This talk was originally delivered at the Melbourne WordPress Developer Meetup in July 2016. Rather than the common talks on hardening and prevention, this presentation covered how you can identify a WordPress website is compromised, and some of the early warning signs.
4. Even if we’re doing everything
possible to harden and maintain our
installations, we should still care
about security to monitor our high
value sites.
5.
6. Is Penetration Testing Worth it?
There are two reasons why you might want to conduct a
penetration test.
One, you want to know whether a certain vulnerability is
present because you're going to fix it if it is. And two, you need
a big, scary report to persuade your boss to spend more
money. If neither is true, I'm going to save you a lot of money
by giving you this free penetration test: You're vulnerable.
Now, go do something useful about it.
-- Bruce Schneier
http://www.schneier.com/blog/archives/2007/05/is_penetration.html
21. Let’s ask another question. Is Linux
secure? Is Django secure? Is iOS
secure? Is MySQL secure? Is Drupal
secure? Is Node.JS secure? Is
<insert browser> secure? Is
Android secure? Is Rails secure? Is
Windows Server secure? Is Shopify
secure? You get the idea…
This can get subjective, since some have a
much better track record than others, and
some are designed with security as a priority.
70. Use a security plugin
(or manually harden)
https://www.wordfence.com/
https://sucuri.net/
https://ithemes.com/security/
71. Final Words…
Security issues typically occur because of
certain patterns. Cleaning, restoring or
rebuilding doesn’t address that.
Compromised sites are much more likely to
become compromised again. Get everyone
on board to take security seriously.