Charleston WordPressCharleston WordPress

http://wpchs.orghttp://wpchs.org Twitter: @wpchsTwitter: @wpchs

Our PartnersOur Partners

#wpchswpchs

Thank you to . . .

WordPress Setup and Security

WordPress Setup and Security

Michael Carnell - @carnellmMichael Carnell - @carnellm

Let’s Talk HostingLet’s Talk Hosting

The Not So GoodThe Not So Good

GoDaddy - common back end database that isn’t secured well and suffers from performance overload, poor support

Brinkster - has been hacked numerous times

FreeHostia - slow, free account is very limited, always pushing the upsell

For the Good TimesFor the Good Times

DreamHost - Not always the cheapest, but good and good support. But watch CPU usage as they will cut off processes.

MediaTemple - Again, not cheap, but very stable and secure. Monitors scripts.

BlueHost

HostGator

The Basic RulesThe Basic RulesDo your research - http://www.michaelcarnell.com/hosting

Check their own support forums

Is there a free trial or money back guarantee?

None of this really applies to WordPress.com

If you are hosting yourself, that is a different set of issues

The Dirty Detailsfor WordPress

The Dirty Detailsfor WordPress

Install CorrectlyInstall Correctly

While installing (most will use OneClick) . . .

Consider your directory? Do you use the standard? Root?

Consider altering the database name if your install allows.

Make database username and password long and cryptic. Store them away not to be used.

Don’t user redundant info - admin name same as username, same as blog name, etc...

Double Check the InstallDouble Check the InstallFile level tasks to be done via FTP . . .

Delete ..\wp-admin\install.php

In wp-config.php, add the optional security keys - http://api.wordpress.org/secret-key/1.1/

Add index.php, a blank file to all plugin and theme directories if it isn’t already there

Check the file directory privileges (if you are comfortable)

Post Install SetupPost Install SetupCreate new admin user with strong password

Change Admin password and make a subscriberWhy not delete??

Make your main admin’s display name different from login name

Change setting to allow editing by outside packages if wanted - but know what you are doing

Change “permalink” structure (thank you WP 3.3!)

Demo Time Again....

After Setup Before LiveAfter Setup Before LiveThemes ... not this session!

Plugins that you should have:

Askimet - AntiSpam, comes with the install

Block Bad Queries - blocks code injection through queries

Search Meter - What are your visitors looking for, but also shows extraneous search injections

SecureWordPress - basically a security audit

AntiVirus or another such

Demo Time Again!

Simple Backup for WPSimple Backup for WPYour content is your responsibility, not your hosts.

Great a GMail account or use your current one with custom address such as “yourname+backups@gmail.com”

Make a filter that auto files away all email coming in to that address.

Database - WP-DB-Backup

Images & Themes - WordPress Backup

Michael Carnellhttp://www.MichaelCarnell.com

@carnellm on Twitter

Slides and further info available on...

Sophisticated Secure Websiteshttp://www.DesignTechWeb.com

Q & AQ & A

Some Other BusinessSome Other BusinessWordPress 3.3 is Out! (Wanna demo?)

CiviCRM now working with WordPress in Alpha

WordCamp Atlanta - February 3 & 4 http://2012.atlanta.wordcamp.org

Next Meeting, January 10 -

Until then, don’t forget the updates on WPChs.org

Charleston WordPressCharleston WordPress

http://wpchs.orghttp://wpchs.org Twitter: @wpchsTwitter: @wpchs

Our PartnersOur Partners

#wpchswpchs

Thank you to . . .