 Hello everyone. How are we today? Hope we had a nice time during the coffee break. So you're refreshed, relaxed and we're ready to start. Beautiful. So today, what I want to talk about. How to secure your WordPress website from hackers so you can have peace of mind. How many of us here have experienced having a site hacked before you? Maybe for your clients, for yourself. Why screen of death? Pardon? Why screen of death? Why screen of death? Okay. Well, in order to avoid stories that touch is usually very important to consider security from the onset. Not necessarily afterwards because it's a bit more expensive when you consider it afterwards. But when you consider it at the beginning, it's relatively cheaper. You know, it's just like someone that wants to build a skyscraper. And the person didn't know at the beginning that I wanted to build a skyscraper. Okay, I want to build a bungalow. And the foundation is for your bungalow. Can you imagine what will happen when it starts to build first floor, second floor, third floor? Do you think it will get to the fifth floor? I'm not sure. They'll probably come down while the foundation and it will spend more. Because then he thought he was saving money by not doing the right foundation. But later on they would have to spend much more because the money he spent would have been wasted. That one would have to come down and he has to start afresh. So today it's my desire that we will learn how to get it right from the beginning. Because of our time constraints, I might not be able to go deep into, okay, I've already started. What part of what we're going to be doing would also involve for those that already have their own website, what can you do, what can you incorporate. But right now today our main focus would be more if we're just starting afresh. What are the things to do? Because it's kind of like easier and cheaper when you're starting afresh. That's against when you're not that migrated from 80 degree to 80 degree years or things like that. Okay, fantastic. So you can protect your brand. You can prevent loss of sales. You can grow your business when you have a secure site that benefits your customers. And definitely when your brand is protected, people know, like and trust you. All this would help you to have a successful business. When you can make money, when people can visit your site and they feel that their information is secure. They feel that if I enter my credit card details, nobody is going to steal my credit card details to them and use it on other websites. They will buy from you. But imagine if you have customers who don't trust you enough to use their card. What do you think will happen? Reduce sales. Loss of income. Because if you can collect payment online, that means you have a huge possibility to get money from as many people as possible. You can have people from Tokyo, US, United Kingdom pay on your site. But what if all these people, hundreds and thousands of people, come to your site and they are like, it's to pay. Enter my bank details. Someone can easily go to other sites. Do you think they want to pay? So you might have invested in doing Facebook ads, Google ads, solo ads, paying for different things and the conversion rate will not be high. Why? There's a loophole somewhere. You have not secured your site enough to make people trust you to put in their details and that person will lose money. But if you can get it right, you'll be able to build a successful business. How many people here want to build a successful business? Lovely. So that's why you have to secure your site very well. So let me tell you a little bit about what I do. I am an online business coach among other things and consultants. I help entrepreneurs to achieve their business goals by building secure and successful WordPress sites that gets people the results that they desire. You know you could use WordPress to build almost anything. So basically what I do is to help people get solutions that desire by using WordPress. And part of it is ensuring that you have a secure website. It's very important. Okay, so I'm going to be talking to you about how to secure a WordPress website from Harkers. And I'm going to be showing you several things today. There's going to be some form of demonstration. So if we have our laptops and you want to follow along maybe on your own site, perhaps, you can. But we'll also be looking at what I'm going to do. So we're going to install an SSL certificate to protect the communication on your site. Maybe people here know what an SSL certificate is. Okay, fantastic. Okay, almost everyone. So it's a digital certificate that you can use to either validate and prove who you are. The SSL certificate can confirm that indeed this person is who they say they are. Indeed this organization is who they claim to be, depending on the type of SSL certificate you get anyway. And another thing is it can help encrypts protect the communication on your site. The HTTP that you see when you enter an address on the address bar, it means the information there is in clear text. But when you now see the S at the end, it means that it's relatively secure. The communication on that site is encrypted. So if there was someone maybe an aha car trying to snoop and check what's going on on the network, what data, what information is passing across the network. The person will not be able to see things like your password, things like maybe credit card details, information that people are putting on that site. And it's very important nowadays to have an SSL certificate. Before it was almost something it could take for granted. They'll tell you, oh, it's good to have an SSL certificate. Like, oh, I'm coming. Maybe you're thinking of the cost. I have to buy a SSL certificate. Maybe like it was. You don't need it now now. But what are they doing on that site? You don't really need it now. Put it later. When the time comes, we'll do it. And procrastination sets it. But now, if you visit a browser, like Chrome and I think Firefox, I think Chrome wants to do that. I'm from some months from now. But Firefox, you'll start telling me this site is not secure. That's not helping a brand. So I don't know if you have a website right now. And it does have 8TPS. If people visit your site, depending on the browser, can you imagine if Google is telling them this site is not secure? They would not even wonder if they're about to do anything. They'd be like, it's not secure. I don't want to come here. Who would like that for their brand? Nobody. Okay? So quickly, I would love to show us how to install an SSL certificate. So I think as I'm talking, I'll be doing the practicals. And depending on the time, I'm going to just brush your mother's. But that way, you would also have lent it to you without saying how it is. Let me proceed. Okay? How's that? Beautiful. So another thing I'm going to be showing you is how to update plugins and teams so that you can avoid attacks for vulnerabilities in outdated editions. So people are like, ah, should I update? Why? What's the benefit of updating? Now, if you don't update and you're using outdated versions, there might be vulnerabilities, loopholes that are widely known. And the authors would have created new ones, updated ones, so that you could utilize the ones that have the vulnerabilities fixed and patched. But if you were to say, no, I don't have that time. I'll do it later. You procrastinate. Or you don't know the right way to get it done. Then you'll miss out. Okay? But today we're going to see how to update. And sometimes it's just that they don't know how to do it. I'm like, okay, let me call my developer. Developer, please come and help me. And he says, you're going to pay $10,000. I'm like, $10,000? Okay, I'm coming. Then you procrastinate. Well, if you know how to do it, then you could get to save some money. So the only sense of our training today is for you to learn how to save some money. It's for you to learn how to secure your site, how to protect your brand, and how to make some money. Because if your site is secure and people can get to know, like, and trust you enough to buy from your site, you'll be able to make some money. And if your website desired that too, you would also be able to make some money by helping you secure the site. So those are some of the things we're going to be looking at. How to utilize security plugins to easily secure your site. And today we are going to be looking at those I believe will gain value from what I have to say today. Okay? So how many of us here are business owners? Can I? Okay, great. How many of us here own WordPress websites? Okay. How many of us here are... Okay, how many of us here are maybe designers or developers? Okay. Okay, great. So quite a number of us are entrepreneurs, maybe we own our own website, or we have something to do with security in one way or the other. It affects us. Either maybe you are a staff or an organization, or you're part of the IT team responsible for handling that website. So I guess from what I could say, although I have a hand to like this, like this, I'm not too sure, but I think quite a number of us own our own businesses, right? Yes. So the number of us here are developers and designers, right? Okay, lovely. So you will find this training today useful if you are a business person that wants to grow this business and increase sales. Anybody here want to grow their business or increase sales? Make more money? Okay, so you'll find this training useful. Entrepreneur that wants to grow this brand and sustain it, anybody here that would love to grow their brand and sustain it? Okay, fantastic. So you'll find today's training useful. Is there anyone here that would love to build highly secure sites? Yes. Okay, then you'll find today's training useful. So let's look at the typical problems that people tend to have and why this topic is important. I mentioned earlier that people will be afraid to shop when the browser is telling them this site is not secure. If you went to visit a website and you're being told this site is not secure, what will you do? So people will be afraid of being able to at least ask one or two people if they are saying not secure, then they'll probably say maybe I shouldn't proceed or well, if I don't need to infuse any details, maybe I just need to read the information that perhaps I should just proceed. But that's because it's a bit of a techie. At least there's no technology available. Some people probably say no, I don't want to go there. I don't even need to download privates on my sites. They'll never go there. People are giving, they're not in agreement. So some people will not even venture any further. That's websites that I invested in and I paid 100,000 plus in Nairobi or maybe a thousand plus in dollars to get someone to build for you but maybe your developer said okay, as an add-on, pay this amount of money for security enhancement. They said no, it's too much now. Who knows me? Oh, it's going to attack my sites. Nobody's going to attack my website. Don't worry, I'll do it later, I'll do it later. People are like that. Sometimes they have rights and after the whole world, who knows my website, I will do it later. Nobody wants to attack my site. I don't really have anything of importance on my site that they want to steal from you. You don't have to wait till that time, okay? So another problem could be that you do sales during a product launch because your site was taken down by your hosting provider for sending spam. Most times when people's sites get hacked, part of what is being used for is that maybe they'll begin to send out spam mails and their hosting provider will shut down that site in order to reduce the level of attack, to reduce the impact because once a server begins to send out spam, the IP address can get blacklisted and once the IP address gets blacklisted and most times a hosting provider probably give you email service and web service on the same server, that means when people need to send out emails, their mails will begin to bounce because the IP address of that server has been listed on major IP blacklist sites. By the way, I have some background in hosting. My company is into posting websites and I'm not going to think so. I haven't understand how some of these things run. So definitely by the time it begins to send out spam, you need to shut it down. You need to try to reduce the impact. Now imagine, and this is actually a real-life story. I know of two people. There was one that was about to launch. She was really making them campaigns. Okay, this product, selling it. And unfortunately, a site went offline during that time. It was attacked. There was a malware attack and the hosting provider had to shut down an account temporarily until she could sort it out, flinging it up, then it could be back up. And the painful part of it... Couch. You know, sometimes it looks like you're saving money. You look at it as add-ons, sub-domains. And you say, oh, I've got this hosting package and you put as many websites as possible. Now that's why I cry. It's a good thing. Yeah, you're saving money. But then when something like this happens, you spend more. That means if you had like five websites on that hosting account and that particular hosting account gets shut down, what will happen? All five will go down. So that was what happened for this lady. She was really promoted. She was about to launch something. And unfortunately, during that time, she had our site was attacked. So all of our websites went down. So you could even say, oh, let me go to another website and use the contact form to say that, sorry, I can't beat you. You have been promoting this thing on social media and I really want to sign up for your academy. So that was really painful. She did lose some money during the product launch because now everybody will have that patient to come back. They'll move on. Life happens. And many times you want to actually buy something and for some reason something comes up, you forget, you move on. People are like, okay, I'll do it later. And you never get around to doing it. Let me tell you another story. There was someone that was doing a product launch. It was supposed to do a course. And it was announcing on social media, okay, book marketing, and so many things like that. And unfortunately, towards the time, it was supposed to launch this course. The website went down. It was really tiring. During that period, I think I had one or two people that asked for a refund, especially maybe they were not really even interested in the course or maybe they... I guess most times it's usually people that are not really so much interested in the course. Maybe they have not really made up their mind. They have still picked up a mind and all of that. And the person that asked back for the refund, okay, give him back the money. Just because it was like one or two days delayed because he also had to sort out his website and the delivery might have been nobody's cycle. Generally, when you have something as important as that, you need to sort it out. It was tired, it was stressed out, and now people are saying, can they give me a refund? You have not started. We promised you were going to start on social day. You have not started. Look at what happened. He lost some money. Why? Because the site got hacked. So it's my desire as much as possible who will learn what to do to reduce the possibilities of having our site getting hacked. That does not mean that your site will never get hacked because there's only so much I can teach during this training within our limited time. But I believe that the things I'm going to teach you are at least helping to an extent to help reduce the possibilities of getting hacked. If you have questions, you could ask the base session for a question and answer towards the end. So if you're not tech savvy and your IT personnel wants to charge you or fortune you will definitely find this useful. Maybe you'll be saying you don't want to secure your site yet because they said, okay, pay me $50,000 and they get like $50,000. Try and have that right now. Or even maybe they said pay $15,000 and they're like, I'm still trying to... Come back next week. Well, $15,000 is not a fortune. I guess it's relative. But basically, if you know the basic things to do then you'll be able to save yourself some money and you'll save yourself the money of having the person fixed at the beginning and you save yourself some money of having its big fix if your site words would be hacked because that can be very annoying and people can charge you almost an amount of money when your site is down. You need their help. If you know how to get it done, hold you with yourself. And the truth is, isn't everybody that knows how to clean a hack site? Because your idea of cleaning a hack site is to ensure that you don't get hacked again as much as possible. Otherwise you keep losing money, you keep losing time, you keep losing customers. No, I don't think any of us want to do that. Do we? No. So that's why we're here today. So lastly, if you're not sure of the best practices to securing a site, you gain some value for what we have to talk about today. So quickly, opportunities that you have from this training is to learn how to protect your brand, avoid loss of income, grow your business, buy beauty successful and secure sites, either for yourself or for your clients. Now, when you have a secure site, you will be able to build trust with your customers. I mentioned that, the fact that they can see that that helps them, the HTTPS, the fact that the browser is not telling them the site is not secure, it makes their hat at least at rest and they're able to proceed to do whatever activities they plan on doing on your site. Another thing is it saves you time and money. He told us the story of how they spent months trying to get their site back online. That's a long time. So you get to save yourself time, you get to save yourself some money when you get it right at the onset. You can also get to use this to grow your business apart from the fact that it said when your site is secure, people need to trust you enough to buy from your site. The design and the developer, you might be able to just get a maintenance contract with your customers, with the knowledge you have, you can enlighten them, let them know what it's time to lose. If you don't know what it's time to lose, then having a contract, maybe the printing or the package, $5,000, $10,000, $50,000, $100,000, maybe maintenance package, whether per month or per year, you can let them see that they're actually saving money because if someone were to lose $3,000,000 there or $10,000,000 there during a product launch because their site went down for being hard, they had just spent $50,000 there or $100,000 there, wouldn't it have paid them? Why you deduct the amount from the amount they could have gained? That means they've lost a lot. So if you could sensitize maybe your business partners and sensitize your customers, then you would also be able to make some money from it if you're a developer and you want to be able to charge money for the security. So, let us just quickly cut some steps that you can use to secure websites and ensure that you have peace of mind so that you can sleep well. First of all, install an SSL certificate. You can choose to either buy or you can utilize SSL certificates. So, there are some hosting companies that actually give out SSL certificates, like my organization does that. There are some site organizations, some hosting companies that would give you maybe let them print so that way you get to save some money and you don't have to pay for SSL certificates. But if you still desire to buy maybe because of warranty perhaps if something were to actually happen it's not like so many people follow up on that or maybe that would be the opposite. If you just want the idea of warranty you could go buy or you want maybe an extended validated SSL certificate you want that will actually show you that this company itself is who they claim to be. Because a site can have SSL certificates but it can be used for tricking people into giving their credentials maybe they are pretending to be GTB. If you go to GTB's website and think I'm going to use the browser I'm connected to the internet there are some sites you go to you actually see the name of the organization at the address bar they are paying quite some amount of money in order to get that kind of certificate. So, there are different levels of certificates, different types they are all secured depending on if you want to go the extra mile you could pay for one. So, one minute PLC at least if you were to go here the Nigerian one if you were to go here you will feel rest assured that this is who they say they are so it's not just about having the HTTPS as I told you you can use it for validation and you can also use it for encryption so even though you can have a site that is encrypted you might be going to the fake site yeah ok so this is it this tells us that it has been verified by this organization and they are who they claim to be crazy so I just want to I want to do some practical sessions the moment you are having whatever things you are learning don't forget to tweet at WEC Lagos 2018 so now let people know you are having fun let people know that you are learning something new and let people get to learn from you ok? what I am going to do I will just quickly create a soft domain I will be creating a WordPress site here because I want us to see the process let it be practical I know most of the things are practical people tend to remember more so hopefully that is the design that you leave here we better understand it now so I am going to be creating a WordPress website on this soft domain called wordcam.catrinagwali.com right now I want to show us how to install an SSL certificate using the let's and create certificate that is available on my hosting plan can you note down your questions perhaps you could either write it down and you could help with you to him he could pass it over to me or you just write it down and during the question and answer time you will be able to ask it who knows perhaps I might even have answered it before the question and answer period oops so I am going to the let's and create certificate the issue of free SSL so I will still delete some of these things they are more for so it is as simple as that I just selected the domain name I am here and just create issue now the thing is DNS has to be right otherwise there are going to be errors basically the records have to face to that particular server if you are going to be doing it here and domain name is elsewhere then there should be something that says ok this domain name will be hosted on this particular site and it is pointing to that server as long as the DNS records that information is ok you will be able to successfully install it how many minutes did we use everyone and you are about to have done I have already installed it the SSL certificate is installed very quickly so easily so that is if maybe you are using let's and create certificates on your hosting plan the one being given to you by a hosting provider otherwise you could always buy and if you need help you can either contact the support of your hosting provider to do it or you could just go ahead to do it by yourself so the next thing I am going to do is I am going to be installing WordPress so let's come here and so I told us I would made that by some organization sell like street and sells like I think go get SSL there are some other organizations that actually sell SSL certificates so you can either buy from them or you can utilize the SSL certificate that I have been giving to you ok so because of the time left I will just rush quickly over it I will show us how to install WordPress let me see so some providers enable you to so providers enable you to automatically install WordPress they give you like an auto installer so it makes it easy for you to install WordPress while you can download from WordPress.org to manually install or you can use an auto installer so right now I am going to be using an auto installer I will just show you the process install now the reason why I chose to install my SSL certificate before is that it really makes it easy that means when you are installing your WordPress you will just install using HTTPS because it takes more time if you have to start migrating from HTTB to HTTPS and you need to get it right but if you get the foundation right from the onset you have to do it it is already selected because it is an option but if you decide to use HTTPS or HTTPS just use this and you install if you want to install in the directory you put whatever name of the directory here but I don't want to install in any directory so I am not going to use this so let's just move over do we all understand let's just move over so install or update WordPress core ensure that you install WordPress from the actual site while some of the coolers will definitely install the correct one if you your hosting provider provides an auto install that you can use that or you can download from WordPress.org now what I am talking about update WordPress core most times they are usually updates maybe because they are trying to guarantee patches or improvements and enhancements just like you have operating system there was a time we had XP Vista, 7 like that so there is always improvement so you need to update otherwise hackers can attack your site they tend to begin to they use bots automated machines to search for versions that have vulnerabilities that have been declared and have been patched and that's why they have updated versions for you to migrate to or rather update to so if you don't update and those vulnerabilities are well known all they just have to do the attackers will just begin to search for WordPress versions that have maybe lower versions with known vulnerabilities and they will not attack based on those vulnerabilities so that's one of the reasons why they need to update then avoid using default values don't use the default WordPress table prefix WP you can change it to so when you are installing your WordPress site why because if they were to do some SQL injection code and they are trying to just guess they are inserting some code into your database and they are using the default format because there are some specific table names so if they are using the default prefix and they guess it right and they can't just impute anything into your database which will not be good for your website so avoid using default values and that also includes using admin please do not use admin you can create any name it makes it easy for them to hack your site because they already know the user name so what they are doing is guess the password group first attack now use secure passwords you can make your password like 12 12 characters mixtures of alphabets, numbers, symbols avoid dictionary words you can't use your language it don't make you remember so if you are an Evo and you feel like he is in Chinayake well yeah maybe Chinayake but that's Evo and yeah you mix it or for example Chinayake you capture the age instead of I you use 1 you know so instead of A you use art words that will make you easily remember your password because if you write it down to all my sins and so many things like that so you keep your tips and plugins up to date ideally don't update directly on your site I know if you are not a techie it might just be easy for you to do that even if you want to do that the quickest way and easiest way for you to do that is to ensure you back up first so use a backup plugin to do a backup so that if anything were to happen you can roll back to your backup so that makes it easy for you and these are two updates we can see updates now WordPress will just tell you update now so I think we'll be wrapping up from here or thereabouts be careful where you do your downloads from don't look for known teams you think you're saving money when your site gets hacked you'll know that you're not saving money if it's just to buy look for free teams from WordPress repository you could always get good free teams or invest is an investment to your business you won't get money from it so do that investment you can buy from Team Forest and some other places we moved on use teams, plugins and WordPress versions maybe you installed WordPress in another folder you forgot about it you can be hacked through it you have plugins or teams you're no longer using when you tested different teams and plugins before you can understand it on one even if you have deactivated it you can still get hacked from it so don't delete them remember if you're going to use a password that can easily be guessed maybe you used your domain name as username or you used admin you'll have some bots that would be guessing your password so you can protect your site by having things in place that can blacklist the IP address of the person trying to guess your password if they try, the person's more likely it's not a human being but even if it's worse they should hold on they get suspended for maybe a certain number of hours or days before they can be tried stay up to date with security news when you install the WordPress plugin which is very good for security please install it ensure you subscribe you'll be able to get up to date news access rights let it be on a need to know business you don't have to give everybody their main rights even if you have an admin account you can't choose to have a separate admin account for administrative purposes and have another account that you just be using for updating posts and things like that so that's all if you want an e-book pertaining to this you can send me an e-mail designasuteptic.com and I'll get to send it to you question and answer I don't know if there's time for it but if there is so it can connect with me by business thank you