WordCamp Baltimore - WordPress Security: Fundamentals for Business
1.
2. ABOUT ME
WEB DESIGN AND INFORMATION SECURITY
Committed to WordPress since 2008.
SUCURI â Researcher and Account Manager
Removing malware and protecting websites.
Personally cleaned over 5,000 websites
SUCURI.NET
Twitter: @JHerbrandson
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
3. ABOUT SUCURI
Over 45 Security Professionals Making a Safer Web
SECURITY SCANNING & ANALYSIS
Checking the health over 3 Million websites
every month through our free
Sitecheck Scanner:
http://sitecheck.sucuri.net
MALWARE CLEANUP
Cleaning and remediating 300 â 400
hacked or infected websites everyday.
ATTACK PROTECTION
Blocking over 33 million attacks and
instances of malicious traffic every month
EDUCATION
Providing detailed and actionable security
information through our blog at
http://blog.sucuri.net
"
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
H
!
G
5. A QUICK DEMO
Attack in Progress:
https://www.youtube.com/watch?
v=v4Xr3LrixVg&list=UUzkxqKA_bkNlj1-nX5f2LNA
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
6. Sooo⊠WHY?
Itâs Just BusinessâŠprobably
- The Short Answer: Fame and Fortune
- $BILLION Spam â Generic Pharmaceuticals, Payday Loans, Gambling,
Designed Brand Knock Offs
- Hacktivism â Politics and religion at the speed of download
- Immaturity â Kids being kids
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
13. WORD of WARNING
No chance of 0% risk.
The next â0-Dayâ attack is always around the cornerâŠ
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
14. SECURITY HEADLINES
Proof: Seen the news lately?
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
16. BUT IâVE NEVER HAD A PROBLEM BEFOREâŠ
Have a low profile, non-threatening
site? You are still getting attention
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
s
17. FREE WEBSITE REBRAND
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
HACKERS HARD AT WORK
PHARMACEUTICAL SPAM MAKES
HACKERS TWO BILLION DOLLARS/YEAR
SOLUTION: OFFSITE BACKUPS
RESULT: CLEAN SITE IMMEDIATELY
K
$
Ă„
j
18. AUTOMATED BACKUPS
Know you have a backup plan
backup buddy vaultpress sucuri backups webhosting backups
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
ithemes.com/
backupbuddy/
$
Vaultpress.com Sucuri.net Your hosting
company
20. Top 5 passwords used in 2013
SeriouslyâŠ.
Password Last Yearâs Rank
â123456â 2
âpasswordâ 1
â12345678â 3
âqwertyâ 5
âabc123â 4
credit: SplashData.com
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
21. PASSWORD MANAGER
Remembers your passwords so you donât have to
lastpass 1password keypass dashlane
lastpass.com agilebits.com keepass.info dashlane.com
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
22. LEAST PRIVILEGE
Does your user setup look like this?
!2
!4
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
!3
Hosting/
!7
Administrator FTP/SFTP
root access
control panel Editor/
contributer
!1
Actual
Admin
Potential
Hackers
Friends
!12
Writers
Seo Guys
Analysts
!2
Editors
!1
Random People
!10
!5
Hackers
Friends
AgainâŠ
24. NOT THE CODE YOUâRE LOOKING FORâŠ
Assisting the enemy
This probably shouldnât be in your theme:
if(isset($_GET['pwd'])) {
eval(base64_decode("CiRhdXRoX3Bhc3MgPSAiN2U5NBhY3RpdmF0ZXM
sIGNoYW5nZWQgZWxlbWVudHMgaW4gdGhlIG9yaWdpbmFsIHBsdWdp
biwgZGVzaWduZWQgdG8gYmVoYXZlIGxpa2UgY2xlYW4gY29kZSwgc2ln
bmFsIHRoZSBoYWNrZXIgdG8gbGV0IGl0IGtub3cgdGhhdCBpdOKAmXMg
aW4uIEEgY2xlYW4gYmFjayBkb29yIGhhcyBiZWVuIG9wZW5lZCwgYW5k
IHlvdXIgc2l0ZSBpcyBub3cgb24gYW4gYXV0b21hdGVkIGF0dGFjayBsaXN
0LCBtZWFudCB0byBxdWlldGx5IGluZmVjdCBhbmQgcmVpbmZlY3QgeW9
1ciBzaXRlIGFnYWluIGFuZCBhZw==â)); }
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
!
25. MORE THAN EXPECTED
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
27. A SYSTEM TO LIVE BY
1. Protect! â Your computer has a firewall, why doesnât your website?
2. Detect! â The same goes for AntiVirus.
3. Respond! â Clean up the mess. You have a backup right?
Encompassing Actions:
- Know the best practices
- Mind your maintenance
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
28. SYSTEM IN ACTION
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
30. WORDPRESS CORE
Strong and Secure
j Ă (
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
Dedicated Creators
Making WordPress
Solid and Secure
Auto-Updates
Get important
patches right away.
Support
Everything you need
at WordPress.org
31. WordPress Version Distribution
3.0 â 4.0 (wordpress.org/about/stats/)
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
32. 3rd Party VULNERABILITIES
Keep watch
Vulnerabilities disclosed at http://blog.sucuri.net
All-In-One SEO â 20 Million Downloads
WPtouch â 6 Million Downloads
MailPoet - 2.7 Million Downloads
Custom Contact Forms â 640k Downloads
Slider Revolution â Hundreds of Thousands (themeforest/codecanyon)
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
34. WEBSITE ANTIVIRUS & FIREWALL
Protection and Detection
Donât be the mark! Understand the changes you are implementing
âAntiVirusâ âFirewallâ
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
WordFence
Sucuri Website Antivirus
CloudFlare
Sucuri Website Firewall
âUtilitiesâ
iThemes Security
BruteProtect
Sucuri Security Plugin
35. RESOURCES
Because you donât know what you donât know
General WordPress Security:
https://codex.wordpress.org/Hardening_WordPress
https://blog.sucuri.net
Hacking and General Security:
http://www.securityfocus.com/
http://blogs.sophos.com/
Facebook Groups:
WordPress Security
Advanced WordPress
SubReddits:
Reddit.com/r/Hacking
Reddit.com/r/WordPress
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
36. EASY PATH TO CLEANUP
Response
NEED:
Releases of WordPress at:
https://wordpress.org/download/release-archive/
Clean backup of active theme and required plugins
New Passwords (WordPress, FTP, Hosting Control Panel, Everything Else)
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net