1.LOCKING DOWNWORDPRESSSecurity, Page SpeedOptimization&Implications on SEO

2. WHY SECURE YOUR SITE? Protect your visitors Save money, time and effort@PROTECHIG 3. INITIAL THINGS TO CONSIDER What is WordPresss biggest Vulnerability? Your Individual/Websites 78% of malaware infectionsGoals are caused by outdated core Choosing the right web hostapplications, plugins,modules, or some other How much traffic do youserver side softwarehave Sucuri Labs Backups How often? Howthorough?@PROTECHIG 4. BASIC SECURITY MEASURES Admin Username Admin Password Using different user for basic tasks Location Themes & Plugins Login Lockdown@PROTECHIG 5. UPDATES Keep WordPress Up To date Always update Themes &Plugins@PROTECHIG 6. CREDENTALS The most common Administrator username is admin its easy forhackers to guess Use Secure passwords with Capital Letters, Numbers, andSpecial Characters Create Different, non-admin accounts to use for basic tasks Editing Posts Publishing Get A Secure Password http://strongpasswordgenerator.com@PROTECHIG 7. LOCATION Never use an unsecured open hotspot It is extremely easy for someone to listen for your personalinformation@PROTECHIG 8. BASIC SECURITY PLUGINS TOCONSIDER Theme Check Compares your theme to current WP Standards Plugin Check Compares your installed Plugins to WP Standards Login Lockdown Limit your login attempts & Restrict IPs Theme Check: http://wordpress.org/extend/plugins/theme-check/ Plugin Check: http://wordpress.org/extend/plugins/plugin-check/ Login Lockdown: http://wordpress.org/extend/plugins/login-lockdown/@PROTECHIG 9. ADVANCED WORDPRESSSECURITY FTP/SSH Use SFTP or SSH whenever possible Two Factor Authentication Block/Limit IPs Sucuri Sitecheck Malware Scanner Kill PHP Execution in uploads Database Vulnerabilities@PROTECHIG 10. TWO FACTOR AUTHENTICATIONDuo Security Sign up for a free account add a "Web SDK" integrationin the Duo administrativeinterface and set its "VisualStyle" to "WordPress". Install and activate the DuoWordPress plugin. fill in the "Integration Key"and "Secret Key" Sign Up URL: http://www.duosecurity.com WordPress Plugin: http://wordpress.org/extend/plugins/duo- wordpress/@PROTECHIG 11. DUO SECURITY INTEGRATION@PROTECHIG 12. SUCURI SITECHECK MALWARESCANNER check for malware, spam, blacklisting and other security issueslike htaccess redirections, hidden eval codeWordPress Plugin: http://wordpress.org/extend/plugins/sucuri-scanner/Web Interface: http://sitecheck.sucuri.net@PROTECHIG 13. LIMIT ADMIN ACCESS TO YOUR IP Create a new .htaccess file in your text editor Past in this code:order deny, allowallow from 202.090.21.1 (replace with your IP address)deny from all Upload (VIA SFTP) to your wp-admin directory Be aware, most IPs change frequently Find Out Your IP: http://www.whatismyip.com/@PROTECHIG 14. KILLING PHP EXECUTION: WHY & HOW There is no need to allow it in your uploads directory Create a .htaccess file in the /wp-content/uploads directory Deny from All Learn More About .htaccess security: http://www.netmagazine.com/tutorials/protect-your-wordpress- site-htaccess@PROTECHIG 15. DATABASE VULNERABILITIES Why is this significant? Is the database name and database username different? Is the password super-secure? Is the table prefix not wp_? MySQL Security Guidelines: http://dev.mysql.com/doc/refman/5.0/en/security- guidelines.html@PROTECHIG 16. CHANGING DATABASE TABLEPREFIX During the initial WordPress install Change it in wp-config.php, or in the guided install After WordPress is installed1.Access Database through PHPMyAdmin (or SSH)2.Change the table prefix manually3.Update wp-config.php@PROTECHIG 17. BACKDOOR HACK Your Website is accessed through unconventional methods FTP SSH WP-Admin Constantly Evolving@PROTECHIG 18. DRIVE-BY DOWNLOADS The web equivalent to a drive-by shooting Point is to download a payload onto users local machineHow Do Hackers Gain Access? SQL Injection Compromised Credentials (WordPress, FTP) Outdated Software@PROTECHIG 19. PHARMA HACK@PROTECHIG 20. HOW IT AFFECTS TRAFFICSeptember 3Rd@PROTECHIG 21. WORDPRESS OPTIMIZATION@PROTECHIG 22. SERVER-SIDE Browser Caching NGINX Compression MySQL Caching Managed DNS Hosting CDN/Load Balancing@PROTECHIG 23. WORDPRESS SPECIFIC WP Super Cache / W3 Total Cache WP Smush.it Remove Unnecessary plugins WP Super Cache: http://wordpress.org/extend/plugins/wp-super- cache/ W3 Total Cache: http://wordpress.org/extend/plugins/w3-total-cache/ WP Smush.it: http://wordpress.org/extend/plugins/wp-smushit/@PROTECHIG 24. DESIGNER LEVEL Minify HTML/JavaScript/CSS Avoid the @import CSS Enque Googles Version of Jquery Web Fonts Use Image Sprites@PROTECHIG 25. THANKS FOR LISTENING Slideshare: ZachRussell Twitter: @ProTechIg Website: protechig.com@PROTECHIG