140 WP-Tonic: Best Practices for WordPress Security

Join our panel of WordPRess experts as we discuss best practices for keeping your WordPress site safe and secure.

Our panel this week:
Brian Jackson from https://woorkup.com/ and https://kinsta.com/
Sallie Goetsch from https://wpfangirl.com/
Jackie D’Elia from https://jackiedelia.com/
Jonathan Denwood from https://www.wp-tonic.com/
John Locke from https://www.lockedowndesign.com

Episode 140 Table of Contents

0:00 Podcast intros

1:50 WordPress Security – 18+ Steps to Lock Down Your Site

3:12 Learning From Buggy WordPress Wp-login Malware

6:49 Updating your WordPress plugins is one of the most important things you can do
10:22 Test all plugin and theme updates on a staging server

12:25 Surviving Electmageddon: Protecting against a wave of DNS outages

Surviving Electmageddon: Protecting against a wave of DNS outages

(DDoS attacks and advantages of having a secondary DNS server)

17:34 Securing WordPress from the Start

21:29 It’s a good idea to have redundant backups for your website. You can’t have enough of these.

24:35 What is one WordPress security tip that you should use right from the start?

25:48 Brian has a story about what sort of long-lasting damage to your SEO a single hack can produce.

27:20 Cleaning Up a Massive Negative SEO Attack with Web CEO

29:52 Changing the default login URL can prevent automated attacks. Also, always use strong passwords.

31:11 Always check your code for hidden backlinks to spam sites.

32: 35 We discuss Negative SEO.

33:12 Linkpocalypse Now – The Horror of Negative SEO

Linkpocalypse Now – The Horror of Negative SEO

35:05 Limit the login attempts people can make to prevent a brute force attack. Consider two-factor authentication for logins.

36:16 Deactivate and delete any themes and plugins you’re not using. Don’t use the automatic WordPress install scripts that your hosting company provides.

38:24 Many people use weak passwords, and that’s why they get hacked.

40:37 Install an audit log so you can see what activity is happening on your site. Clients will often be freaked out by how often the site is scanned.

42:25 Don’t use themes where plugins are bundled into the theme (like on ThemeForest)

Why We Shouldn’t Bundle WordPress Plugins In Themes

43:37 Do not allow everyone on your site to have Administrator access

46:15 XML-RPC: What is it? Why should you limit it’s use? HOw do hackers use it?

49:03 Be careful about using public Wi-Fi to FTP or login to your site. Always use HTTPS on your site to encrypt your password when logging in publicly.

52:01 Use a virus scan on your own computer. Your computer can be an attack vector. Keep your version of PHP and MySQL versions up to date on your hosting account.

53:48 Shared hosting is not the most secure option for hosting. Large companies with internal IT departments are also prime for attack.

57:43 How much resistance is there with getting clients on board with WordPress security best practices?

free instagram training


wordpress training





wordpress training


"Hey It's Bill And Mike, Grab Your 101 Free WordPress Plugins Below"

best free wordpress plugin

1:02:44 If possible, use a service like LastPass to use strong passwords.

1:03:40 Podcast outros

1:06:35 YouTube bonus content begins.

1:06:47 HTTP security headers and SSL.

1:10:45 Recommendations for two factor authentication.

1:15:38 Changing your salt keys in wp-config.

1:17:27 Preventing hotlinking to images to save your bandwidth.

1:19:30 Does CloudFlare or firewalls slow down your site? Why would you want to use a service like CloudFlare?


Other lInks mentioned during the show:

Maximum Overdrive (imdb)

rmoov – The Backlink Removal Tool That Helps You Clean Up Bad Links

Unmasked: What 10 million passwords reveal about the people who choose them

WP White Security

WordPress Security Plugins, Professional WordPress Security Services and Consultation

WP Security Audit Log


Co-Authors Plus

Co-Authors Plus

iThemes Security

Google Authenticator

Google Authenticator

WP Clef


Optimus – WordPress Image Optimizer

Optimus – WordPress Image Optimizer


Subscribe to WP-Tonic on iTunes


More Video Training From Around The Web

Post Author:

Leave a Reply

Your email address will not be published. Required fields are marked *