A presentation at WordCamp OC in in Irvine, CA, USA by Francesca Marano
Is WordPress insecure? Not at all! However, an outdated WordPress installation with a weak password and poorly chosen plugins is definitely insecure.
It’s often said that “security is a process”, and the security of your own site starts with you installing the WordPress. Why should you care about security from day one, when your website is brand new and only your mom reads it? What should you do yourself, while your site grows, even if you do not (yet) have the budget to hire experts? How can you make your visitors browsing safer? How can you minimise the chance you site got hacked?
In this talk I will go over some best practices you can implement to make your website safer and why you should care about them. None of these require a single line of code, only some common sense and understanding what is right and what should be avoided as a behaviour while you manage your site.
The following resources were mentioned during the presentation or are useful additional information.
Since 2017 SiteGround has started to automatically issue Let’s Encrypt certificates for every domain that is hosted on our shared servers. Learn why (even if you are not a client read this!)
TL;DR Update! Or even better, have your host do it for you
Don’t forget to secure your computer as well!
Here’s what was said about this presentation on social media.