[wp-edu] FW: wp-edu Digest, Vol 47, Issue 2

Covello, Steve Steve.Covello at granite.edu
Tue Sep 10 13:12:04 UTC 2013

Use Backup Buddy and WP db Manager for your backups. Automated.

Set your security plugins, follow best practices for configuration and
keep them updated. Very low maintenance.

Prior to launch, be sure to put the website into DUBUG mode to see which
plugins are causing errors or that have deprecated terms in them. Fix the
problems or find alternative plugins.

NEVER use anything but premium themes from known developers that update
their themes periodically.

Never do design/development work from master themes - always make a child
theme so you can apply master theme updates without deleting your

Keep local versions of your sites available for testing major plugin
updates. Unless there is a significant security vulnerability (like a
timthumb.php kind of thing) or a major capability update, there is no rush
to update plugins that work cleanly. NextGen Gallery 2.x has weird bugs,
so I use the last stable version before the major update (1.9). No biggie.

Once these are set, these issues shouldn't bother you day-to-day.

Still, if you have a gazillion other responsibilities, outsourcing it all
might be a good thing, provided you can still hack at your code to make

- Steve

Steve Covello
Rich Media Specialist/Online Instructor
Granite State College
Skype: steve.granitestate
Scheduling: http://meetme.so/stevecovello

On 9/10/13 8:49 AM, "Skriloff, Nicholas" <SkriloffN at darden.virginia.edu>

> Believe it or not, managing wordpress security, backups, the right
>plugins that do not clash AND  production, staging and dev environments
>can be a lot. 
>I am considering moving our stuff to wp-engine.com to turn this stuff over
>to them.  What should I consider?
>On 9/10/13 8:00 AM, "wp-edu-request at lists.automattic.com"
><wp-edu-request at lists.automattic.com> wrote:
>>Send wp-edu mailing list submissions to
>>	wp-edu at lists.automattic.com
>>To subscribe or unsubscribe via the World Wide Web, visit
>>	http://lists.automattic.com/mailman/listinfo/wp-edu
>>or, via email, send a message with subject or body 'help' to
>>	wp-edu-request at lists.automattic.com
>>You can reach the person managing the list at
>>	wp-edu-owner at lists.automattic.com
>>When replying, please edit your Subject line so it is more specific
>>than "Re: Contents of wp-edu digest..."
>>Today's Topics:
>>   1. Re: WP - security concerns? (Brianne Binelli)
>>Message: 1
>>Date: Tue, 10 Sep 2013 06:03:47 -0500
>>From: Brianne Binelli <bbgoldkey at gmail.com>
>>To: "Low-traffic list discussing WordPress in education."
>>	<wp-edu at lists.automattic.com>
>>Subject: Re: [wp-edu] WP - security concerns?
>>	<CA+s3GNY_-uuv2WuEChDhTMK6c96d6jbr=AWnBrMoHeBRxen69A at mail.gmail.com>
>>Content-Type: text/plain; charset="iso-8859-1"
>>I receive a lot of security alerts on wp.  I do have a Admin user name to
>>get into the dashboard do you think this may be causing the problem.  I
>>thought you need to create a admin user name.
>>have a great day
>>On Mon, Sep 9, 2013 at 8:19 PM, Covello, Steve
>><Steve.Covello at granite.edu>wrote:
>>>  Geez - I have had ZERO infections via WordPress in 4 years.
>>>  Plugins:
>>>  Wordfence Security
>>> WP Firewall 2
>>> Secure WordPress
>>> WP Secure Scan
>>> WordPress HTTPS
>>> WP Ban
>>>  Best Practice:
>>>  NO accounts named "admin"
>>> htaccess file in wp-admin
>>> NO default table prefixes in wp-config, such as "wp_". Change it to
>>> "wp_xRwFG_" or whatever.
>>> original salt data in wp-config:
>>> https://api.wordpress.org/secret-key/1.1/salt/
>>> Secure high quality passwords
>>> Updated malware scans on user devices
>>> Gravity Forms used on all forms, with CAPTCHA
>>> SFTP on FTP accounts
>>>  Occasionally check on Sucuri.net. If you want to be on top of it,
>>> subscribe to their scan service.
>>>  There are other hardening plugins out there.
>>>  - Steve
>>>  ------------------------------
>>> *From:* wp-edu [wp-edu-bounces at lists.automattic.com] on behalf of
>>> Melvin [melvin at bard.edu]
>>> *Sent:* Monday, September 09, 2013 6:18 PM
>>> *To:* wp-edu at lists.automattic.com
>>> *Subject:* [wp-edu] WP - security concerns?
>>>  Hi Folks,
>>>  We have been hosting WP Multisite (for course blogs and as a blog
>>> supplement to our program websites) for a few years, with mixed
>>> Our community (users) love the flexibility of WP, but it has proven to
>>> an unexpected support burden for IT...it seems that all of our
>>> website/network hacks have been introduced via WP.
>>>  I haven't seen the topic addressed by this group, so it appears our
>>> experience is isolated, which would lead me to suspect we are missing
>>> simple safe-guards.  Have any of your institutions dealt with
>>> security issues?  Have you found any successful, secure configurations,
>>> if so, would you be willing to share your experiences with us?  WP is
>>> proving to be such a valuable tool...
>>>  If so, I will bring our Networks and Systems folks into the
>>> conversation, as they could answer specific questions related to our
>>> configuration and protocols.
>>>  Many thanks in advance!
>>>  Best,
>>> Leslie
>>>     *---*
>>> *Leslie A. Melvin  |  Manager, Academic Technology Services
>>> PO Box 5000 | 204 Old Henderson |
>>> Annandale-on-Hudson, NY 12504
>>> office: 845.758.7496 | http://www.bard.edu
>>> *
>>> _______________________________________________
>>> wp-edu mailing list
>>> wp-edu at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-edu
>>-------------- next part --------------
>>An HTML attachment was scrubbed...
>>Subject: Digest Footer
>>wp-edu mailing list
>>wp-edu at lists.automattic.com
>>End of wp-edu Digest, Vol 47, Issue 2
>wp-edu mailing list
>wp-edu at lists.automattic.com

More information about the wp-edu mailing list