Protect Your Website in 2024al Wo...
jaunelia596
 
Essential WordPress Security Tips to Protect Your Website in 2024.pdf
Essential WordPress Security Tips to Protect Your Website in 2024.pdfEssential WordPress Security Tips to Protect Your Website in 2024.pdf
Essential WordPress Security Tips to Protect Your Website in 2024.pdf
jaunelia596
 
Security Function
Security FunctionSecurity Function
Security Function
Samuel Soon
 
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertComplete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Chetan Soni
 
WordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your WebsiteWordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your Website
ReliqusConsulting
 
WordPress Security - Kulpreet Singh
WordPress Security - Kulpreet SinghWordPress Security - Kulpreet Singh
WordPress Security - Kulpreet Singh
guest4fe370
 
Wordpress best practices
Wordpress best practicesWordpress best practices
Wordpress best practices
Allanki Srinivas
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security Hardening
Timothy Wood
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
Dre Armeda
 
WordPress security
WordPress securityWordPress security
WordPress security
Shelley Magnezi
 
Securing Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad LaskySecuring Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad Lasky
wordcampgc
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011
Vlad Lasky
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!
Marko Heijnen
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
Brad Williams
 
WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018WordPress Security Fundamentals - WordCamp Biratnagar 2018
WordPress Security Fundamentals - WordCamp Biratnagar 2018
Abul Khayer
 
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Bastian Grimm
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
Angela Bowman
 
Joomla Security
Joomla SecurityJoomla Security
Joomla Security
ViryaTechnologies
 
Wordpress Security & Hardening Steps
Wordpress Security & Hardening StepsWordpress Security & Hardening Steps
Wordpress Security & Hardening Steps
Plasterdog Web Design
 
WordPress Insider Meetup Group - Jan, 7, 2016 meeting
WordPress Insider Meetup Group - Jan, 7, 2016 meetingWordPress Insider Meetup Group - Jan, 7, 2016 meeting
WordPress Insider Meetup Group - Jan, 7, 2016 meeting
Michelle Castillo
 
EssentiEssential WordPress Security Tips to Protect Your Website in 2024al Wo...
EssentiEssential WordPress Security Tips to Protect Your Website in 2024al Wo...EssentiEssential WordPress Security Tips to Protect Your Website in 2024al Wo...
EssentiEssential WordPress Security Tips to Protect Your Website in 2024al Wo...
jaunelia596
 
Essential WordPress Security Tips to Protect Your Website in 2024.pdf
Essential WordPress Security Tips to Protect Your Website in 2024.pdfEssential WordPress Security Tips to Protect Your Website in 2024.pdf
Essential WordPress Security Tips to Protect Your Website in 2024.pdf
jaunelia596
 
Security Function
Security FunctionSecurity Function
Security Function
Samuel Soon
 
Ad

More from Adrian Mikeliunas (18)

Office Hour Week 14 Adrian.pptx
Office Hour Week 14 Adrian.pptxOffice Hour Week 14 Adrian.pptx
Office Hour Week 14 Adrian.pptx
Adrian Mikeliunas
 
CISSP introduction 2016 Udemy Course
CISSP introduction 2016 Udemy CourseCISSP introduction 2016 Udemy Course
CISSP introduction 2016 Udemy Course
Adrian Mikeliunas
 
Introduction to WordPress Class 6
Introduction to WordPress Class 6Introduction to WordPress Class 6
Introduction to WordPress Class 6
Adrian Mikeliunas
 
Introduction to WordPress Class 5
Introduction to WordPress Class 5Introduction to WordPress Class 5
Introduction to WordPress Class 5
Adrian Mikeliunas
 
Introduction to WordPress Class 4
Introduction to WordPress Class 4Introduction to WordPress Class 4
Introduction to WordPress Class 4
Adrian Mikeliunas
 
Introduction to WordPress Class 3
Introduction to WordPress Class 3Introduction to WordPress Class 3
Introduction to WordPress Class 3
Adrian Mikeliunas
 
Introduction to WordPress Class 2
Introduction to WordPress Class 2Introduction to WordPress Class 2
Introduction to WordPress Class 2
Adrian Mikeliunas
 
Genymotion Android fast development
Genymotion Android fast development Genymotion Android fast development
Genymotion Android fast development
Adrian Mikeliunas
 
Cómo usar la tecnología para generar más Seguridad y desarrollo local
Cómo usar la tecnología para generar más Seguridad y desarrollo localCómo usar la tecnología para generar más Seguridad y desarrollo local
Cómo usar la tecnología para generar más Seguridad y desarrollo local
Adrian Mikeliunas
 
Linux introduction Class 03
Linux introduction Class 03Linux introduction Class 03
Linux introduction Class 03
Adrian Mikeliunas
 
Linux introduction Class 02
Linux introduction Class 02Linux introduction Class 02
Linux introduction Class 02
Adrian Mikeliunas
 
Linux introduction, class 1
Linux introduction, class 1Linux introduction, class 1
Linux introduction, class 1
Adrian Mikeliunas
 
Introduction to WordPress Class 1
Introduction to WordPress Class 1Introduction to WordPress Class 1
Introduction to WordPress Class 1
Adrian Mikeliunas
 
Task deck
Task deckTask deck
Task deck
Adrian Mikeliunas
 
Ii 1500-publishing your android application
Ii 1500-publishing your android applicationIi 1500-publishing your android application
Ii 1500-publishing your android application
Adrian Mikeliunas
 
Ii 1300-java essentials for android
Ii 1300-java essentials for androidIi 1300-java essentials for android
Ii 1300-java essentials for android
Adrian Mikeliunas
 
Ii 1100-android development for fun and profit
Ii 1100-android development for fun and profitIi 1100-android development for fun and profit
Ii 1100-android development for fun and profit
Adrian Mikeliunas
 
Cyber Security At The Cinema
Cyber Security At The CinemaCyber Security At The Cinema
Cyber Security At The Cinema
Adrian Mikeliunas
 
Office Hour Week 14 Adrian.pptx
Office Hour Week 14 Adrian.pptxOffice Hour Week 14 Adrian.pptx
Office Hour Week 14 Adrian.pptx
Adrian Mikeliunas
 
CISSP introduction 2016 Udemy Course
CISSP introduction 2016 Udemy CourseCISSP introduction 2016 Udemy Course
CISSP introduction 2016 Udemy Course
Adrian Mikeliunas
 
Introduction to WordPress Class 6
Introduction to WordPress Class 6Introduction to WordPress Class 6
Introduction to WordPress Class 6
Adrian Mikeliunas
 
Introduction to WordPress Class 5
Introduction to WordPress Class 5Introduction to WordPress Class 5
Introduction to WordPress Class 5
Adrian Mikeliunas
 
Introduction to WordPress Class 4
Introduction to WordPress Class 4Introduction to WordPress Class 4
Introduction to WordPress Class 4
Adrian Mikeliunas
 
Introduction to WordPress Class 3
Introduction to WordPress Class 3Introduction to WordPress Class 3
Introduction to WordPress Class 3
Adrian Mikeliunas
 
Introduction to WordPress Class 2
Introduction to WordPress Class 2Introduction to WordPress Class 2
Introduction to WordPress Class 2
Adrian Mikeliunas
 
Genymotion Android fast development
Genymotion Android fast development Genymotion Android fast development
Genymotion Android fast development
Adrian Mikeliunas
 
Cómo usar la tecnología para generar más Seguridad y desarrollo local
Cómo usar la tecnología para generar más Seguridad y desarrollo localCómo usar la tecnología para generar más Seguridad y desarrollo local
Cómo usar la tecnología para generar más Seguridad y desarrollo local
Adrian Mikeliunas
 
Linux introduction Class 03
Linux introduction Class 03Linux introduction Class 03
Linux introduction Class 03
Adrian Mikeliunas
 
Linux introduction Class 02
Linux introduction Class 02Linux introduction Class 02
Linux introduction Class 02
Adrian Mikeliunas
 
Linux introduction, class 1
Linux introduction, class 1Linux introduction, class 1
Linux introduction, class 1
Adrian Mikeliunas
 
Introduction to WordPress Class 1
Introduction to WordPress Class 1Introduction to WordPress Class 1
Introduction to WordPress Class 1
Adrian Mikeliunas
 
Task deck
Task deckTask deck
Task deck
Adrian Mikeliunas
 
Ii 1500-publishing your android application
Ii 1500-publishing your android applicationIi 1500-publishing your android application
Ii 1500-publishing your android application
Adrian Mikeliunas
 
Ii 1300-java essentials for android
Ii 1300-java essentials for androidIi 1300-java essentials for android
Ii 1300-java essentials for android
Adrian Mikeliunas
 
Ii 1100-android development for fun and profit
Ii 1100-android development for fun and profitIi 1100-android development for fun and profit
Ii 1100-android development for fun and profit
Adrian Mikeliunas
 
Cyber Security At The Cinema
Cyber Security At The CinemaCyber Security At The Cinema
Cyber Security At The Cinema
Adrian Mikeliunas
 
Ad

Recently uploaded (20)

AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?How Can I use the AI Hype in my Business Context?
How Can I use the AI Hype in my Business Context?
Daniel Lehner
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 

WordPress Security 2018

  • 1. Intro to WordPress Security By Adrian Mikeliunas, CISSP, CISA https://learnwp.us/security/
  • 2.  WordPress Architecture  Securing the server layer  Securing the application layer  Securing the user & admin Agenda http://farm4.static.flickr.com/3036/2913018697_ccbb33e993_b.jpg WordPress Security 2
  • 3.  Adrian Mikeliunas, FCPS Instructor  Certified Information System Security Professional (CISSP)  Certified Information Systems Auditor (CISA)  30+ years of IT experience, 15 in Security  7+ years of WordPress experience  [email protected]  https://learnwp.us WordPress Security 3 Speaker
  • 4. WordPress Security 4 WordPress Architecture Web Server APACHE Students Or Users + Admins App Server PHP Database Server MYSQL
  • 5.  Multiple layers of security controls (defense) are placed throughout an information technology (IT) system.  Database --- inner layer  Application  Web server --- outermost layer  The Goal is to provide redundancy in the event a security control fails or a vulnerability is exploited  Also known as the “Castle Approach” WordPress Security 5 Defense in depth
  • 6.  KEEP A FULL COPY (just in case) of:  Database with user list and content  Installed Themes and Plugins  Customizations and much more…  Enable Secure Sockets Layer (SSL) and update server configuration https://wordpress.org/plugins/really-simple-ssl/ WordPress Security 6 Securing the Database Server
  • 7.  How often should you back up?  How many backups should I keep?  Where should I keep the backups?  Can backups be automated?  Online or Offline?  Check your Hosting provider https://premium.wpmudev.org/blog/backup-plugins-compared/ https://wordpress.org/plugins/updraftplus https://wordpress.org/plugins/backwpup https://ithemes.com/purchase/backupbuddy $ WordPress #6 7 Backups
  • 8. With a PAID monthly subscription ($39/99/299 per year): 1. The VaultPress plugin will backup:  Your site’s content  Themes & plugins in real time 2. Perform regular security scans for common threats and attacks https://vaultpress.com/plans/ http://wordpress.org/plugins/vaultpress WordPress #6 8 VaultPress (if you use Jetpack)
  • 9.  Updating software is necessary to maintain or improve your security! Makes your website faster!  Update your  WordPress site (core)  WordPress themes  WordPress plugins  Which version? https://www.wappalyzer.com/ WordPress Security 9 Core Updates
  • 10.  Easy Updates Manager  Better control of your updates! Avoids updating troublesome plugins or themes  https://wordpress.org/plugins/stops-core-theme-and-plugin- updates/  Easy Theme and Plugin Upgrades  WordPress does not upgrade uploaded commercial themes or plugins by default  https://wordpress.org/plugins/easy-theme-and-plugin- upgrades/ WordPress Security 10 Automating Updates
  • 11.  Plugins can extend WordPress to do almost anything you can imagine!  Active plugins run in your server as ADMINISTRATOR  Plugins from the WordPress community are located at https://wordpress.org/plugins/  Unfortunately NOT all plugins are safe, secure or supported  WordPress got the memo and started to clean up the directory!  https://wordpress.org/plugins/tags/deprecated/  Newer versions of WP have many media enhancements (YouTube, images, …) so you may NOT need extra plugins Plugins WordPress #3 11
  • 12. My 3 factors criteria for selecting a good plugin [or widget or theme]  Check Rating, at least 4 out of 5 stars, and from more than 1000 installs!  At least version 1.01! [many plugins are still version 0.x or BETA]  Date: preferably less than 1 year old [older plugins may NOT be compatible with your site] Plugin Selection Criteria WordPress #3 12
  • 14.  Apache web server has an .htaccess file to restrict content among other functions  Can be used to block bad people or hide content!  Like Lesson material, backups, etc.  Protect uploads is a easy plugin to protect content  https://wordpress.org/plugins/protect-uploads/ WordPress Security 14 Protect Content
  • 15.  Don’t use the “Admin” username to administer your site  Use a new, separate account…  Don’t share admin accounts. Create as few as necessary!  Don’t use the default login URL! [It’s UGLY! Hackers know it!]  Brand login form with your school logo!  https://wordpress.org/plugins/theme-my-login/  Login plugins and two factor authentication https://wordpress.org/plugins/search/login+two+factor/ WordPress Security 15 Accounts & Passwords
  • 16.  Hosting Account [or Operating System if self managed]  Server login (via SSH or third party plugins)  FTP or SFTP account and password  Database account and password  Email account and password WordPress Security 16 Other Accounts
  • 17.  Firewall  Detect and Block malicious activity!  Two-Factor Authentication  Malware Scan Scheduling  Password Security / Expiration WordPress Security 17 Multifunctional Security
  • 18.  Install a security plugin… from free to paid  WordFence https://wordpress.org/plugins/wordfence  iThemes https://wordpress.org/plugins/better-wp-security/  https://wordpress.org/plugins/bulletproof-security/  Other security options:  Hosting provider (extra $)  Content Delivery Network (CDN) WordPress Security 18 Security Plugins
  • 19.  OWASP WordPress Security Implementation Guideline  https://www.owasp.org/index.php/OWASP_Wordpress_ Security_Implementation_Guideline  The Ultimate Guide to WordPress Security  https://premium.wpmudev.org/blog/ultimate-guide- wordpress-security/  https://premium.wpmudev.org/blog/a-complete-guide-to- wordpress-password-security/  WordPress Setup Checklist – 72 steps  http://www.wpmentor.net 14 steps in security WordPress Security Tips WordPress Security 19