Secure from the start

Kieran O’Shea, open source enthusiast and author of the Calendar plugin gave a talk at WordCamp Edinburgh 2012 on methods to help secure WordPress from hackers. Kieran combined a lot of useful advice with his experience to deliver an informative talk. Something the nerds will appreciate, Kieran was running his WordPress demonstration site on a Raspberry Pi throughout.

C99shell-001

Kieran ran though a number of interesting security stats including:

I’m going to run through some of the topics covered by Kieran including account security, server security and a number of recommended WordPress plugins.

Account security

Avoid the use of the default “admin” username, instead favor something more obscure. The default WordPress username is well known and reduces the amount of work required to brute force the password.

Choosing a strong password was stressed as well as avoiding the reuse of passwords between systems. Particularly important is to use a unique password for your email account, should your email be compromised then password resets can be intercepted and completely bypass any of your other security measures.

There are only so many passwords that can be memorised, this is where password managers come in. Imagine a world where you didn’t have to remember passwords, wouldn’t it be magical? You could use strong random strings of letters, numbers and special characters.

A number of password managers were mentioned including a number of online services which give you access to your passwords no matter where you are.

Server advice

Kieran demonstrated a variant of the c99 shell script, showing the level of access and damage that could be caused from a single script. Some of his advice:

WordPress Plugins

Kieran recommended a number of plugins which can help secure WordPress and also help in the process of recovery and auditing:

Kieran’s presentation, Secure from the Start is available on Slideshare and he maintains a personal blog.

We’ll be covering more of this year’s WordCamp talks in the coming weeks. Subscribe to our feed to keep yourself updated. Remember, iWeb provides open source and bespoke web solutions. We work with WordPress and Magento, get in touch if you’d like to learn more.


Share this article

Posted in WordPress

Tagged , ,

Call us on 01785 279920

Our friendly Magento experts are happy to answer your questions.

Contact us now

Email alerts

Get the latest eCommerce news, reviews and expert advice in your inbox.