Guest post by WordCamp Speaker Robert DeYoung
WordPress is a high quality, secure content management system and you’re using it for your castle (er uh…website). Good start! You keep it up-to-date with each new release. Even better! You’re using a reliable web host with an up-to-date LAMP bundle (Linux, Apache, MySQL, PHP) or equivalent and good maintenance procedures. Smart choice!
But, hackers are always seeking new attack vectors. LAMP and WordPress are not immune. Plugins and custom function code introduce additional opportunities to attack a site. And, no one has the resources to make a site 100% secure.
What’s a person to do? First, don’t get upset or take it personally! Most sites are not a specific target. Hackers scour the Web for vulnerable sites to release their damaging payloads, be it a clandestine site embedded within your site, attempts to retrieve your users’ personal information or other nefarious objectives.
This session will give you some tools to build your castle walls a little higher and thicker and hide those keys well enough to encourage a hacker to look for an easier target. In some cases, you may even be protected if your site has a well-known vulnerability that you haven’t had time to patch with an update.