Another great talk from WordCamp Europe was Aaron Campbell’s Website Security – The Big Picture. He opened his talk with a few of the scary sounding threats that our websites face every day:
- SQL Injection
- Brute force attacks
- Cross site scripting
- Directory traversal
Some easy steps
Intimidating stuff for sure. But there are some very easy steps we can all take to prevent these kinds of hacks and attacks. His suggested approach is a holistic one. We should think of security in everything we do, not just something extra that we have to do
Campbell followed with a nice analogy about living in a safe neighborhood. Your hosting service needs to be like the kind of neighborhood that you would want to live in, safe and secure. If your host provides a good service, they will take care of a lot of the things you don’t want to have to think about.
The use of high quality software was second on his list. If you are downloading free software from some place on the net, how can you be totally sure that it is completely safe? Be smart with which software you use.
Using WordPress is a good start for security too. But beyond that, Campbell made the point that you should also make sure you choose the right themes, from the right kind of publisher. Make sure that you buy themes and plugins from security conscious authors.
He continued with the question, ‘What makes a great password?‘ His answer was good common sense; ‘it should be long, random and unique‘. But one of the biggest flaws in your password is how rarely you change it. This is where a password manager comes in to play. With a password manager you can store, change and strengthen all of your passwords in one place.
There are a lot of good password managers available but here are some of the best:
On top of a password manager, Campbell suggests that we should all be using two factor authentication too. He made a great point that our vulnerability on some open WiFi networks can undermine even the strongest of passwords. Again, there are many very good two-factor authentication apps and plugins; but we have heard great things about Clef and LogMeOnce in particular.
Secure and happy
Campbell concluded that getting attacked is pretty much inevitable. Scripted attacks are the most common threat, they are indiscriminate and thrive on any vulnerability they can find. But with only a little bit of effort you can drastically improve your defense.
The question we all need to be asking ourselves is “How does everything I do impact my security?”…
Additional articles about WordPress security:
– Improve WordPress Security