Level Up Your WordPress Security
I had an amazing time speaking and networking at the #WPCampus Event in Buffalo this past weekend. I was fortunate to be able to share some insight on the realm of Security, and make it (hopefully) more than a fruitless, confusion quest.
First of all, here are my slides:
And now, the caveats/prologues:
- I had someone reach out on Twitter and mention that the 56% was too low of a number to spend so much time on. We’ve since connected and expounded on that, but the biggest thing I want to mention is that this is a talk from the perspective of the WordPress user/administrator. There are TONS of other ways that someone can hack into your website, and a lot of them have nothing to do with your code:
- Social Engineering – people playing fast and loose with user information that protects their password identity
- A 3rd party hack – Website A gets hacked, and since the passwords were stored incorrectly there that allows the hacker to gain access to Website B through the same password.
- Bad Passwords – dictionary attacks on passwords that are just plain bad can be brute-forced and overcome in a few minutes (unless you disallow access based on failed password attempts!)
- A lot of attendees explained that they don’t have a lot of control over the server-side of things. That’s fine – that’s why I positioned it like I did (as something that’s innate, but that you may not have a lot of sway over). That’s why the site-specific stuff is so important. It allows you to do something to prevent baddies from gettting in.
- There are more items coming out nearly daily, which is why the external resources and information gathering is so important. Education on a problem means you know what to look for and how to fix it!
Thanks to everyone that came to the sessions – I hope I was able to teach something, and that you come away knowing even a tiny bit more about security than you did when you came in!