WordPress Security is like a HHAM Sandwich

50 %
50 %
Information about WordPress Security is like a HHAM Sandwich
Business & Mgmt

Published on March 17, 2014

Author: Red8Interactive

Source: slideshare.net


An overview of WordPress security targeted at beginning and intermediate users. Some light coding required. Talks about hosting, hardening, access and maintenance, the four areas to consider to keep a WordPress site protected from hackers.

 A HHAM SANDWICH For WordPress users

• More than 20% of websites are using WordPress • This makes WordPress a target for hackers NOT IF, BUT WHEN • Without protection, it’s not a question of if you will be hacked, but when


THINK HHAM SANDWICH Hosting Hardening Access Maintenance


• The trouble with sharing • Shared hosting (multi-tenancy) is akin to cubicles in an office—gain access to the office, and with a little effort, you have access to all the cubes • Because shared servers must support many applications, server software is often out of date, which means hackers can exploit security holes in old software, holes that were plugged by yet to be implemented updates HOSTING

 ARE BETTER • Server software is kept up-to-date because the server is only expected to support one type of application software: WordPress

 ARE BETTER • Dedicated WP hosting performs better, it’s optimized to support WordPress’ specific requirements

 ARE BETTER • Built in backups and security scanning, usually nightly

 ARE BETTER • Quality control over plugins—known vectors and server thrashers aren’t allowed


HARDENING Make it hard for the hackers’ bots and they move on
 (some of these suggestions may require a developer)

HARDENING • Shut down the theme and plugin “Editor” • Disallow the theme and plugin editor by adding the following to wp-config.php: 
 define( 'DISALLOW_FILE_EDIT', true );

HARDENING • Set permissions on your wp-content and themes directories to 755 • Set permissions on files to 644 • Install the BruteProtect plugin to block brute
 force attacks

HARDENING • Change the database prefix • In the WP-config.php file change the file prefix from “wp_” to “wp_randomlettersandnumbers_” • Or “randomlettersandnumbers_” • This is best accomplished during the
 initial install of WordPress • Or use the Change DB Prefix plugin
 on an older site

HARDENING • Use the Disable Comments plugin to turn off post comments if they aren’t required, which closes
 several attack vectors • Install Better WP Security for one-stop shop security (some setup required)


ACCESS • You need ten Admins? Really? • Use the to create a custom user role, Manager or Web Master the same capabilities as an Admin but without the ability to add or delete plugins and themes, two common vectors for hackers

ACCESS • Delete the admin user if 
 it exists

ACCESS • U/P: admin/password123? Really? • Use the Enforce Strong Passwords plugin to, well, force users to use strong passwords • Consider two-factor authentication using the Google Authenticator plugin

ACCESS • Force administration over SSL—this is important if the dashboard will be accessed on public WiFi networks • Install an SSL certificate and add the following to the 
 wp-config.php file: • require_once(ABSPATH . 'wp-settings.php');
 define('FORCE_SSL_LOGIN', true);
 define('FORCE_SSL_ADMIN', true);


MAINTENANCE Keep WordPress Seriously, keep WordPress and all plugins up to date

MAINTENANCE • Delete all unused plugins and themes—this is very important, old plugins and themes are a common vector for hackers • Use a staging site to test new plugins and make theme adjustments

MAINTENANCE • If it’s not provided by the host, install a backup plugin, and remote location • Scan the site periodically (nightly?) using a service like


• Do these things and the chances you will be hacked are greatly reduced OR THIS… ! FOLLOW THESE STEPS AND THE CHANCES OF GETTING 

THANKYOU! Red8 Interactive San Francisco, CA St. Louis, MO ! James Hipkin james@red8interactive.com 415.789.3685

Add a comment

Related presentations

Canvas Prints at Affordable Prices make you smile.Visit http://www.shopcanvasprint...

30 Días en Bici en Gijón organiza un recorrido por los comercios históricos de la ...

Con el fin de conocer mejor el rol que juega internet en el proceso de compra en E...

With three established projects across the country and seven more in the pipeline,...

Retailing is not a rocket science, neither it's walk-in-the-park. In this presenta...

What is research??

What is research??

April 2, 2014

Explanatory definitions of research in depth...

Related pages

WordPress Security is Like a HHAM Sandwich | WordCamp ...

This presentation reviews the four key areas that affect WordPress security, the four areas that users need to consider to keep their sites safe: hosting ...
Read more

2012 Sandwich Like Leaflet - Documents

WordPress Security is like a HHAM Sandwich An overview of WordPress security targeted at beginning and intermediate users. Some light coding required.
Read more

Red8 Interactive | LinkedIn

See who you know at Red8 Interactive, ... We've developed an approach we call the HHAM Sandwich: ... WordPress Security is like a HHAM Sandwich.
Read more

Chris Lema - Google+

... "Chris Lema doesn’t sell you on himself. ... He helps companies leverage WordPress, and helps WordPress companies. Search; Images; Maps; Play ...
Read more

Sandwich | LinkedIn

General Manager at Potbelly Sandwich Works Past Assistant Manager at Potbelly Sandwich Works, Shift lead at Potbelly Sandwich Works, Server at Red Lobster, ...
Read more

WordCamp Kansas City - Haden Interactive

WordPress Security is Like a HHAM Sandwich Jason Yingling: How to Find, Choose, and Install The Best Theme for You! Michael R. Hunter: Customizing the ...
Read more