Please Note: The first part of this post is to show what exactly was discussed in the meet up period and the second part is a more detailed description of each time line.
Timeline of events
7:00 pm – 7:30 pm | Introduction by John Hawkins and Russell Aaron. The intro was basically explaining what the group is gathered up for, explaining ways to get more involved with the group and HOW TO SUBMIT IDEAS FOR THE NEXT MEET UP!
7:30 pm – 8:30 pm | Russell Aaron Talked about security inside the core WordPress Files and simple ways of “How to recognize a site is using WordPress”.
8:30 pm – 9:15 pm | John Hawkins Talked about “how to install WordPress on your local machine and what the pros and cons are. The discussion progressed to John talking about what exactly is a child theme and how to set one up. Opening up our favorite text editor “NET BEANS“, John showed the group how he took a friends site and made some custom post types for the site and customized the rest of the site in under an hour and a half.
9:15 pm – End | Questions and Answer Time. Then the group split up into two groups. One group was ran by Russ and the other John.
Detailed Descriptions of Timeline Events
Russell Aaron talked to the group, as well as opened up the meeting, about security inside the core files of WordPress. The core files, or files you download straight from WordPress.org, live inside where ever you install WordPress on your site, ( mysite.com | blog.mysite.com | mysite.com/blog ). When you download the WordPress files, you are given a zipped file that you need to unzip and place inside the root folder of your site. WordPress installs using 4 main and specific features. The 4 features are A Database, A User Name, A Password, and a Host. All of this information is placed inside the wp-config.php file or wp-sample-config.php file depending on how you installed WordPress and your skill level.
When you are creating the Database, you need to name it something. 99% of WordPress involves naming. From naming the title of your blog post to renaming files. Everything has a name. Russ than discussed with the group that re-naming a file, username or passsword with anything that has to do with your site could be a security risk. WHY? Well the key reason is it gives a potential hacker a base idea of where to start when hacking a site. If you know enough about WordPress and want to do some kind of “hacking”, the best place to start is going to the sites URL (www.mysite.com) and the typing in ” /wp-login.php “. This takes anyone to the main login page of the WordPress site. John Hawkins explained to the group that in the earlier versions of WordPress, the default user name was usually “ADMIN, admin or Admin”. You would know that if you installed a few WordPress Sites. If you didn’t, congrats you just learned something for FREE! Why this was brought up is because Russ described to the group several ways a hacker could guess their way into your site using the wp-login.php method.
HERE IS A GREAT PLUGIN TO STOP THAT METHOD AND ADD ANOTHER LAYER OF SECURITY TO YOUR SITE. LOGIN LOCKDOWN. HERE IS A GREAT ARTICLE THAT EXPLAINS SEVERAL WAYS A HACKER CAN GET INTO YOUR SITE AND HOW YOU CAN HELP PREVENT AN ATTACK. SECURING YOUR WORDPRESS WEBSITE.
John Hawkins will be providing myself with the notes he took about the subjects he talked about later.
Thank you to everyone who came out tonight, please go join the WordPress Meet Up Group on Facebook.