SlideShare ist ein Scribd-Unternehmen logo
1 von 15
Downloaden Sie, um offline zu lesen
Breaking WordPress
#WHOISDAVIDYARDE
• AKA Batman
• Co-founder @ Sevenality
• Twitter: @dsmy
The Web is HUGE!!!
There are over 1.8 Billion active websites on the web.
• 43% of the top 1 million websites are hosted in USA itself.
• 48% of the top 100 blogs/websites run on WordPress.
• 672 Exabytes - 672,000,000,000 Gigabytes (GB) of accessible data.
Today’s Challenges
• Administration
• Credentials
• End-users aka wildcards
• Education
• Core
• Themes*
• Plugins*
• End-users*
Today’s Problem*
Implications of a Hacked Site
• SEO rankings wrecked
• Loss of customer trust
• Visitors exposed to malware
• Hours of time wasted assessing & repairing damage
• Loss of sales/money
Types of Attacks
Opportunistic Targeted
• Web Trolls
• Ability for mass exposure
• Timthumb
• Big Enterprises
• Wordpress.com
• Woothemes
• Usually worth the time and energy
invested to compromise
• Done for bigger returns
Top 5 WordPress Infections
• Backdoors
• Difficult to detect via http
• Good time to start crying
• Pharma Attacks
• Owners usually detect
• Now shamefully selling viagra or some other drug
• Injections
• Think fake Anti-virus downloads
• Defacements
• You’re now supporting a rebel army
• Malicious Redirects
Know Your Environment
• What kind of security does your host use?
• What will they do if your site gets hacked?
• Will they fix it?
• Will they shut it down?
If server management isn’t your thing, use a managed
solution.
• WP Engine - http://wpengine.com/
• Flywheel - http://getflywheel.com/
• MediaTemple - http://mediatemple.net/
• GoDaddy - http://www.godaddy.com/
Managed WP Hosting Providers
HELP!! Everything is broken and I’ve been
blacklisted!!!
• Don’t panic.
• Detect
• Remove
• Protect
• Submit
Recommended Resources• WP Security Checklist - http://wpsecuritychecklist.com
• Clef - https://getclef.com
• iThemes Security(Better WP Security) - http://ithemes.com/security
• WP Security Lock - http://wpsecuritylock.com
• VaultPress - https://vaultpress.com
• ManageWP - https://managewp.com
“An ounce of prevention is worth a pound of cure.”
- Benjamin Franklin
Thank You
• David Yarde
• Co-founder @ Sevenality
• Twitter: @dsmy
• Email:
david@sevenality.com

Weitere ähnliche Inhalte

Ähnlich wie Breaking WordPress

Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress SecurityChris Burgess
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012Cyren, Inc
 
Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityStopTheHacker
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress TroubleshootingTiffany Bridge
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best PracticesRobert Vidal
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks   KS ED TECH 2012Surfing with Sharks   KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014Michael Carnell
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security EssentialsAngela Bowman
 
Multisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard WayMultisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard Waysusanwrotethis
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityIvan Storck
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server SecurityPeter Baylies
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security IntroCash Williams
 

Ähnlich wie Breaking WordPress (20)

Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress Security
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012
 
Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website Security
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress Troubleshooting
 
MWUG wp-myths
MWUG wp-mythsMWUG wp-myths
MWUG wp-myths
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks   KS ED TECH 2012Surfing with Sharks   KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
 
HackAvert
HackAvertHackAvert
HackAvert
 
Multisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard WayMultisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard Way
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security Intro
 

Mehr von David Yarde

Changemaking Through Design Thinking
Changemaking Through Design ThinkingChangemaking Through Design Thinking
Changemaking Through Design ThinkingDavid Yarde
 
The Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionThe Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionDavid Yarde
 
The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...David Yarde
 
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and ThriveBranding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and ThriveDavid Yarde
 
Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.David Yarde
 
Managing Project Expectations and Roadblocks
Managing Project Expectations and RoadblocksManaging Project Expectations and Roadblocks
Managing Project Expectations and RoadblocksDavid Yarde
 
Designing for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand StoryDesigning for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand StoryDavid Yarde
 
Timeless Branding
Timeless BrandingTimeless Branding
Timeless BrandingDavid Yarde
 
Branded Content Strategies
Branded Content StrategiesBranded Content Strategies
Branded Content StrategiesDavid Yarde
 
Minimum Lovable Brands
Minimum Lovable BrandsMinimum Lovable Brands
Minimum Lovable BrandsDavid Yarde
 
Branding for Success
Branding for SuccessBranding for Success
Branding for SuccessDavid Yarde
 

Mehr von David Yarde (11)

Changemaking Through Design Thinking
Changemaking Through Design ThinkingChangemaking Through Design Thinking
Changemaking Through Design Thinking
 
The Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionThe Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World Edition
 
The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...
 
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and ThriveBranding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
 
Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.
 
Managing Project Expectations and Roadblocks
Managing Project Expectations and RoadblocksManaging Project Expectations and Roadblocks
Managing Project Expectations and Roadblocks
 
Designing for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand StoryDesigning for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand Story
 
Timeless Branding
Timeless BrandingTimeless Branding
Timeless Branding
 
Branded Content Strategies
Branded Content StrategiesBranded Content Strategies
Branded Content Strategies
 
Minimum Lovable Brands
Minimum Lovable BrandsMinimum Lovable Brands
Minimum Lovable Brands
 
Branding for Success
Branding for SuccessBranding for Success
Branding for Success
 

Kürzlich hochgeladen

AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Juan Carlos Gonzalez
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 

Kürzlich hochgeladen (20)

AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 

Breaking WordPress

  • 2. #WHOISDAVIDYARDE • AKA Batman • Co-founder @ Sevenality • Twitter: @dsmy
  • 3. The Web is HUGE!!! There are over 1.8 Billion active websites on the web. • 43% of the top 1 million websites are hosted in USA itself. • 48% of the top 100 blogs/websites run on WordPress. • 672 Exabytes - 672,000,000,000 Gigabytes (GB) of accessible data.
  • 4. Today’s Challenges • Administration • Credentials • End-users aka wildcards • Education
  • 5. • Core • Themes* • Plugins* • End-users* Today’s Problem*
  • 6. Implications of a Hacked Site • SEO rankings wrecked • Loss of customer trust • Visitors exposed to malware • Hours of time wasted assessing & repairing damage • Loss of sales/money
  • 7. Types of Attacks Opportunistic Targeted • Web Trolls • Ability for mass exposure • Timthumb • Big Enterprises • Wordpress.com • Woothemes • Usually worth the time and energy invested to compromise • Done for bigger returns
  • 8. Top 5 WordPress Infections • Backdoors • Difficult to detect via http • Good time to start crying • Pharma Attacks • Owners usually detect • Now shamefully selling viagra or some other drug • Injections • Think fake Anti-virus downloads • Defacements • You’re now supporting a rebel army • Malicious Redirects
  • 9. Know Your Environment • What kind of security does your host use? • What will they do if your site gets hacked? • Will they fix it? • Will they shut it down?
  • 10. If server management isn’t your thing, use a managed solution.
  • 11. • WP Engine - http://wpengine.com/ • Flywheel - http://getflywheel.com/ • MediaTemple - http://mediatemple.net/ • GoDaddy - http://www.godaddy.com/ Managed WP Hosting Providers
  • 12. HELP!! Everything is broken and I’ve been blacklisted!!! • Don’t panic. • Detect • Remove • Protect • Submit
  • 13. Recommended Resources• WP Security Checklist - http://wpsecuritychecklist.com • Clef - https://getclef.com • iThemes Security(Better WP Security) - http://ithemes.com/security • WP Security Lock - http://wpsecuritylock.com • VaultPress - https://vaultpress.com • ManageWP - https://managewp.com
  • 14. “An ounce of prevention is worth a pound of cure.” - Benjamin Franklin
  • 15. Thank You • David Yarde • Co-founder @ Sevenality • Twitter: @dsmy • Email: david@sevenality.com