{"id":2161,"date":"2013-03-16T19:16:10","date_gmt":"2013-03-16T19:16:10","guid":{"rendered":"https:\/\/2013.atlanta.wordcamp.org\/?p=2161"},"modified":"2013-03-18T17:56:12","modified_gmt":"2013-03-18T17:56:12","slug":"live-blogging-secure-all-the-things","status":"publish","type":"post","link":"https:\/\/atlanta.wordcamp.org\/2013\/live-blogging-secure-all-the-things\/","title":{"rendered":"Secure All the Things!"},"content":{"rendered":"<p><strong>Speaker:<\/strong> Doug Campbell<br \/>\n<strong>Original Post:<\/strong> <a href=\"http:\/\/sideways8.com\/live-blogging-wordcam-atl-2013-security\/\" target=\"_blank\">Sideways8<\/a><\/p>\n<p>I\u2019m in the developers room at WordCamp ATL 2013 and listening to talk about security. Here are a few notes.<\/p>\n<p>My favorite point so far is the speakers point that WordPress is usually not the weak point when a website is hacked. Its usually a plugin, javascript library, several  or some other means of entry.<\/p>\n<p>Keep in mind, shared hosting also means shared security. So, when you are on shared hosting the 100+ sites on that server can impact how secure your site is.<\/p>\n<p>How do Hackers get in? Known exploits, brute force password hacking, network scanners, wifi vulnerabilities (be careful at coffee shops poeple!), automated tools, rootkits.<\/p>\n<p>What do you do to keep your site safe? 3 Words. Update. Update. Update. In other words, keep your stuff up to date! Update the core, Update plugins, Update Themes.<\/p>\n<p>Some good plugins and tools to think about using:<\/p>\n<ul>\n<li>Hotfix Plugin<\/li>\n<li>WP Security Scanner<\/li>\n<li>Login Lockdown<\/li>\n<li>BulletProof Security<\/li>\n<li>Scuri.net<\/li>\n<\/ul>\n<p>Delete plugins and themes that you are not using, even if it is disabled.<\/p>\n<h3>What do you do when your site is hacked:<\/h3>\n<p>Now every PHP file on your site is suspect. So you need to nuke the site and start over. Download WordPress core and re-build the site. Same with your plugins and same with your themes.<\/p>\n<p>Reinstall your database from backups. If a database has been hacked, then cleaning up your files will only help temporarily  The hacker will just get back in and mess stuff up again.<\/p>\n<h3>About Site backups:<\/h3>\n<p>What do I need to have backed up?<\/p>\n<ul>\n<li>Database \u2013 your content is your most valuable thing.<\/li>\n<li>Uploaded media<\/li>\n<li>Custom themes and plugins<\/li>\n<li>wp-config.php<\/li>\n<li>keep a list of your installed third party plugins<\/li>\n<\/ul>\n<p>Make sure you have a history of backups. If your site has been hacked and then backed up you have just backed up your hacked site.<\/p>\n<h3>Other Good Plugins and whatnot:<\/h3>\n<ul>\n<li>Backup Buddy<\/li>\n<li>VaultPress<\/li>\n<li>WordPress backup to dropbox<\/li>\n<li>WordFence<\/li>\n<\/ul>\n<h3>Other Notes:<\/h3>\n<p>Make sure to have secure passwords.<\/p>\n<p>Make your passwords long. A longer password of just simple dictionary words is actually harder for a hacker to crack, for example \u201ccorrect horse battery staple\u201d is better than \u201cTr0ub4dor &amp;3\u2033 because it is longer and therefore harder for a computer to guess with a brute force attack.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Speaker: Doug Campbell Original Post: Sideways8 I\u2019m in the developers room at WordCamp ATL 2013 and listening to talk about security. Here are a few notes. My favorite point so far is the speakers point that WordPress is usually not the weak point when a website is hacked. Its usually a plugin, javascript library, several [&hellip;]<\/p>\n","protected":false},"author":8480538,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[126376],"tags":[],"class_list":["post-2161","post","type-post","status-publish","format-standard","hentry","category-live-blogging"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p2YmVp-yR","_links":{"self":[{"href":"https:\/\/atlanta.wordcamp.org\/2013\/wp-json\/wp\/v2\/posts\/2161","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/atlanta.wordcamp.org\/2013\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/atlanta.wordcamp.org\/2013\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/atlanta.wordcamp.org\/2013\/wp-json\/wp\/v2\/users\/8480538"}],"replies":[{"embeddable":true,"href":"https:\/\/atlanta.wordcamp.org\/2013\/wp-json\/wp\/v2\/comments?post=2161"}],"version-history":[{"count":6,"href":"https:\/\/atlanta.wordcamp.org\/2013\/wp-json\/wp\/v2\/posts\/2161\/revisions"}],"predecessor-version":[{"id":2200,"href":"https:\/\/atlanta.wordcamp.org\/2013\/wp-json\/wp\/v2\/posts\/2161\/revisions\/2200"}],"wp:attachment":[{"href":"https:\/\/atlanta.wordcamp.org\/2013\/wp-json\/wp\/v2\/media?parent=2161"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/atlanta.wordcamp.org\/2013\/wp-json\/wp\/v2\/categories?post=2161"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/atlanta.wordcamp.org\/2013\/wp-json\/wp\/v2\/tags?post=2161"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}