Kieran O’Shea, open source enthusiast and author of the Calendar plugin gave a talk at WordCamp Edinburgh 2012 on methods to help secure WordPress from hackers. Kieran combined a lot of useful advice with his experience to deliver an informative talk. Something the nerds will appreciate, Kieran was running his WordPress demonstration site on a Raspberry Pi throughout.
Kieran ran though a number of interesting security stats including:
I’m going to run through some of the topics covered by Kieran including account security, server security and a number of recommended WordPress plugins.
Avoid the use of the default “admin” username, instead favor something more obscure. The default WordPress username is well known and reduces the amount of work required to brute force the password.
Choosing a strong password was stressed as well as avoiding the reuse of passwords between systems. Particularly important is to use a unique password for your email account, should your email be compromised then password resets can be intercepted and completely bypass any of your other security measures.
There are only so many passwords that can be memorised, this is where password managers come in. Imagine a world where you didn’t have to remember passwords, wouldn’t it be magical? You could use strong random strings of letters, numbers and special characters.
A number of password managers were mentioned including a number of online services which give you access to your passwords no matter where you are.
Kieran demonstrated a variant of the c99 shell script, showing the level of access and damage that could be caused from a single script. Some of his advice:
Kieran recommended a number of plugins which can help secure WordPress and also help in the process of recovery and auditing:
We’ll be covering more of this year’s WordCamp talks in the coming weeks. Subscribe to our feed to keep yourself updated. Remember, iWeb provides open source and bespoke web solutions. We work with WordPress and Magento, get in touch if you’d like to learn more.
Get the latest eCommerce news, reviews and expert advice in your inbox.