1. SecurityConsiderations For W ordP ressPresented by Suzette Franck

2. When Should You ConsiderSecurity?Every Step of the Process!!!Buying Domain Keys To The KingdomHostingPCI Compliance (Credit Cards)Updates and MaintenancePrivacy PolicySharing Of Information & Credentials 3. Secure HostingReputation: Godaddy vs. WPEngineCost: Shared Hosting, VPS, DedicatedServer, Managed HostingSupport: Self-Supporting vs. ManagedHosting (Back-ups?)Software: O/S, cPanel, WHM, Plesk,Apache or NginXPerformance: Speed, Scalability,Upgradability 4. Hosting Questions Are SFTP or SSH Offered? Are PHP (5.2.4+) & MySQL (5.0+) at LatestVersions? Do They Have 24/7 Phone Support? How Have They Handled Past SecurityBreaches And Down Times? Is There An Uptime Guarantee? Do They Do Backups? How Often? 5. Making WordPress More SecureUpdate Core When Updates AvailableASAP .1 Upgrades Are Security & Bug Fixes 1. Upgrades Are New FeaturesCarefully Update Plugins (Backup First!)Use SFTP or SSH, not FTPUse Strong Passwords 6. Account B Pest racticesDelete Default Admin AccountUnique Accounts for Each PersonNo Sharing Of Accounts and PasswordsDo Not Store Your Credentials In ClearText (No Stickies, Excel, or Notepad)Principle of Least Privilege/Role BasedAccess ControlsAlways Use Strong Passwords 7. WordPress RolesSuper Admin - Network Administration(Multi-User Sites)Administrator - Access To AllEditor - Other Users PostsAuthor - Own Posts OnlyContributor - Submit But Not PublishSubscriber - Manage Their Own Profile*Members Plugin - Add and Change Roles 8. Strong Passwordsa=4 e=3 s=5 i=1 o=0 Is Not Secure!!!!Combination of Uppercase andLowercase Letters, Numbers & SpecialCharactersPasswords Should Be Pass Phrases (8-15characters minimum)Change Passwords Often & Never Share(like a Tooth Brush!)Use A Password Manager (i.e. LastPassor KeePass) 9. P Data Security Standard CIFollows Common Sense Best SecurityPracticesHandled Through The Payment ProcessorThat Accepts Credit Cards (PayPal or 3 rdParty Shopping Cart)Requires Credit Card and ClientInformation To Be Stored And TransmittedSecurely (HTTPS/SSL)Strong Secure Passwords Changed Often 10. Privacy PolicyIf You Are Collecting Any Information onYour Website, You Should Have OneType of Collected Information, IntentsShows Commitment to Data SecurityHow to Contact You & Update InformationThird Party Apps Such as Mailchimp,Constant Contact, PayPal Have TheirOwn Privacy Policies 11. Ive Been Hacked!!!Stay Calm, BreatheIsolate the Infection Take Site OfflineChange All PasswordsUpdate Clients Phone Calls Are BestCure The Problem or Hand OffRestore ServiceAnalyze Cause and Prevent FutureInfections 12. Security Resourceshttp://sucuri.nethttp://codex.wordpress.org/Security_FAQhttp://codex.wordpress.org/Hardening_WordPresshttps://www.pcisecuritystandards.orghttp://en.wikipedia.org/wiki/Privacy_policyhttp://blog.shareaholic.com/2012/09/wordpress-host-guide/http://www.coppa.org/http://www.hhs.gov/hipaafaq/about/190.html 13. Questions and Answers Twitter: @suzetteworksuzette@kussner.com http://suzettefranck.com