140 What Are the Best Practices For WordPress Security?

In this WP-Tonic round-table we look at WordPress and security with an excellent panel of WordPress community experts. Our panel this week: Brian Jackson from https://woorkup.com/ and https://kinsta.com/ Sallie Goetsch from https://wpfangirl.com/ Jackie D'Elia from https://jackiedelia.com/ Jonathan Denwood from https://www.wp-tonic.com/ John Locke from Lockedown SEO Episode 140 Table of Contents 0:00 Podcast intros 1:50 WordPress Security – 18+ Steps to Lock Down Your Site https://kinsta.com/blog/wordpress-security 3:12 Learning From Buggy WordPress Wp-login Malware https://blog.sucuri.net/2016/10/learning-buggy-wordpress-wp-login-malware.html 6:49 Updating your WordPress plugins is one of the most important things you can do 10:22 Test all plugin and theme updates on a staging server 12:25 Surviving Electmageddon: Protecting against a wave of DNS outages https://www.wordfence.com/blog/2016/11/surviving-electmageddon-protecting-wave-dns-outages/ (DDoS attacks and advantages of having a secondary DNS server) 17:34 Securing WordPress from the Start https://ithemes.com/2016/11/02/securing-wordpress/ 21:29 It's a good idea to have redundant backups for your website. You can't have enough of these. 24:35 What is one WordPress security tip that you should use right from the start? 25:48 Brian has a story about what sort of long-lasting damage to your SEO a single hack can produce. 27:20 Cleaning Up a Massive Negative SEO Attack with Web CEO https://woorkup.com/cleaning-negative-seo-attack-web-ceo/ 29:52 Changing the default login URL can prevent automated attacks. Also, always use strong passwords. 31:11 Always check your code for hidden backlinks to spam sites. 32: 35 We discuss Negative SEO. 33:12 Linkpocalypse Now – The Horror of Negative SEO http://www.jacobking.com/negative-seo-truth 35:05 Limit the login attempts people can make to prevent a brute force attack. Consider two-factor authentication for logins. 36:16 Deactivate and delete any themes and plugins you're not using. Don't use the automatic WordPress install scripts that your hosting company provides. 38:24 Many people use weak passwords, and that's why they get hacked. 40:37 Install an audit log so you can see what activity is happening on your site. Clients will often be freaked out by how often the site is scanned. 42:25 Don't use themes where plugins are bundled into the theme (like on ThemeForest) https://www.lockedownseo.com/why-we-shouldnt-bundle-wordpress-plugins-in-themes/ 43:37 Do not allow everyone on your site to have Administrator access 46:15 XML-RPC: What is it? Why should you limit it's use? HOw do hackers use it? 49:03 Be careful about using public Wi-Fi to FTP or login to your site. Always use HTTPS on your site to encrypt your password when logging in publicly. 52:01 Use a vir

Om Podcasten

WP-Tonic is a podcast for WordPress professionals and Bootstrap SaaS startup entrepreneurs or anybody looking to build a business online. We cover a large number of areas with our main show. We interview some creative WordPress and startup entrepreneurs plus online experts who, with their insights, can help you build your online business. Jonathan Denwood and Kurt von Ahnen host and produce the WP-Tonic podcast, which is one of the longest-running WordPress podcasts. Each episode brings you valuable insights with one goal: to help you generate more income and impact through online businesses.