SlideShare ist ein Scribd-Unternehmen logo

WordCamp Baltimore - WordPress Security: Fundamentals for Business

‱
‱
Joseph Herbrandson
Joseph Herbrandson
Internet
1 von 38
Downloaden Sie, um offline zu lesen
ABOUT ME WEB DESIGN AND INFORMATION SECURITY Committed to WordPress since 2008. SUCURI – Researcher and Account Manager Removing malware and protecting websites. Personally cleaned over 5,000 websites SUCURI.NET Twitter: @JHerbrandson joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
ABOUT SUCURI Over 45 Security Professionals Making a Safer Web SECURITY SCANNING & ANALYSIS Checking the health over 3 Million websites every month through our free Sitecheck Scanner: http://sitecheck.sucuri.net MALWARE CLEANUP Cleaning and remediating 300 – 400 hacked or infected websites everyday. ATTACK PROTECTION Blocking over 33 million attacks and instances of malicious traffic every month EDUCATION Providing detailed and actionable security information through our blog at http://blog.sucuri.net " joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net H ! G
ATTACK TRAFFIC ORIGINS Map.Ipviking.com joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
A QUICK DEMO Attack in Progress: https://www.youtube.com/watch? v=v4Xr3LrixVg&list=UUzkxqKA_bkNlj1-nX5f2LNA joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
Sooo
 WHY? It’s Just Business
probably - The Short Answer: Fame and Fortune - $BILLION Spam – Generic Pharmaceuticals, Payday Loans, Gambling, Designed Brand Knock Offs - Hacktivism – Politics and religion at the speed of download - Immaturity – Kids being kids joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
# Start with the Basics I
THE NEED FOR SECURITY THE STATE OF THE INTERNET www.internetlivestats.com joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
Shared Hosting Dedicated Hosting joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net Managed Hosting HOSTING OPTIONS Choose wisely Done for you All Cheap yours
MANAGED-HOSTING PROVIDERS WordPress Experts for Everyone! joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
SPEAKING OF ENVIRONMENT
 Who is using the Public Wifi? joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
( II No Easy Path
WORD of WARNING No chance of 0% risk. The next ‘0-Day’ attack is always around the corner
 joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
SECURITY HEADLINES Proof: Seen the news lately? joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
c III ALWAYS Backup
BUT I’VE NEVER HAD A PROBLEM BEFORE
 Have a low profile, non-threatening site? You are still getting attention joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net s
FREE WEBSITE REBRAND joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net HACKERS HARD AT WORK PHARMACEUTICAL SPAM MAKES HACKERS TWO BILLION DOLLARS/YEAR SOLUTION: OFFSITE BACKUPS RESULT: CLEAN SITE IMMEDIATELY K $ Ă„ j
AUTOMATED BACKUPS Know you have a backup plan backup buddy vaultpress sucuri backups webhosting backups joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net ithemes.com/ backupbuddy/ $ Vaultpress.com Sucuri.net Your hosting company
t IV Take Password Policy Seriously
Top 5 passwords used in 2013 Seriously
. Password Last Year’s Rank ‘123456’ 2 ‘password’ 1 ‘12345678’ 3 ‘qwerty’ 5 ‘abc123’ 4 credit: SplashData.com joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
PASSWORD MANAGER Remembers your passwords so you don’t have to lastpass 1password keypass dashlane lastpass.com agilebits.com keepass.info dashlane.com joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
LEAST PRIVILEGE Does your user setup look like this? !2 !4 joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net !3 Hosting/ !7 Administrator FTP/SFTP root access control panel Editor/ contributer !1 Actual Admin Potential Hackers Friends !12 Writers Seo Guys Analysts !2 Editors !1 Random People !10 !5 Hackers Friends Again

w Steal and Be Stolen From V
NOT THE CODE YOU’RE LOOKING FOR
 Assisting the enemy This probably shouldn’t be in your theme: if(isset($_GET['pwd'])) { eval(base64_decode("CiRhdXRoX3Bhc3MgPSAiN2U5NBhY3RpdmF0ZXM sIGNoYW5nZWQgZWxlbWVudHMgaW4gdGhlIG9yaWdpbmFsIHBsdWdp biwgZGVzaWduZWQgdG8gYmVoYXZlIGxpa2UgY2xlYW4gY29kZSwgc2ln bmFsIHRoZSBoYWNrZXIgdG8gbGV0IGl0IGtub3cgdGhhdCBpdOKAmXMg aW4uIEEgY2xlYW4gYmFjayBkb29yIGhhcyBiZWVuIG9wZW5lZCwgYW5k IHlvdXIgc2l0ZSBpcyBub3cgb24gYW4gYXV0b21hdGVkIGF0dGFjayBsaXN 0LCBtZWFudCB0byBxdWlldGx5IGluZmVjdCBhbmQgcmVpbmZlY3QgeW9 1ciBzaXRlIGFnYWluIGFuZCBhZw==“)); } joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net !
MORE THAN EXPECTED joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
K Have a System VI
A SYSTEM TO LIVE BY 1. Protect! – Your computer has a firewall, why doesn’t your website? 2. Detect! – The same goes for AntiVirus. 3. Respond! – Clean up the mess. You have a backup right? Encompassing Actions: - Know the best practices - Mind your maintenance joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
SYSTEM IN ACTION joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
c Understand the Changing Landscape VII
WORDPRESS CORE Strong and Secure j Ñ ( joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net Dedicated Creators Making WordPress Solid and Secure Auto-Updates Get important patches right away. Support Everything you need at WordPress.org
WordPress Version Distribution 3.0 – 4.0 (wordpress.org/about/stats/) joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
3rd Party VULNERABILITIES Keep watch Vulnerabilities disclosed at http://blog.sucuri.net All-In-One SEO – 20 Million Downloads WPtouch – 6 Million Downloads MailPoet - 2.7 Million Downloads Custom Contact Forms – 640k Downloads Slider Revolution – Hundreds of Thousands (themeforest/codecanyon) joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
Z X Going further Tips, Tools, and Services
WEBSITE ANTIVIRUS & FIREWALL Protection and Detection Don’t be the mark! Understand the changes you are implementing “AntiVirus” “Firewall” joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net WordFence Sucuri Website Antivirus CloudFlare Sucuri Website Firewall “Utilities” iThemes Security BruteProtect Sucuri Security Plugin
RESOURCES Because you don’t know what you don’t know General WordPress Security: https://codex.wordpress.org/Hardening_WordPress https://blog.sucuri.net Hacking and General Security: http://www.securityfocus.com/ http://blogs.sophos.com/ Facebook Groups: WordPress Security Advanced WordPress SubReddits: Reddit.com/r/Hacking Reddit.com/r/WordPress joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
EASY PATH TO CLEANUP Response NEED: Releases of WordPress at: https://wordpress.org/download/release-archive/ Clean backup of active theme and required plugins New Passwords (WordPress, FTP, Hosting Control Panel, Everything Else) joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
THANK YOU! %

Empfohlen

The 7 Deadly Sins of WordPress Security
The 7 Deadly Sins of WordPress SecurityThe 7 Deadly Sins of WordPress Security
The 7 Deadly Sins of WordPress SecurityJoseph Herbrandson
 
WPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteWPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteDeola Kayode
 
Hacked - What do you do now?
Hacked - What do you do now?Hacked - What do you do now?
Hacked - What do you do now?Tony Perez
 
WordPress Security Begins With Good Posture
WordPress Security Begins With Good PostureWordPress Security Begins With Good Posture
WordPress Security Begins With Good PostureTony Perez
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From HacksTony Perez
 
Website Security AMA: Best Practices
Website Security AMA: Best Practices Website Security AMA: Best Practices
Website Security AMA: Best Practices Adam W. Warner
 
Sucuri Webinar: Leveraging Sucuri's API
Sucuri Webinar: Leveraging Sucuri's APISucuri Webinar: Leveraging Sucuri's API
Sucuri Webinar: Leveraging Sucuri's APISucuri
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityTony Perez
 

Empfohlen

The 7 Deadly Sins of WordPress Security
The 7 Deadly Sins of WordPress SecurityThe 7 Deadly Sins of WordPress Security
The 7 Deadly Sins of WordPress SecurityJoseph Herbrandson
 
WPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteWPSecurity best practices of securing a word press website
WPSecurity best practices of securing a word press websiteDeola Kayode
 
Hacked - What do you do now?
Hacked - What do you do now?Hacked - What do you do now?
Hacked - What do you do now?Tony Perez
 
WordPress Security Begins With Good Posture
WordPress Security Begins With Good PostureWordPress Security Begins With Good Posture
WordPress Security Begins With Good PostureTony Perez
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From HacksTony Perez
 
Website Security AMA: Best Practices
Website Security AMA: Best Practices Website Security AMA: Best Practices
Website Security AMA: Best Practices Adam W. Warner
 
Sucuri Webinar: Leveraging Sucuri's API
Sucuri Webinar: Leveraging Sucuri's APISucuri Webinar: Leveraging Sucuri's API
Sucuri Webinar: Leveraging Sucuri's APISucuri
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityTony Perez
 
WordPress Security is like a HHAM Sandwich
WordPress Security is like a HHAM SandwichWordPress Security is like a HHAM Sandwich
WordPress Security is like a HHAM SandwichRed8 Interactive
 
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri
 
Steps to Keep Your Site Clean
Steps to Keep Your Site CleanSteps to Keep Your Site Clean
Steps to Keep Your Site CleanSucuri
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITEAcodez IT Solutions
 
The Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress SecurityThe Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress SecurityAidanChard
 
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit GuideSucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit GuideSucuri
 
Protecting Web App users in today’s hostile environment
Protecting Web App users in today’s hostile environmentProtecting Web App users in today’s hostile environment
Protecting Web App users in today’s hostile environmentajitdhumale
 
Secure wordpress
Secure wordpressSecure wordpress
Secure wordpressPrabesh Thapa
 
Sucuri Webinar: How to Clean a Hacked Magento Website
Sucuri Webinar: How to Clean a Hacked Magento WebsiteSucuri Webinar: How to Clean a Hacked Magento Website
Sucuri Webinar: How to Clean a Hacked Magento WebsiteSucuri
 
Wp security presentation
Wp security presentationWp security presentation
Wp security presentationNik Cree
 
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri
 
Word camp pune 2013 security
Word camp pune 2013 securityWord camp pune 2013 security
Word camp pune 2013 securityGaurav Singh
 
Content Security Policies: Let's Break Stuff for PHPSW at Bath Digital
Content Security Policies: Let's Break Stuff for PHPSW at Bath DigitalContent Security Policies: Let's Break Stuff for PHPSW at Bath Digital
Content Security Policies: Let's Break Stuff for PHPSW at Bath DigitalMatt Brunt
 
Access Denied
Access DeniedAccess Denied
Access DeniedPaul Gilzow
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityMarilyn N
 
Is your Wordpress safe enough?
Is your Wordpress safe enough? Is your Wordpress safe enough?
Is your Wordpress safe enough? saidmurat
 
Security 101
Security 101Security 101
Security 101Michele Butcher-Jones
 
jquerySF: https://<your>
jquerySF: https://<your>jquerySF: https://<your>
jquerySF: https://<your>Emily Stark
 
Website security
Website securityWebsite security
Website securityAkhilesh Kant
 
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best PracticesWordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best PracticesBrecht Ryckaert
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
Sucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital MarketersSucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital MarketersSucuri
 

Weitere Àhnliche Inhalte

Was ist angesagt?

WordPress Security is like a HHAM Sandwich
WordPress Security is like a HHAM SandwichWordPress Security is like a HHAM Sandwich
WordPress Security is like a HHAM SandwichRed8 Interactive
 
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri
 
Steps to Keep Your Site Clean
Steps to Keep Your Site CleanSteps to Keep Your Site Clean
Steps to Keep Your Site CleanSucuri
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITEAcodez IT Solutions
 
The Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress SecurityThe Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress SecurityAidanChard
 
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit GuideSucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit GuideSucuri
 
Protecting Web App users in today’s hostile environment
Protecting Web App users in today’s hostile environmentProtecting Web App users in today’s hostile environment
Protecting Web App users in today’s hostile environmentajitdhumale
 
Secure wordpress
Secure wordpressSecure wordpress
Secure wordpressPrabesh Thapa
 
Sucuri Webinar: How to Clean a Hacked Magento Website
Sucuri Webinar: How to Clean a Hacked Magento WebsiteSucuri Webinar: How to Clean a Hacked Magento Website
Sucuri Webinar: How to Clean a Hacked Magento WebsiteSucuri
 
Wp security presentation
Wp security presentationWp security presentation
Wp security presentationNik Cree
 
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri
 
Word camp pune 2013 security
Word camp pune 2013 securityWord camp pune 2013 security
Word camp pune 2013 securityGaurav Singh
 
Content Security Policies: Let's Break Stuff for PHPSW at Bath Digital
Content Security Policies: Let's Break Stuff for PHPSW at Bath DigitalContent Security Policies: Let's Break Stuff for PHPSW at Bath Digital
Content Security Policies: Let's Break Stuff for PHPSW at Bath DigitalMatt Brunt
 
Access Denied
Access DeniedAccess Denied
Access DeniedPaul Gilzow
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityMarilyn N
 
Is your Wordpress safe enough?
Is your Wordpress safe enough? Is your Wordpress safe enough?
Is your Wordpress safe enough? saidmurat
 
jquerySF: https://<your>
jquerySF: https://<your>jquerySF: https://<your>
jquerySF: https://<your>Emily Stark
 
Website security
Website securityWebsite security
Website securityAkhilesh Kant
 
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best PracticesWordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best PracticesBrecht Ryckaert
 

Was ist angesagt? (20)

WordPress Security is like a HHAM Sandwich
WordPress Security is like a HHAM SandwichWordPress Security is like a HHAM Sandwich
WordPress Security is like a HHAM Sandwich
 
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
 
Steps to Keep Your Site Clean
Steps to Keep Your Site CleanSteps to Keep Your Site Clean
Steps to Keep Your Site Clean
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
 
The Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress SecurityThe Ultimate Guide to Wordpress Security
The Ultimate Guide to Wordpress Security
 
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit GuideSucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit Guide
 
Protecting Web App users in today’s hostile environment
Protecting Web App users in today’s hostile environmentProtecting Web App users in today’s hostile environment
Protecting Web App users in today’s hostile environment
 
Secure wordpress
Secure wordpressSecure wordpress
Secure wordpress
 
Sucuri Webinar: How to Clean a Hacked Magento Website
Sucuri Webinar: How to Clean a Hacked Magento WebsiteSucuri Webinar: How to Clean a Hacked Magento Website
Sucuri Webinar: How to Clean a Hacked Magento Website
 
Wp security presentation
Wp security presentationWp security presentation
Wp security presentation
 
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! website
 
Word camp pune 2013 security
Word camp pune 2013 securityWord camp pune 2013 security
Word camp pune 2013 security
 
Content Security Policies: Let's Break Stuff for PHPSW at Bath Digital
Content Security Policies: Let's Break Stuff for PHPSW at Bath DigitalContent Security Policies: Let's Break Stuff for PHPSW at Bath Digital
Content Security Policies: Let's Break Stuff for PHPSW at Bath Digital
 
Access Denied
Access DeniedAccess Denied
Access Denied
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Is your Wordpress safe enough?
Is your Wordpress safe enough? Is your Wordpress safe enough?
Is your Wordpress safe enough?
 
Security 101
Security 101Security 101
Security 101
 
jquerySF: https://<your>
jquerySF: https://<your>jquerySF: https://<your>
jquerySF: https://<your>
 
Website security
Website securityWebsite security
Website security
 
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best PracticesWordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
 

Ähnlich wie WordCamp Baltimore - WordPress Security: Fundamentals for Business

How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
Sucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital MarketersSucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital MarketersSucuri
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
Professional WordPress Security: Beyond Security Plugins
Professional WordPress Security: Beyond Security PluginsProfessional WordPress Security: Beyond Security Plugins
Professional WordPress Security: Beyond Security PluginsChris Burgess
 
Secure Web hosting provider - KTCHost
Secure Web hosting provider - KTCHostSecure Web hosting provider - KTCHost
Secure Web hosting provider - KTCHostKTC Host
 
Devouring Security Insufficient data validation risks Cross Site Scripting
Devouring Security Insufficient data validation risks Cross Site ScriptingDevouring Security Insufficient data validation risks Cross Site Scripting
Devouring Security Insufficient data validation risks Cross Site Scriptinggmaran23
 
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...CiNPA Security SIG
 
HackAvert
HackAvertHackAvert
HackAvertfepinette
 
Crunching the Top 10000 Websites' Password Policies and Controls [Presented b...
Crunching the Top 10000 Websites' Password Policies and Controls [Presented b...Crunching the Top 10000 Websites' Password Policies and Controls [Presented b...
Crunching the Top 10000 Websites' Password Policies and Controls [Presented b...Steve Werby
 
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!CiNPA Security SIG
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
Comment pirater le site de mon concurrent.. et securiser le mien
Comment pirater le site de mon concurrent.. et securiser le mienComment pirater le site de mon concurrent.. et securiser le mien
Comment pirater le site de mon concurrent.. et securiser le mienJulien Dereumaux
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress SecurityDougal Campbell
 
The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?BCS ProSoft
 
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!CiNPA Security SIG
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security SystemMatthew Bricker
 
Word press security 101
Word press security 101 Word press security 101
Word press security 101 Kojac801
 
Locking Down Your WordPress Site
Locking Down Your WordPress SiteLocking Down Your WordPress Site
Locking Down Your WordPress SiteFrank Corso
 

Ähnlich wie WordCamp Baltimore - WordPress Security: Fundamentals for Business (20)

How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
 
Sucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital MarketersSucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital Marketers
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
 
Professional WordPress Security: Beyond Security Plugins
Professional WordPress Security: Beyond Security PluginsProfessional WordPress Security: Beyond Security Plugins
Professional WordPress Security: Beyond Security Plugins
 
Secure Web hosting provider - KTCHost
Secure Web hosting provider - KTCHostSecure Web hosting provider - KTCHost
Secure Web hosting provider - KTCHost
 
Devouring Security Insufficient data validation risks Cross Site Scripting
Devouring Security Insufficient data validation risks Cross Site ScriptingDevouring Security Insufficient data validation risks Cross Site Scripting
Devouring Security Insufficient data validation risks Cross Site Scripting
 
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
 
HackAvert
HackAvertHackAvert
HackAvert
 
Crunching the Top 10000 Websites' Password Policies and Controls [Presented b...
Crunching the Top 10000 Websites' Password Policies and Controls [Presented b...Crunching the Top 10000 Websites' Password Policies and Controls [Presented b...
Crunching the Top 10000 Websites' Password Policies and Controls [Presented b...
 
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
Pubcon Vegas Session - WordPress Site Security Audits
Pubcon Vegas Session - WordPress Site Security AuditsPubcon Vegas Session - WordPress Site Security Audits
Pubcon Vegas Session - WordPress Site Security Audits
 
Comment pirater le site de mon concurrent.. et securiser le mien
Comment pirater le site de mon concurrent.. et securiser le mienComment pirater le site de mon concurrent.. et securiser le mien
Comment pirater le site de mon concurrent.. et securiser le mien
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress Security
 
Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )Click or Not to Click (Cyber Security Awareness )
Click or Not to Click (Cyber Security Awareness )
 
The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?
 
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security System
 
Word press security 101
Word press security 101 Word press security 101
Word press security 101
 
Locking Down Your WordPress Site
Locking Down Your WordPress SiteLocking Down Your WordPress Site
Locking Down Your WordPress Site
 

KĂŒrzlich hochgeladen

VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Low Rate Call Girls Kolkata Avani đŸ€Œ 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani đŸ€Œ 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani đŸ€Œ 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani đŸ€Œ 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 

KĂŒrzlich hochgeladen (20)

VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 đŸ«Š Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 đŸ«Š Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 đŸ«Š Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 đŸ«Š Vanshika Verma More Our Se...
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❀ 7710465962 Independent Call Girls In C...
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Low Rate Call Girls Kolkata Avani đŸ€Œ 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani đŸ€Œ 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani đŸ€Œ 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani đŸ€Œ 8250192130 🚀 Vip Call Girls Kolkata
 

WordCamp Baltimore - WordPress Security: Fundamentals for Business

  • 1.
  • 2. ABOUT ME WEB DESIGN AND INFORMATION SECURITY Committed to WordPress since 2008. SUCURI – Researcher and Account Manager Removing malware and protecting websites. Personally cleaned over 5,000 websites SUCURI.NET Twitter: @JHerbrandson joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 3. ABOUT SUCURI Over 45 Security Professionals Making a Safer Web SECURITY SCANNING & ANALYSIS Checking the health over 3 Million websites every month through our free Sitecheck Scanner: http://sitecheck.sucuri.net MALWARE CLEANUP Cleaning and remediating 300 – 400 hacked or infected websites everyday. ATTACK PROTECTION Blocking over 33 million attacks and instances of malicious traffic every month EDUCATION Providing detailed and actionable security information through our blog at http://blog.sucuri.net " joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net H ! G
  • 4. ATTACK TRAFFIC ORIGINS Map.Ipviking.com joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 5. A QUICK DEMO Attack in Progress: https://www.youtube.com/watch? v=v4Xr3LrixVg&list=UUzkxqKA_bkNlj1-nX5f2LNA joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 6. Sooo
 WHY? It’s Just Business
probably - The Short Answer: Fame and Fortune - $BILLION Spam – Generic Pharmaceuticals, Payday Loans, Gambling, Designed Brand Knock Offs - Hacktivism – Politics and religion at the speed of download - Immaturity – Kids being kids joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 7. # Start with the Basics I
  • 8. THE NEED FOR SECURITY THE STATE OF THE INTERNET www.internetlivestats.com joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 9. Shared Hosting Dedicated Hosting joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net Managed Hosting HOSTING OPTIONS Choose wisely Done for you All Cheap yours
  • 10. MANAGED-HOSTING PROVIDERS WordPress Experts for Everyone! joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 11. SPEAKING OF ENVIRONMENT
 Who is using the Public Wifi? joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 12. ( II No Easy Path
  • 13. WORD of WARNING No chance of 0% risk. The next ‘0-Day’ attack is always around the corner
 joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 14. SECURITY HEADLINES Proof: Seen the news lately? joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 15. c III ALWAYS Backup
  • 16. BUT I’VE NEVER HAD A PROBLEM BEFORE
 Have a low profile, non-threatening site? You are still getting attention joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net s
  • 17. FREE WEBSITE REBRAND joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net HACKERS HARD AT WORK PHARMACEUTICAL SPAM MAKES HACKERS TWO BILLION DOLLARS/YEAR SOLUTION: OFFSITE BACKUPS RESULT: CLEAN SITE IMMEDIATELY K $ Ă„ j
  • 18. AUTOMATED BACKUPS Know you have a backup plan backup buddy vaultpress sucuri backups webhosting backups joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net ithemes.com/ backupbuddy/ $ Vaultpress.com Sucuri.net Your hosting company
  • 19. t IV Take Password Policy Seriously
  • 20. Top 5 passwords used in 2013 Seriously
. Password Last Year’s Rank ‘123456’ 2 ‘password’ 1 ‘12345678’ 3 ‘qwerty’ 5 ‘abc123’ 4 credit: SplashData.com joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 21. PASSWORD MANAGER Remembers your passwords so you don’t have to lastpass 1password keypass dashlane lastpass.com agilebits.com keepass.info dashlane.com joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 22. LEAST PRIVILEGE Does your user setup look like this? !2 !4 joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net !3 Hosting/ !7 Administrator FTP/SFTP root access control panel Editor/ contributer !1 Actual Admin Potential Hackers Friends !12 Writers Seo Guys Analysts !2 Editors !1 Random People !10 !5 Hackers Friends Again

  • 23. w Steal and Be Stolen From V
  • 24. NOT THE CODE YOU’RE LOOKING FOR
 Assisting the enemy This probably shouldn’t be in your theme: if(isset($_GET['pwd'])) { eval(base64_decode("CiRhdXRoX3Bhc3MgPSAiN2U5NBhY3RpdmF0ZXM sIGNoYW5nZWQgZWxlbWVudHMgaW4gdGhlIG9yaWdpbmFsIHBsdWdp biwgZGVzaWduZWQgdG8gYmVoYXZlIGxpa2UgY2xlYW4gY29kZSwgc2ln bmFsIHRoZSBoYWNrZXIgdG8gbGV0IGl0IGtub3cgdGhhdCBpdOKAmXMg aW4uIEEgY2xlYW4gYmFjayBkb29yIGhhcyBiZWVuIG9wZW5lZCwgYW5k IHlvdXIgc2l0ZSBpcyBub3cgb24gYW4gYXV0b21hdGVkIGF0dGFjayBsaXN 0LCBtZWFudCB0byBxdWlldGx5IGluZmVjdCBhbmQgcmVpbmZlY3QgeW9 1ciBzaXRlIGFnYWluIGFuZCBhZw==“)); } joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net !
  • 25. MORE THAN EXPECTED joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 26. K Have a System VI
  • 27. A SYSTEM TO LIVE BY 1. Protect! – Your computer has a firewall, why doesn’t your website? 2. Detect! – The same goes for AntiVirus. 3. Respond! – Clean up the mess. You have a backup right? Encompassing Actions: - Know the best practices - Mind your maintenance joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 28. SYSTEM IN ACTION joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 29. c Understand the Changing Landscape VII
  • 30. WORDPRESS CORE Strong and Secure j Ñ ( joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net Dedicated Creators Making WordPress Solid and Secure Auto-Updates Get important patches right away. Support Everything you need at WordPress.org
  • 31. WordPress Version Distribution 3.0 – 4.0 (wordpress.org/about/stats/) joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 32. 3rd Party VULNERABILITIES Keep watch Vulnerabilities disclosed at http://blog.sucuri.net All-In-One SEO – 20 Million Downloads WPtouch – 6 Million Downloads MailPoet - 2.7 Million Downloads Custom Contact Forms – 640k Downloads Slider Revolution – Hundreds of Thousands (themeforest/codecanyon) joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 33. Z X Going further Tips, Tools, and Services
  • 34. WEBSITE ANTIVIRUS & FIREWALL Protection and Detection Don’t be the mark! Understand the changes you are implementing “AntiVirus” “Firewall” joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net WordFence Sucuri Website Antivirus CloudFlare Sucuri Website Firewall “Utilities” iThemes Security BruteProtect Sucuri Security Plugin
  • 35. RESOURCES Because you don’t know what you don’t know General WordPress Security: https://codex.wordpress.org/Hardening_WordPress https://blog.sucuri.net Hacking and General Security: http://www.securityfocus.com/ http://blogs.sophos.com/ Facebook Groups: WordPress Security Advanced WordPress SubReddits: Reddit.com/r/Hacking Reddit.com/r/WordPress joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 36. EASY PATH TO CLEANUP Response NEED: Releases of WordPress at: https://wordpress.org/download/release-archive/ Clean backup of active theme and required plugins New Passwords (WordPress, FTP, Hosting Control Panel, Everything Else) joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net
  • 37. joseph herbrandson | www.sucuri.net 1-888-873-0817| joseph@sucuri.net