EPISODE · Nov 9, 2016 · 1H 7M
140 What Are the Best Practices For WordPress Security?
from WP-Tonic | WordPress | SaaS | Bootstrap SaaS | Startups · host Jonathan Denwood & Kurt von Ahnen
In this WP-Tonic round-table we look at WordPress and security with an excellent panel of WordPress community experts. Our panel this week: Brian Jackson from https://woorkup.com/ and https://kinsta.com/ Sallie Goetsch from https://wpfangirl.com/ Jackie D'Elia from https://jackiedelia.com/ Jonathan Denwood from https://www.wp-tonic.com/ John Locke from Lockedown SEO Episode 140 Table of Contents 0:00 Podcast intros 1:50 WordPress Security – 18+ Steps to Lock Down Your Site https://kinsta.com/blog/wordpress-security 3:12 Learning From Buggy WordPress Wp-login Malware https://blog.sucuri.net/2016/10/learning-buggy-wordpress-wp-login-malware.html 6:49 Updating your WordPress plugins is one of the most important things you can do 10:22 Test all plugin and theme updates on a staging server 12:25 Surviving Electmageddon: Protecting against a wave of DNS outages https://www.wordfence.com/blog/2016/11/surviving-electmageddon-protecting-wave-dns-outages/ (DDoS attacks and advantages of having a secondary DNS server) 17:34 Securing WordPress from the Start https://ithemes.com/2016/11/02/securing-wordpress/ 21:29 It's a good idea to have redundant backups for your website. You can't have enough of these. 24:35 What is one WordPress security tip that you should use right from the start? 25:48 Brian has a story about what sort of long-lasting damage to your SEO a single hack can produce. 27:20 Cleaning Up a Massive Negative SEO Attack with Web CEO https://woorkup.com/cleaning-negative-seo-attack-web-ceo/ 29:52 Changing the default login URL can prevent automated attacks. Also, always use strong passwords. 31:11 Always check your code for hidden backlinks to spam sites. 32: 35 We discuss Negative SEO. 33:12 Linkpocalypse Now – The Horror of Negative SEO http://www.jacobking.com/negative-seo-truth 35:05 Limit the login attempts people can make to prevent a brute force attack. Consider two-factor authentication for logins. 36:16 Deactivate and delete any themes and plugins you're not using. Don't use the automatic WordPress install scripts that your hosting company provides. 38:24 Many people use weak passwords, and that's why they get hacked. 40:37 Install an audit log so you can see what activity is happening on your site. Clients will often be freaked out by how often the site is scanned. 42:25 Don't use themes where plugins are bundled into the theme (like on ThemeForest) https://www.lockedownseo.com/why-we-shouldnt-bundle-wordpress-plugins-in-themes/ 43:37 Do not allow everyone on your site to have Administrator access 46:15 XML-RPC: What is it? Why should you limit it's use? HOw do hackers use it? 49:03 Be careful about using public Wi-Fi to FTP or login to your site. Always use HTTPS on your site to encrypt your password when logging in publicly. 52:01 Use a virus scan on yo...
What this episode covers
In this WP-Tonic round-table we look at WordPress and security with an excellent panel of WordPress community experts. Our panel this week: Brian Jackson from https://woorkup.com/ and https://kinsta.com/ Sallie Goetsch from https://wpfangirl.com/ Jackie D'Elia from https://jackiedelia.com/ Jonathan Denwood from https://www.wp-tonic.com/ John Locke from Lockedown SEO Episode 140 Table of Contents 0:00 Podcast intros 1:50 WordPress Security – 18+ Steps to Lock Down Your Site https://kinsta.com/blog/wordpress-security 3:12 Learning From Buggy WordPress Wp-login Malware https://blog.sucuri.net/2016/10/learning-buggy-wordpress-wp-login-malware.html 6:49 Updating your WordPress plugins is one of the most important things you can do 10:22 Test all plugin and theme updates on a staging server 12:25 Surviving Electmageddon: Protecting against a wave of DNS outages https://www.wordfence.com/blog/2016/11/surviving-electmageddon-protecting-wave-dns-outages/ (DDoS attacks and advantages of having a secondary DNS server) 17:34 Securing WordPress from the Start https://ithemes.com/2016/11/02/securing-wordpress/ 21:29 It's a good idea to have redundant backups for your website. You can't have enough of these. 24:35 What is one WordPress security tip that you should use right from the start? 25:48 Brian has a story about what sort of long-lasting damage to your SEO a single hack can produce. 27:20 Cleaning Up a Massive Negative SEO Attack with Web CEO https://woorkup.com/cleaning-negative-seo-attack-web-ceo/ 29:52 Changing the default login URL can prevent automated attacks. Also, always use strong passwords. 31:11 Always check your code for hidden backlinks to spam sites. 32: 35 We discuss Negative SEO. 33:12 Linkpocalypse Now – The Horror of Negative SEO http://www.jacobking.com/negative-seo-truth 35:05 Limit the login attempts people can make to prevent a brute force attack. Consider two-factor authentication for logins. 36:16 Deactivate and delete any themes and plugins you're not using. Don't use the automatic WordPress install scripts that your hosting company provides. 38:24 Many people use weak passwords, and that's why they get hacked. 40:37 Install an audit log so you can see what activity is happening on your site. Clients will often be freaked out by how often the site is scanned. 42:25 Don't use themes where plugins are bundled into the theme (like on ThemeForest) https://www.lockedownseo.com/why-we-shouldnt-bundle-wordpress-plugins-in-themes/ 43:37 Do not allow everyone on your site to have Administrator access 46:15 XML-RPC: What is it? Why should you limit it's use? HOw do hackers use it? 49:03 Be careful about using public Wi-Fi to FTP or login to your site. Always use HTTPS on your site to encrypt your password when logging in publicly. 52:01 Use a virus scan on yo...
NOW PLAYING
140 What Are the Best Practices For WordPress Security?
No transcript for this episode yet
Similar Episodes
May 21, 2026 ·2m
May 20, 2026 ·3m
May 19, 2026 ·2m
May 18, 2026 ·2m
May 17, 2026 ·3m