WordPress Security

WordPress Security

About this Meetup:

What we covered:

  • Why WordPress Security is Important
  • The Role of Web Hosting
  • The Role of Core, Themes, and Plugins
  • WordPress Security in Easy Steps
  • Advanced WordPress Security
  • Fixing a Hacked Site

Presenter:

Ed Perry is the President and Founder of the Beacon Agency, a digital agency in Houston, Texas that provides marketing, advertising, and technology products and services to small businesses across the country. Beacon specializes in helping local small businesses attract and service more leads. Beacon operates solely online with a distributed workforce, using cloud technologies and automation to operate with minimal overhead. This allows us to provide the same quality of service as much larger agencies, but in a more efficient and timely manner and at a cost that small businesses can afford. Learn more here: https://beacon.agency

Outside of Beacon, Ed is an active outdoorsman and philanthropist. He can often be found fishing, kayaking, and camping in his spare time, which isn’t as often as he would like. He is a digital nomad, and travels around the US frequently for client visits, speaking engagements, WordCamps, and outdoor adventures. Ed serves on the board of several non-profits and associations and is very active as an alumni of the University of Miami and the Sigma Chi Fraternity. He is also active as a business and non-profit consultant, providing business and marketing expertise in a variety of capacities.

Why Website Security Matters

  • Prevents hacking
  • Loss of time/energy
  • Loss of Revenue
  • Loss of Sensitive Data/PII
  • Downtime

Even if you just have a personal website, this can impact you – there are more and more laws that require you to protect personally identifiable information (PII), which includes names and email addresses.

The Role of Web Hosting

The summary here is, you often get what you pay for. There’s a lot of price difference in hosts for WordPress websites. Cheaper hosts often have fewer security measures in place to keep your website secure. If you have a lot of traffic or are selling things, then you may want to look at a VPS or managed WordPress host option.

Don’t forget SSL!

Your website should have SSL to secure the data as it is transferred to the server from the user’s browser. Let’s Encrypt is a great FREE option for SSL.

The Role of WordPress Core, Themes & Plugins in Security

  • Avoid Known Vulnerabilities
  • Core, Theme, and Plugin Updates – Make sure you do them. Update them in this order: plugins, theme, then WordPress. This is the best way to ensure there are no problems while running updates.
  • Automatic Core Updates – some debate on if this is good or bad.
  • Automated Updates (with backups) – There are some services or agency hosts that will also update the
  • Use Supported Themes – it’s better to get a paid theme, often, because it might come with more support as you’re setting it up.

Easy Ways to Secure Your WordPress Site

Change Your Admin Username to Not Be “Admin”

Three Methods:

  1. Create a new admin username and delete the old one.
  2. Use the Username Changer plugin
  3. Update username from phpMyAdmin

Also – make sure that you’re using a secure password!

Install a WordPress Backup Solution

If your website host is not backing up your website (both files and database) daily, you can use a plugin:

The easiest way to fix a hack is to restore a backup. There are different types of backups: Full Backups vs. Snapshots – what kind you need and how often it should be updated depends upon how frequently you’re changing your website/if you’re making sales or getting a lot of form submissions. (The more frequently changes are happening on your website, the more often you need backups to run.)

Off-site Storage of backups is important because if your website gets hacked and the backup is stored on the server. You want your backup to save somewhere else like Dropbox, Google Drive, or even emailing the backup to your Gmail account.

Set Google Search Console

This is free! Search Console tools and reports help you measure your site’s search traffic and performance, fix issues, and will tell you how your website is showing up in Google Search results. It will also send you an email if it thinks your website has been hacked.

Install a Security Plugin

Some possible options:

Use Two Factor Authentication on Your Login Page

There are two types of ways you could set up two-factor authentication:

  • Time-based One-time Password (TOTP)
  • HMAC-based One-time Password (HOTP)

You can use a Two Factor Authentication Plugin to do this (for example, this two-factor authentication plugin that uses Google). The best practice is to have this in place for anyone who can add content to the site, but you may also want to have this in place for any users that can log in as well.

Want to Learn More?

Check out the slides from the meetup at
https://beacon.agency/wp-content/uploads/2019/04/WordPress-Security-Presentation-WP-Georgetown-PDF.pdf

Subscribe now
Receive new meetup summaries by email.

Leave a Reply

Your email address will not be published.