In this episode, we discuss the nature of WordPress security, and steps to take in order to make your site secure.
Podcast: Play in new window | Download (Duration: 25:29 — 23.4MB)
The Changelog
- Thanks Jafo the Great, Martin Bishop, and Richard Patey for the 5-star reviews
- WordPress 4.0 launching August 27: media grid, improved plugin install experience
- Chrome extensions and security holes (don’t use Awesome Screenshot!)
The Core
- Bumped up security on our list of topics thanks to Jafo’s email
- Doug’s blog post: http://efficientwp.com/the-80-20-of-wordpress-security
- Why is security a concern?
- No static html, using a database and PHP, so there will be inherent security holes
- WordPress is open source – hackers can reverse engineer exploits from security patches
- Random attacks, you’re probably not being targeted specifically
- Common security problems:
- TimThumb script included in some themes and plugins had vulnerabilities
- No protection against brute force attacks out of the box
- SQL injection (relevant xkcd comic), XSS (cross-site scripting)
- What you should do:
- If you’re not using managed hosting, install one of the following plugins:
- iThemes Security (formerly called Better WP Security)
- or Wordfence Security
- or BruteProtect
- More configurations on wp-config.php, .htaccess, robots.txt, and file/folder permissions
- Use strong passwords (use a password manager to store complex passwords)
- Use SSL for wp-login.php (but it’s more work to set up)
- Upgrade frequently – either yourself or use a service like WP Curve
- Choose themes and plugins carefully and go back and check ratings and updates
- Managed hosting:
- Make regular backups (see episode 7)
- Sucuri for malware scanning and protection
- If you’re not using managed hosting, install one of the following plugins:
Tips & Tricks
- Eye Dropper – Chrome extension for getting color codes
- Private Internet Access – secure VPN, $40/year
Podcast: Play in new window | Download (Duration: 25:29 — 23.4MB)
Thanks for listening! If you liked this episode, please leave us a review in iTunes.
We’d love for you to comment below, or leave us a voicemail or message with your feedback.