140 WP-Tonic: Best Practices for WordPress Security

Join our panel of WordPRess experts as we discuss best practices for keeping your WordPress site safe and secure.

Our panel this week:
Brian Jackson from https://woorkup.com/ and https://kinsta.com/
Sallie Goetsch from https://wpfangirl.com/
Jackie D’Elia from https://jackiedelia.com/
Jonathan Denwood from https://www.wp-tonic.com/
John Locke from https://www.lockedowndesign.com

Episode 140 Table of Contents

0:00 Podcast intros

1:50 WordPress Security – 18+ Steps to Lock Down Your Site
https://kinsta.com/blog/wordpress-security/

3:12 Learning From Buggy WordPress Wp-login Malware
https://blog.sucuri.net/2016/10/learning-buggy-wordpress-wp-login-malware.html

6:49 Updating your WordPress plugins is one of the most important things you can do
10:22 Test all plugin and theme updates on a staging server

12:25 Surviving Electmageddon: Protecting against a wave of DNS outages

Surviving Electmageddon: Protecting against a wave of DNS outages


(DDoS attacks and advantages of having a secondary DNS server)

17:34 Securing WordPress from the Start
https://ithemes.com/2016/11/02/securing-wordpress/

21:29 It’s a good idea to have redundant backups for your website. You can’t have enough of these.

24:35 What is one WordPress security tip that you should use right from the start?

25:48 Brian has a story about what sort of long-lasting damage to your SEO a single hack can produce.

27:20 Cleaning Up a Massive Negative SEO Attack with Web CEO
https://woorkup.com/cleaning-negative-seo-attack-web-ceo/

29:52 Changing the default login URL can prevent automated attacks. Also, always use strong passwords.

31:11 Always check your code for hidden backlinks to spam sites.

32: 35 We discuss Negative SEO.

33:12 Linkpocalypse Now – The Horror of Negative SEO

Linkpocalypse Now – The Horror of Negative SEO

35:05 Limit the login attempts people can make to prevent a brute force attack. Consider two-factor authentication for logins.

36:16 Deactivate and delete any themes and plugins you’re not using. Don’t use the automatic WordPress install scripts that your hosting company provides.

38:24 Many people use weak passwords, and that’s why they get hacked.

40:37 Install an audit log so you can see what activity is happening on your site. Clients will often be freaked out by how often the site is scanned.

42:25 Don’t use themes where plugins are bundled into the theme (like on ThemeForest)

Why We Shouldn’t Bundle WordPress Plugins In Themes

43:37 Do not allow everyone on your site to have Administrator access

46:15 XML-RPC: What is it? Why should you limit it’s use? HOw do hackers use it?

49:03 Be careful about using public Wi-Fi to FTP or login to your site. Always use HTTPS on your site to encrypt your password when logging in publicly.

52:01 Use a virus scan on your own computer. Your computer can be an attack vector. Keep your version of PHP and MySQL versions up to date on your hosting account.

53:48 Shared hosting is not the most secure option for hosting. Large companies with internal IT departments are also prime for attack.

57:43 How much resistance is there with getting clients on board with WordPress security best practices?

free instagram training

>> CLICK HERE TO JOIN FREE WORDPRESS TRAINING <<<

wordpress training

 

 

https://www.wpvideotraining.org/wp-content/uploads/2017/03/wpgiveaway3.jpg

 

wordpress training

 

"Hey It's Bill And Mike, Grab Your 101 Free WordPress Plugins Below"

best free wordpress plugin

1:02:44 If possible, use a service like LastPass to use strong passwords.
https://www.lastpass.com/

1:03:40 Podcast outros

1:06:35 YouTube bonus content begins.

1:06:47 HTTP security headers and SSL.

1:10:45 Recommendations for two factor authentication.

1:15:38 Changing your salt keys in wp-config.

1:17:27 Preventing hotlinking to images to save your bandwidth.

1:19:30 Does CloudFlare or firewalls slow down your site? Why would you want to use a service like CloudFlare?
https://www.cloudflare.com/

===============

Other lInks mentioned during the show:

Maximum Overdrive (imdb)
http://www.imdb.com/title/tt0091499/

rmoov – The Backlink Removal Tool That Helps You Clean Up Bad Links
https://www.rmoov.com/index.php

Unmasked: What 10 million passwords reveal about the people who choose them
https://wpengine.com/unmasked/

WP White Security

WordPress Security Plugins, Professional WordPress Security Services and Consultation

WP Security Audit Log

home

Co-Authors Plus

Co-Authors Plus

iThemes Security
https://ithemes.com/security/

Google Authenticator

Google Authenticator

WP Clef
https://wordpress.org/plugins/wpclef/

KeyCDN
https://www.keycdn.com/

Optimus – WordPress Image Optimizer

Optimus – WordPress Image Optimizer

===================

Subscribe to WP-Tonic on iTunes
https://itunes.apple.com/us/podcast/wp-tonic-wordpress-podcast/id893083124?mt=2

 

More Video Training From Around The Web

Post Author:

Leave a Reply

Your email address will not be published. Required fields are marked *