WordPress Security

Hello once again WordPress fans!

Among our other tasks we’ve been working hard over the last few months to make sure that we’re continuing to train our intern and part-time staff on the fundamentals of support, design, and web-related best practices. We’ve done training on Github, ServiceNow, and we’ll be talking to them about accessibility soon. In addition to helping train them, they’re a good refresher for us and an opportunity to also bring in others from our parent group (OCC) or our partners in ORIED.

This month our attention turned to WordPress security and I wanted to share the contents of that presentation here (and via Slideshare) for others who might find it useful. Keep in mind that I am by no means a security expert! What I am is someone who has managed a lot of sites. I’ve seen more than a few hacked and I’ll admit I’ve had a couple hacked myself. But I’ve also fixed sites – my own and many others – and worked hard to improve security and learn form each instance. So I’m sharing a bit of what I’ve picked up over my time in the WordPress trenches.

I cannot possibly cover everything in the presentation in this post and I’m really not going to try. What I am going to do is offer you my slides (included below) and if you’re RDU local and want some training on this I would be happy to present to you or your org. We’re also going to look at adding it as a course for our campus IT training, hopefully starting sometime this summer.

And finally, a disclaimer: this is not for WordPress developers. This presentation does not cover the security considerations for theme and plugin development, or contributing to WordPress core. This is about how to secure your WordPress install, with an eye towards your hosting, plugin and theme choices, and with awareness of user vulnerabilities. Take a look through and if you have questions or want to see more of my notes, let me know!