WordPress Security

Pint Sized Marketing, April 2019

@irishwonder IrishWonder’s SEO Consulting
WHY SECURITY MATTERS?

NOT JUST BECAUSE OF GDPR

NOT JUST FOR INTERNET
SECURITY PROFESSIONALS

SEO NIGHTMARES

HACKED SITES,
NO WARNINGS

BY THE TIME YOU SEE
A WARNING HERE,
IT MIGHT BE TOO LATE

GOOGLE WEBMASTER
GUIDELINES:

YOU ARE THE ONLY PERSON
RESPONSIBLE
FOR YOUR SITE’S SECURITY

Vulnerabilities by Type and Year

Who’s Attempting to Hack Your Site?

BUILD YOUR SITE…

…OR CHOOSE YOUR POISON

The larger the system,
the greater the
probability of
unexpected failure
- One of the systemantics laws

https://medium.com/@Gadgetoid/analyzing-the-pipdig-wordpress
-plugin-ddos-code-and-their-explanation-for-why-it-exists-
87f12edf5f9f
Additional Reading:

https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-
massive-wordpress-soaksoak-compromise.html
Additional Reading:

 Once approved for Plugins Directory
inclusion, they are not checked any
more

 Updates are not checked

 Developers are not required to
maintain and update them

 Nobody bears responsibility for what
they do to your site

 While you can update standalone
plugins, you cannot update plugins
included into themes

 Only use plugins you
ABSOLUTELY NEED

 If you have to search to know
if you are using a certain
plugin, you’ve got a problem

REMOVE UNUSED PLUGINS

Only use themes from
reliable sources

Know what plugins a theme uses

Demand updates

Keep a clean backup of your
theme somewhere secure

REVOKE UNNEEDED ACCESS

UPDATE wp_users SET ID= '111' WHERE ID= 1;
UPDATE wp_usermeta SET user_id = '111' WHERE user_id = 1;
UPDATE wp_posts SET post_author='111’ WHERE post_author=1
*Keep in mind your actual database name,
your desired ID and your SQL version syntax

CHECK IF EVERYTHING
IS LATEST VERSION
(AND IF THE LATEST
VERSION IS SECURE)

CHECK FOR KNOWN
VULNERABILITIES

A WORD OF WARNING
ABOUT SUCURI:
IT’S AN EXCELLENT FIREWALL
BUT CAN ONLY SEE SO MUCH
FROM THE OUTSIDE

MYTH:
SSL = SECURE SITE

“buy tramadol” SERPs:
All 3 hacked sites are HTTPS

One site has SSL implemented incorrectly

CHECK YOUR SSL CERTIFICATE

YOUR SSL IMPLEMENTATION
IS ONLY SECURE
IF YOU CONSISTENTLY LINK
TO SECURE RESOURCES

HAVE A CLEAN BACKUP

FIRE ALARM SCENARIO:
WHEN YOU ARE HACKED/
SUSPECT A HACK

 Check your server logs to see any unusual
URLs being requested
 Check Majestic for your indexed/linked to
pages
 Check Google Search Console for unusual
queries, URLs and crawl errors

• info@irishwonder.com
• Twitter: @irishwonder
• Slideshare (for this and other decks):
http://www.slideshare.net/irishwonder/
• LinkedIn: linkedin.com/in/irishwonder
• Blogs:
http://www.irishwonder.com/blog/ -
general SEO
http://www.irishwonder.syndk8.co.uk/ -
darker areas

WordPress Security

More Related Content

Similar to WordPress Security (20)

More from Julia Logan a.k.a. IrishWonder (12)

Recently uploaded (20)

WordPress Security

Editor's Notes