Manage episode 231578080 series 2421837
So I have installed a security plugin on WordPress website and my security setup is done. Is it? Well, this is just the beginning rather than the end of a better security process.
On WordPress websites, there are so many moving parts like web hosting, plugins, themes, user logins, permissions, SSL and more. Oliver Sild from WebARX Security explains about security management for WordPress websites.
01. Secure Web Hosting
- Web hosting service is an important component when dealing with client websites. Of course, every web hosting company has “secure hosting” as one of their feature set and most freelancers do not have their own VPS or dedicated servers. So, how does one choose a web hosting which is actually more secure than the next best more advertised option?
- Based on your experience, do you have any favorite web hosting service providers with a better track record with respect to security?
- For someone hosting fairly simple WordPress based client websites using a popular web hosting provider, is there anything additional at the “Server Level” that can be done to tighten up the security?
02. Making WordPress Secure
- A WordPress website has a lot of moving parts like themes, plugins, user logins, even transactions in case of e-commerce setup. Where does one start with better security setup from “within the WordPress Dashboard”?
- I will install the Yoast SEO plugin and my SEO is done. Similarly, I will install a security plugin and my website is secure. This is a very common discourse among WordPress starters. So, is installing a security plugin on a WordPress website enough?
- Based on your historical data and experience, is it WordPress Plugins or WordPress Themes, the main source of malicious code spread?
- What seems to be the trigger behind security issues with popular plugins like social warfare recently? Is it people sharing about hacks more proactively now or things have become really bad when more malicious code attempts?
- What extra security tightening is needed when WordPress has an e-commerce setup allowing transactions to buy items?
03. Technical Security
- Brute force, DDOS attacks are common scary words among freelancers and agency owners. Most of them do not understand these because that is not their expertise or the focus area. How would you explain these terms to that audience?
- Most users do not know how to read logs to identify security threats. Would you recommend them hiring a professional or using some service that makes logs understanding easy for them?
04. Common Security Challenges
- So, the server is setup and WordPress websites is up and running. How important is regular monitoring and what you recommend for monitoring security health of a WordPress website?
- How does your product WebARX help WordPress users for better security of their WordPress websites?
Oliver Sild’s ToolBox
- Love using intercom (.com) for customer communication.
- Jira, slack, bitbucket are few important tools in the setup.
- Siteground is a good hosting option when not using own server setup.
About Oliver Sild
When I was 15 I built my first online “service” which was connected to Dynamic SMS system that allowed to order random Chuck Norris jokes via SMS.
I was also into MMORPGs back then and I was helping to run a private server of one of such games. This is where I got into Linux servers (CentOS) and into security, as the servers were constantly DDOSed and the web applications where in-game purchases were made was constantly under attack.
I went to study computers and networking and I actively did responsive disclosures for different organizations. At the time in school, I started to do PHP development and we built a basic site where people could upload/download their homework. Around the same time, I was also invited to Estonian Cyber Defense League which is a voluntary cybersecurity unit (Military).
By the age of 17, I participated in different military exercises and mainly focused on responsive disclosures next to doing web development for friends, etc. In 2013 I started my entrepreneurial career when together with a schoolmate we started our own web development agency.