Securing your WordPress Site – Wordcamp 2017

As a developer, I have in the past spoken in front of College Students and undertook Corporate training programs – but my first talk at a conference was quite an experience. Having set up multiple WordPress sites over the years for my clients, and having some of them hacked – I decided to speak about common security measures.

Just before my talk, I had a bit of mess up as there was no projector connector for my Mac. As a precaution, I usually carry one always when speaking, but I missed it this time. However, the volunteers quickly got me up and running on another computer.

My talk started pretty well, but since this was being recorded – there were two spot lights shining brightly on my face – that didn’t let me analyse the audience’s reaction except the ones on the front row.

I had no more access to my speaker notes because I had exported my presentation to HTML format – but somehow I managed to have all my points covered since I had already prepared for the talk a couple of times.

Post the talk, the Q&A session evoked some questions and discussion as well. One discussion was about how having a different URL for login is not really a security tip, but more of a deterrence for developers working on the project later. Some folks in the audience suggested that it is better to give 444 permission to hidden files like .htaccess and wp-config, once they have been set up. This is the least amount of permission that can be given, and makes the file read-only.

I think I finished the talk on time, and then took some of the discussions off the stage.

I will share a video of the talk – once they have been uploaded by the team.

Leave a Reply