 All right, okay. So, safeguarding your website, smart WordPress security. Let's talk about it. Now, I'm curious because before we get into it, it's very important to understand where we all are as a group at our WordPress level. So you don't all have to speak at once. I would appreciate it if you would add in the chat. What is your WordPress level? Are you a beginner? Are you an intermediate user? Are you an advanced user? Because that'll let me know how do I tailor the conversation and make sure that we are all talking about the most important WordPress security measures. So we have Rick, a bit of a beginner, okay. Let's get beginner as well. I'm assuming when we say beginner, we're talking about like just started on using WordPress or about one to two years in that kind of a beginner. I'm assuming that sometimes it does take a little bit of a little bit of time to get used to WordPress is a very complex system. And that's the reason why this is important as far as security wise, because you definitely want your website, all that hard work you put in, you want to make sure your website is secure. Okay. Okay, Karen the beginner first year. Is it Lance is a middle Ellis a year in. Okay, okay. So we're we got a lot of people here, if not most that are of a year or so in. First of all, I'm asking that question because I want to reassure you right and really get rid of the whole myth if you don't already know that WordPress isn't secure. There's a lot of people out there, especially competitors that try to say WordPress is hacker prone and isn't secure and you can, and that's just not true. There are many things that we're going to talk about today that make sure website more secure, but WordPress itself is a very secure content management system. So I just want to move that whole mess out the way we go move it to the side, so that way we can get the myth. Over and done with WordPress is secure. However, there are things that can happen that there are ways that you can be compromised right that you can avoid by using some of these strategies and tactics that we're going to talk about today. So the first and one of the most important, I would say factors and your WordPress vulnerability is going to be. And again, this is not an exhaustive direct list right I put it in some type of sequential order, how well depending on your situation and and everybody's perspective, your or your list of priority may differ. But the reason why I'm adding plugins as one of the number one ways, how people like a kid in the candy store. Right for those of us who got kids or that was a kid I believe everybody here should have been a kid but yeah for those of us who have been a kid at some point in time and we had a time there was a time where we had an overabundance and if we had too much. You wouldn't so we try to pick everything I want that the marshmallows and the gumdrops and the Snickers and the chocolate doodles and everything in the world I want it all. And next you know, we are causing our parents way more dentistry bills than necessary. And that is WordPress. And that's how a lot of us are when it comes to WordPress. If you aren't careful on the type of plugins that you use, especially when you're picking a lot of plugins, you have more opportunities for vulnerabilities because just like other areas and WordPress developers can attack plugins, especially when they're outdated. So be careful on the plugins that you use make sure they're from a credible source make sure they're from a company, a dev team a development team that cares about their code that cares about their software and their team, and we'll put that at the time and effort into the plugin. So that's why I'm starting with plugins because most of us don't use WordPress without plugins and most of us, I would say, use plugins that sometimes we don't even really know too much about we just know what it does until we just add it to our website. So be careful with plugins. That's a huge security factor because it you're adding multiple vulnerability aspects to your website. Similar to plugins you have themes that can be compromised right through a hacks or through some type of breach. It's a very similar concept to plugins the difference between the two and its most simplistic form is you're not going to have multiple themes on your website. Now you'll even if you have a child theme, which is a sub theme of a main theme, even when you have that happen, you're not going to have a whole bunch of other activated themes you may have a backup theme on your website which is a good practice to have but you're not going to have multiple active themes where you'll have multiple active plugins. However, just like when it comes to plugins, you definitely want to make sure you definitely want to make sure that you are using a plugin that is credible. Okay, it is credible. And this is important. This is an example of the reason why I'm saying this if you go to the WordPress repo or the theme repo, and you go to popular themes you'll be able to see the most popular themes. I'm sure there's a lot of people here that have their favorite theme so whatever if you have a theme that you feel like is the go to theme is your top dog top notch theme, put it in the chat. Please share that thing that you just love you think is a really good thing. What are my favorite things is this name called cadence. I'm a big fan of that. I also use astra. It's a really good theme as well, and they're backed by a really good company so I really feel secure when it comes to my website because I'm working with a theme that is backed by a team that actually cares. Again, I'm not saying that things can't be penetrated they can't be compromised or they can't be hacked into but you have chances of that less likely happening if you are using with a team that knows what they're doing and that stays on top of things. Like cherry on top of the cake. Now here's an example of a theme being attacked. This is a while ago in January and it was access press, and it was over 90 WordPress themes and plugins and this is not the first time this has happened this was just a big deal at that time, but they were hacked, and it's one of those things where you got to let your users know you got to let people know, you got to let them know why you have to then go into precautions of how to prevent it then you have to earn your trust back from the users, etc, etc. The people that were attacked or had been compromised do they have to make it compensated just what what happens when all those situations happen. So that's why it's something that you want to really think about I don't think people think about that enough when it comes to the website, the importance of having their theme just as much as their plugins, maintained from a credible source. If you have any questions, feel free to put them in the chat but we'll definitely get to everything as much as possible at the end let's see and if you haven't used WordPress I'm going to assume most people in here have used WordPress so this isn't going to show too much but just in case if you go to the plugins you can see here in the plugins repository that you can literally just go here and add or click the word popular, and then you can see the most popular plugins. Now don't let things fool you because this is what's crazy and I know somebody here in this session and speak your mind speak your peace if that's how you feel, but Yoast is one of those ones where it's so popular. They have a cold following, but they did get in trouble they did get a hacked or they had a vulnerability issue and they didn't tell their users for a very long time and they lost a lot of trust when that happened. They're very popular plugin you can see five million activation strong and their SEO plugin. So it's just one of those things where you have to pay attention, you got to pay attention or you have to work with people that are paying attention, because if you're a busy business owner or freelancer blogger content creator, and you're not paying attention or working with somebody who's paying attention. You may have something like Leo's happened and you're finding out an email months later that your website can potentially be compromised from a major company. It happens. Alright, so updates is the next thing that I want to talk about when it comes to your plugins WordPress has different versions and one of the latest major versions of WordPress, not anytime like recent in the last few months but I think it was about a year ago. I had a major update when it came to enabling auto updates. And that was huge because a lot of people were enabling auto updates from other plugins or other hosting functionalities, but now you can do it directly inside of WordPress. And this is one of those things as well that you want to be careful with. Not all updates are created equally. Not all auto updates are created equally. What do I mean by that. You can have an auto update turned on and it updates your website from a major update from a plugin that didn't test out all the bugs in the plugin before they had this major update. So now while you're at home or you're at work or you're out exercising or you're having some fun having dinner or something like that and then you get home and then you notice that your website is broken you get that phone call you get that message that websites broke. How did it break what happened did I get hacked today, but no not really update your website and the bugs weren't fixed yet in the plugin auto updated. So it happens it's not often but it does happen and that's why I'm giving you this little tip right here not saying I don't want you to auto update your plugins. I do it's a best practice but just be aware and understand that it can also do some damage if you're not paying attention. But if you don't update your plugins once again, you are susceptible for being vulnerable to hacking and then this is just another image right here of what it looks like. For those who haven't seen the back end of WordPress when it comes to the updates, you can just toggle everything and then update if you want to do it manually. If you have your auto updates on you're going to see this little message here that says auto automatic update scheduled in X amount of hours. Yeah, auto updates is one of those tricky things where you definitely want to have it you want to be able to utilize it to have it. The more plugins you have you especially want to have it but then the more plugins you have and the more. I don't want to say lazy but if you're not paying attention to things and just saying the update patterns like seeing okay when you're using these plugins. And you've had auto updates on for a week a month six months have you had any issues yeah if you've had any issues turn that sucker off turn that joint all the way off. If not okay leave it on you just got to be mindful just got to be mindful where press websites are upkeep let me try to check out. If there's anything just I'm just checking the chat real quick. It works well with other plugins not cause it's yeah it's true because look yes look I want to change to different stuff but can I do that. Okay yeah thank you yep thank you definitely can you know change to whatever plugin especially the fact that they have the import settings now. Well one of my favorite SEO plugins is called rank math, and it has a migration setting to come from your specifically. Okay. And this is what it looks like when it comes to the updates from the core version of WordPress so I was talking to you about using the updates when it came to the plugins and the theme, but WordPress itself as I just mentioned, it does have core updates so you want to be checking those, you can also turn those to auto updates if you enable the auto updates for your WordPress core updates, those updates are very important. I will say that's because that's the actual core that's WordPress itself has nothing to do with your plugins, it's WordPress yourself so you got to think. When you think about WordPress there's a couple layers to it and I'm going to get to the next one here in a second, but you have WordPress like the core and then you have WordPress the plugins that technology sector right there. And then I'm going to share with you another technology side but again think of WordPress the core, but the platform, then you got to think about the plugins that you connect to the platform. So think about them separately, not as one thing even though they work as one system. Passwords. This should be pretty much common sense I would assume for most of this in here I think most of this, if not all of us in here are pretty, pretty darn intelligent. And I believe most of us if not all of us understand the importance of passwords, but it's just something that needs to be said as well for someone who does just need a quick reminder. I forgot I got to change 2023. I got to update my password I got to change things I'm doing these things and I'll make one of those people I am so you can boomie or excuse me, excuse me. Yeah, because I got to update my password sometimes I use the same password in certain situations, and that's not a good practice to have my passwords are always very hard though but the same time it's like when you have 100 plus different passwords, I would recommend for those of you all who are using a lot of logins to use a password manager, instead of saving the passwords to your browser I know we get into the habit to that. But make sure that you are using a password that has capital letters, lowercase letters numbers and special characters because passwords are one of the easiest ways to get hacked get your website hacked, especially if you're just keeping it very simple. We get even though we know the common factor of it we just get lack of days ago with things as people sometimes and that's normal that's natural. I just wanted to remind you. You want to use strong passwords is a security factor. Now going to that third part of how I'm trying to get you to think about WordPress in a way right when we're compartmentalizing it. I mentioned WordPress core WordPress plugins. Now let's talk about the WordPress hosting and you can say chicken or the egg scenario right which one came first which one's more important first. I wanted to start with WordPress is first intentionally because I just know people get very excited when it comes to those plugins, because they have you create the functionality in the website of your dreams right hosting is a little bit more. Okay, why don't I care about hosting what I need hosting for until you realize your website is really slow in your life. Oh, but hosting, I would say is very important factor you want to use secure hosting. And you want to make sure that your hosting has a firewall or application firewall, good backups, and some type of malware or site scanning. These are some hosting examples here for anybody that has a host that they do love or please put it in the chat. I just wanted to give some examples of some really good hosts that have these factors involved and they are pretty fast. I always advise people do not go cheap on hosting, you will pay for it later. I promise you. I mean, is a good one as well. So here's a another will say want want want moment right or we call boom moment. So go daddy got breached themselves as well and this is no knock on go daddy but I wish I had my knock knock sound but at the same time, I'm not a fan of go daddy because they just they try to do too much they just try to do too much. They got hacked. This was recent. This was not like a long time ago. And again, they pulled the situation where they failed to let people know they are they took too long for whatever reason it is what it is. But a lot of people sites were compromised because of this and I always advise people not to go go daddy for hosting anyway if you want to buy your domains they are fine, but you don't want to buy land or hosting or trip to the moon will go daddy because you that's a no daddy you don't want to know what you don't get with them. But it happens, even with hosting so hosting is one of those huge aspects of your WordPress website, because there's so many technologies involved with there's so many complexities involved with it that you don't need to know about. You just need to know it's working and working well on your behalf. So again, pick your hosting wisely, not go with cheap hosting or because they doing some gran also deal. When you look at their reputation. It's a little if it's a little if you're on the sideline. So with this really good secure web hosting, we want to think about, as I mentioned, our firewall, you want to think about backups and scanning I use site ground as an example for hosting but whatever hosting you use most hosts have very similar features even if they have a kind of a different back end user interface, like some hosting are still using cPanel right to type of use the interface for hosting, and some hostings are using their own interface so for instance when you use site ground you're going to see something different than you would see when people are using cPanel. So I'm back here in site ground as you can see in my hosting and if I go to security. You can see here that I have backups on the hosting side and that's not the same thing as backups on your website side so this is backups on what they call the server side backups where my server my hosting is backing the site up. But if my hosting goes down. I don't have access to those backups. So you got to keep that in mind hosting goes down. I don't have access to those backups. So backups is a great security measure. It has a firewall as well. I don't think I can get to it from back here but I know in particular that it has a web application firewall. The I haven't gotten to that part yet but I was going to get to it site scanner it has a site scanner here for them they make you for that they do a free site scan. And then for premium they have that you know what type of hosting you use it just depends but as long as you get your site scan for malware so you at least know what's happening. That's pretty much very important, at least fundamentally when it comes to most hosts. So like I mentioned backups on the server side. Now let's talk about backups. All the website side. So if I type in backups back here and WordPress, you choose your backup preference pick your poison people, whatever you feel comfortable with right, but just make sure that you have double the trouble double the fun. It's all great with double meant gum. Make sure you have backups, because if you have double backups backup on the server side backup on the website side if the server goes down your hosting goes down. You still have a backup backing up to let's say Google Drive or Dropbox or Amazon and vice versa say your Amazon goes down to your Google Drive or your Dropbox goes down for whatever reason or there's a malfunction or just an error in the backup. You're hosting to revert back to if something goes wrong. That is one of the best game plans you're going to have when it comes to being attacked, especially when it cannot be fixed when the problem can't be fixed. Or you just don't have the resources to afford to fix the problem so it can be fixed, but you can afford to fix it and just go back to a certain point in time. So do daily backups at minimum 12 hours. If you have certain type of websites that are changing constantly you may want to do hour by hour, or every four hours, but backing up on your server and backing up on the website itself. I'm trying to tell y'all, it saves your life. I just had it happen to me twice when I updated a plugin too fast. And we ended up having to revert to a backup because we couldn't change the website from there. It was a situation where it just couldn't be fixed. So we had to go back to a backup which luckily we didn't make too many changes before that backup happened that latest backup. So it wasn't a big deal, make a couple of adjustments but if it wasn't for that backup in place. Yeah, I would have been messed up. And I'm talking about this just happened last week. I know this is really, it gets real loud here. A secure website address. So using a secure website address like SSL using a SSL certificate so that way you can get your HTTPS. And depending on your situation. Okay, this is going to be different for everybody. Right. So I'm just going to give you these different angles here. But depending on your situation. You can get an SSL and you're hosting your hosting can do it for free. Usually they use what's called lesson let's encrypt. Or you can use a plugin on the website itself. So you can do it with the hosting server side or you can do it with the plugin. You choose which direction that you want to go. Just make sure you have that sucker in place. Okay, have that SSL in place. You want to have that lock on your URL you will have that lock here in the browser. That means your website is secure. That is a huge protection factor. So make sure that you have that SSL. Okay, it's for free. And it can auto update and renew. I think it's every three months that it renews. It's just one of those things where you just set it and forget it. You don't have to worry about it no more. You don't even need to know the nerdness behind why it's working or how it's working where it came from where it's going in 2000 years from now. Just know you can set it up and let it go with the wind. This is a classic movie by the way. Now, using a security plugin. This is something that I think that we typically already for the most part know about, but here's some things I want you to think about when using your security using a security plugin. And this is where things get a little sticky because there are so many variables when it comes to different security protocols and factors settings and things you can set up to make your website even more secure literally like dozens of dozens if not hundreds. Man, if y'all are lucky that I don't have my sounds for the people who've been here a couple of times because my roadcaster my audio unit reset itself. And I used to have all these sounds just these clips ready to go ready to drop and they were just pretty funny I used to crack people up, but my anybody got time for that, like I missed that lady because I would just hit it now. We ain't got time for that we don't have time to be doing all of this security stuff and know that's why I'm like let me just give y'all the nuts in the bolts. You can do the rest of your research and move on with your day. But these things are the most important things right here when it comes to your security plugin so login limits, you want to think about login limits. I'm going to share with you show what you what that means like basically limiting the amount of times a person can log in disabling file editing. I'm going to go back to your authentication brute force site scans for some security plugins have sites kids and then some security plugins have firewalls and some don't. So all security plugins aren't created equal and that's why I'm saying I want you to think about what I'm about to show you, because it's something that it took me a while to understand and figure out and I think that it can give you a head start impact your security strategy which direction you want to go. So for instance, if we go back here and I go back to the install plugins, I did a little bit of preliminary y'all did a little preliminary. Meaning like I put the plugins on so that's why they already here, but this is a practice that I would never advise somebody to do you don't want to put forward with security plugins on your website that ain't something that you want to do you only need one starts with one shout out to Lincoln Park I think security site ground security and word friend security are the ones that we're going to look at today as examples of not all security plugins are created equally, but these are some very good and popular security plugins. Okay, give these plugins. So, depending on what security plugin you want to go with and the direction you want to go your settings are going to vary but I wanted to share with you. There are some differences between these plugins. The plugin security plugin that I use currently and it's mainly because I already use their hosting is site ground security so I'm going to activate this first, and then give you a little small tour behind it. A little small tour to all around the world. So, in site ground security we have two kind of main menus here. I'm going to talk about we have your site security and then your login security. This plugin is very simple. It's lightweight. It's simple. It gets to the point when it comes to security practices, as I mentioned in our. I'll go back here to our slide that limits login attempts. So, we have that down. Oh, no, sorry, that's in the login one. So while I'm here though. I'm going to go with disabled file editing. So, themes and plugins editor. This is what disabled file editing is going to be here using this security plugin. The limit login attempt is going to be in the login security settings right here at the bottom limit login attempts so again you're just limiting the amount of times a person gets to try to log into the website. Because if they're logging in past a certain amount of times that can indicate that this is not a normal user so you just want to be about that. Here we are we have two factor authentication as well to which is right here. And you can toggle this on and then go through the process of enabling two factor authentication like I said this plugin is pretty, pretty simple when it comes to this plugin and particularly it does not have firewall, and it does not have a site scanning. Now why is that the main reason why is because site ground security plugin is backed by a hosting company site ground and they already have firewall and the site scanning on their hosting side. So hey we're not going to give a free plugin these features to when we have it we're hosting. So keep that in mind that's one thing that if you do have hosting that has firewall and scanning already. This may work for you in your situation even though it's not with site ground right to different hosting company. It still can apply because you can use this with any hosting at all any hosting that you would like just make sure you're hosting that's firewall and security. So I hope that makes sense but I just wanted to give you some insight on that part other than that these other like things that will apply the log and post hack actions meaning what happens after the website gets hacked is very important. Most security plugins though other ones I'm going to show you have these settings as well too. So I'm going to deactivate that one and go to items next, just so you can see the common denominators because I think people get really tripped up with security plugins. I think this is one of my favorite ones it's one that I use with my clients and I also use this when I'm not using like a site ground website I use I think so that's really good. I'm a big fan of not just the functionality of a plugin or an app, which is very important and priority. But how does it, how does it not a person likes to go off of feelings. Okay, but how does it make me feel in a way of motivated to actually be using it inside some plugins are boring right so I'm a big fan of going for either will say profit over preference, if that makes sense when it comes to business sustainability and going with what is the data tell me what are the stats tell me where the facts tell me what is the information telling me and then let me make a logical decision from there. So that's why I'm saying like don't let the aesthetics make have you make your choice of why you use a certain security plugin but when you have the best of both worlds, it feels like a win win right you got the functions features and then you have the aesthetics that look clean look polished, let's say polished, or polished, however you want to say it tomato tomato but when it comes to features and I think security. We have enforcing an SSL, which is not on the list here, but it's something that we just mentioned before when it came to the SSL, adding that to your website so enforcing that with a security plugin is just extra measures right there. So something to that's very important doesn't come with the site ground security plugin which is brute force that is is huge so we have brute force here that doesn't come with the site ground security. Okay, I got to give and I got to take when it comes to my security plugins when when I have to think about the pros and the cons. But we do have site scan scheduling so this security plugin has site scanning so site grounds plugin didn't have that I think does. I think about they both have two factor authentication, and then there's other security factors as well including notifications and configurations but that's the gist. And this does a lot of the job folks I'm trying to tell you you don't have to do much if you have really good hosting, you have a very credible security plugin, you just got to realize what features are coming from your plugin, what features are coming from your hosting. I'm going to deactivate this. Let's go with security and then we're going to go at work fence and then we're going to close we're going to get ready to close it out and do some Q&A. So security now this is something that I had to learn because I'm not going to I'm not going to portray like I'm some security expert because I'm not I know enough security practices I manage a lot of websites, but I am not a WordPress developer there's only so much I'm going to know right when it comes to security I'm pretty much like a lot of people in here when it comes to just security I just want to get in and get out. But I want my stuff secure and I just learned when it came to these different security plugins that yeah there is some main differences between between them and having that or with that being said, you really pay attention and think, do you want an extra layer of something that you may or may not be getting from your hosting. The one example is firewall so I haven't talked about firewall yet when it came to site ground security. I haven't talked about application firewall web application firewall when it came to items, you can see security has one and they're big on that they want you to connect to their system so they can give you some more protection. So you do that with an API key. I believe it's free as far as I know, but once you get your API key. I'm sure you sign up for one for free with your email you added in here. Now you have fire a firewall, helping secure your website as well give you a really huge extra layer of protection when it comes to malware infections and reinfections. And like I said, you don't get that with site ground you don't get that with items, items pro may give you that, but it may not. And when it comes to the security. It doesn't they don't give you a lot of settings like items gives you and site ground gives you for the most part but they do give you other security settings that we haven't talked about like heartening. That's one some security settings that they give you post hack we said we talked about that with items and with site ground scanner, like items as well and alerts. So how they communicate with you when something does happen it's that's important as well too. And then let me deactivate this and activate word fence. I think I saw somebody in the chat said that they did use work and I'm not mistaken but I'll double check in here in a second and then you got word fence now word fence I haven't activated. So if you do use word fence, please let me know what your favorite feature of word fence is another reason why didn't I have it activated was because they wanted you to go through signing up for a license so that was interesting. That word fence wants a license, security wants an API, I themes you can just do it for free go through their setup and then site ground for free as well. But with word fence you do get a firewall for free. So, these are just things that you definitely want to think about when it comes to your security plugin because you don't want more than one. And last but not least, when it comes to at least this will say beginner to intermediate security best practices and factors we ain't going too deep on the deep end now, when it comes to advanced security practices. But this is the last thing that I want to let you know that is a huge security practice, if you need it, and using a content delivery network such as cloudflare cloudflare has a web application has firewall as well to firewall rules as well as security features, and it's more than just a content delivery network meaning it does more than just serve your website across the world. Faster than if you weren't using it right, but it also secures your website from threats and attacks from special threats and attacks at your security plugin is not going to do all your hosting isn't going to do. And that's pretty much it. Hopefully everybody got a little bit of value out of this presentation.