SlideShare une entreprise Scribd logo

WP security-wordcamp2016-vitalykarasik

Télécharger en tant que PPTX, PDF
V
Vitaly Karasik

Wordpress Security lecture for the WordCamp 2016 Israel Resources: WordPress Codex – http://codex.wordpress.org/Hardening_WordPress WordFence Blog – http://wordfence.com/blog Sucuri Blog – https://blog.sucuri.net/category/wordpress-security/ WPScan – http://wpscan.org/ LMD Scanner – https://www.rfxn.com/projects/linux-malware-detect/ Security Plugins – http://researchasahobby.com/?p=1915 Hack Target – https://hackertarget.com/wordpress-security-scan

Internet
1  sur  16
Intro to WordPress Security Security for smart people or Vitaly Karasik DevOps Consultant www.vitalykarasik.com WordCamp 2016 27.03.2016 12135
Hacks Cost You More Than Money • SEO rating • Blacklisting • Reputation - “It can take years to build, and minutes to lose.” • Customer’s data leak
Attack Types Exploit Vulnerabilities Brute Force DoS
How to prevent – Concepts • Security is a process, not a task • Limiting Access • Containment • Preparation and Knowledge • Trusted Sources
How to prevent – Methods • Updates, Updates, Updates • WordPress Plugins – only trusted, delete unused • Credentials – usernames, passwords, dual-factor • Limiting Access to WP Admin • Server Hardening • Database User Privileges • FileSystem permissions
Tools and Services • WP Plugins – WordFence, Sucuri • DoS Protection, WAF – CloudFlare, Incapsula • Security Scanners – LMD Scanner, WPScan • WP Managed Hosting – WPEngine
WordFence Firewall and Brute Force Protection
WordFence Real-time Monitoring
WordFence Reports
Backups and Deployment • Offsite Backup – UpdraftPlus • Revision Control – Github, Bitbucket • Automatic Deployment – Beanstalk
Monitoring – be the first to know! • Server Monitoring – Anturis, CloudWatch • Website Monitoring – Anturis, Pingdom • Logs Monitoring – Logz.io, Loggly
Monitoring – Anturis Screenshot
Resources • WordPress Codex – http://codex.wordpress.org/Hardening_WordPress • WordFence Blog – http://wordfence.com/blog • Sucuri Blog – https://blog.sucuri.net/category/wordpress-security/ • WPScan – http://wpscan.org/ • LMD Scanner – https://www.rfxn.com/projects/linux-malware-detect/ • Security Plugins – http://researchasahobby.com/?p=1915 • Hack Target – https://hackertarget.com/wordpress-security-scan
Thanks for listening! Any Questions? Vitaly Karasik DevOps Consultant www.vitalykarasik.com WordCamp 2016 Scan this code to view presentation and links:

Recommandé

O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanNCCOMMS
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa ToromanO365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa ToromanNCCOMMS
 
CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
O365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
O365Con19 - O365 Identity Management and The Golden Config - Chris GoosenO365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
O365Con19 - O365 Identity Management and The Golden Config - Chris GoosenNCCOMMS
 
The Power of Social Login
The Power of Social LoginThe Power of Social Login
The Power of Social LoginMichele Leroux Bustamante
 
Azure signalr service
Azure signalr serviceAzure signalr service
Azure signalr serviceUdaiappa Ramachandran
 
Secure Web Services
Secure Web ServicesSecure Web Services
Secure Web ServicesRob Daigneau
 

Recommandé

O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanNCCOMMS
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa ToromanO365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa ToromanNCCOMMS
 
CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
O365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
O365Con19 - O365 Identity Management and The Golden Config - Chris GoosenO365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
O365Con19 - O365 Identity Management and The Golden Config - Chris GoosenNCCOMMS
 
The Power of Social Login
The Power of Social LoginThe Power of Social Login
The Power of Social LoginMichele Leroux Bustamante
 
Azure signalr service
Azure signalr serviceAzure signalr service
Azure signalr serviceUdaiappa Ramachandran
 
Secure Web Services
Secure Web ServicesSecure Web Services
Secure Web ServicesRob Daigneau
 
AJAX Security - LAC2016
AJAX Security - LAC2016AJAX Security - LAC2016
AJAX Security - LAC2016Julia Logan a.k.a. IrishWonder
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...NCCOMMS
 
WEB_Seminar_by_Prashant_Walke
WEB_Seminar_by_Prashant_WalkeWEB_Seminar_by_Prashant_Walke
WEB_Seminar_by_Prashant_WalkePrashant Walke
 
WordPress and the Enterprise
WordPress and the EnterpriseWordPress and the Enterprise
WordPress and the EnterprisePrasad Ajinkya
 
Sydney 2015 Azure bootcamp PaaS presentation
Sydney 2015 Azure bootcamp PaaS presentationSydney 2015 Azure bootcamp PaaS presentation
Sydney 2015 Azure bootcamp PaaS presentationAaron Saikovski
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerNCCOMMS
 
Deep thoughts from the real world of azure
Deep thoughts from the real world of azureDeep thoughts from the real world of azure
Deep thoughts from the real world of azureMichele Leroux Bustamante
 
CICS Content Delivery Server v3
CICS Content Delivery Server v3CICS Content Delivery Server v3
CICS Content Delivery Server v3Matter of Fact Software
 
Ajax Security Dangers
Ajax Security DangersAjax Security Dangers
Ajax Security Dangersdrkimsky
 
WordPress hosting & Management: An overview
WordPress hosting & Management: An overviewWordPress hosting & Management: An overview
WordPress hosting & Management: An overviewdominicj
 
Locking down word press
Locking down word pressLocking down word press
Locking down word pressZachary Russell
 
Cics content delivery server v3
Cics content delivery server v3Cics content delivery server v3
Cics content delivery server v3Matter of Fact Software
 
WebMatrix
WebMatrixWebMatrix
WebMatrixKris van der Mast
 
Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
AJAX: How to Divert Threats
AJAX: How to Divert ThreatsAJAX: How to Divert Threats
AJAX: How to Divert ThreatsCenzic
 
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionQualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionRisk Analysis Consultants, s.r.o.
 
Give Your SharePoint Site a Physical
Give Your SharePoint Site a PhysicalGive Your SharePoint Site a Physical
Give Your SharePoint Site a PhysicalAscendum Solutions
 
Dzhengis 93098 ajax - security
Dzhengis 93098 ajax - securityDzhengis 93098 ajax - security
Dzhengis 93098 ajax - securitydzhengo44
 
O365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi RoineO365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi RoineNCCOMMS
 
Ako na vlastne WP temy
Ako na vlastne WP temyAko na vlastne WP temy
Ako na vlastne WP temyJuraj Kiss
 
25 Ed Tech Leaders to Follow
25 Ed Tech Leaders to Follow25 Ed Tech Leaders to Follow
25 Ed Tech Leaders to FollowLisa Thumann
 
A better you
A better youA better you
A better youBev Hepting
 

Contenu connexe

Tendances

O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...NCCOMMS
 
WEB_Seminar_by_Prashant_Walke
WEB_Seminar_by_Prashant_WalkeWEB_Seminar_by_Prashant_Walke
WEB_Seminar_by_Prashant_WalkePrashant Walke
 
WordPress and the Enterprise
WordPress and the EnterpriseWordPress and the Enterprise
WordPress and the EnterprisePrasad Ajinkya
 
Sydney 2015 Azure bootcamp PaaS presentation
Sydney 2015 Azure bootcamp PaaS presentationSydney 2015 Azure bootcamp PaaS presentation
Sydney 2015 Azure bootcamp PaaS presentationAaron Saikovski
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerNCCOMMS
 
Ajax Security Dangers
Ajax Security DangersAjax Security Dangers
Ajax Security Dangersdrkimsky
 
WordPress hosting & Management: An overview
WordPress hosting & Management: An overviewWordPress hosting & Management: An overview
WordPress hosting & Management: An overviewdominicj
 
Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
AJAX: How to Divert Threats
AJAX: How to Divert ThreatsAJAX: How to Divert Threats
AJAX: How to Divert ThreatsCenzic
 
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionQualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionRisk Analysis Consultants, s.r.o.
 
Give Your SharePoint Site a Physical
Give Your SharePoint Site a PhysicalGive Your SharePoint Site a Physical
Give Your SharePoint Site a PhysicalAscendum Solutions
 
Dzhengis 93098 ajax - security
Dzhengis 93098 ajax - securityDzhengis 93098 ajax - security
Dzhengis 93098 ajax - securitydzhengo44
 
O365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi RoineO365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi RoineNCCOMMS
 

Tendances (19)

AJAX Security - LAC2016
AJAX Security - LAC2016AJAX Security - LAC2016
AJAX Security - LAC2016
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
 
WEB_Seminar_by_Prashant_Walke
WEB_Seminar_by_Prashant_WalkeWEB_Seminar_by_Prashant_Walke
WEB_Seminar_by_Prashant_Walke
 
WordPress and the Enterprise
WordPress and the EnterpriseWordPress and the Enterprise
WordPress and the Enterprise
 
Sydney 2015 Azure bootcamp PaaS presentation
Sydney 2015 Azure bootcamp PaaS presentationSydney 2015 Azure bootcamp PaaS presentation
Sydney 2015 Azure bootcamp PaaS presentation
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
 
Deep thoughts from the real world of azure
Deep thoughts from the real world of azureDeep thoughts from the real world of azure
Deep thoughts from the real world of azure
 
CICS Content Delivery Server v3
CICS Content Delivery Server v3CICS Content Delivery Server v3
CICS Content Delivery Server v3
 
Ajax Security Dangers
Ajax Security DangersAjax Security Dangers
Ajax Security Dangers
 
WordPress hosting & Management: An overview
WordPress hosting & Management: An overviewWordPress hosting & Management: An overview
WordPress hosting & Management: An overview
 
Locking down word press
Locking down word pressLocking down word press
Locking down word press
 
Cics content delivery server v3
Cics content delivery server v3Cics content delivery server v3
Cics content delivery server v3
 
WebMatrix
WebMatrixWebMatrix
WebMatrix
 
Web application security
Web application securityWeb application security
Web application security
 
AJAX: How to Divert Threats
AJAX: How to Divert ThreatsAJAX: How to Divert Threats
AJAX: How to Divert Threats
 
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionQualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
 
Give Your SharePoint Site a Physical
Give Your SharePoint Site a PhysicalGive Your SharePoint Site a Physical
Give Your SharePoint Site a Physical
 
Dzhengis 93098 ajax - security
Dzhengis 93098 ajax - securityDzhengis 93098 ajax - security
Dzhengis 93098 ajax - security
 
O365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi RoineO365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi Roine
 

En vedette

Ako na vlastne WP temy
Ako na vlastne WP temyAko na vlastne WP temy
Ako na vlastne WP temyJuraj Kiss
 
25 Ed Tech Leaders to Follow
25 Ed Tech Leaders to Follow25 Ed Tech Leaders to Follow
25 Ed Tech Leaders to FollowLisa Thumann
 
Advanced media in 2012
Advanced media in 2012Advanced media in 2012
Advanced media in 2012AMTDubai
 
NJEA Lisa Thumann's Keynote July 7, 2009
NJEA Lisa Thumann's Keynote July 7, 2009NJEA Lisa Thumann's Keynote July 7, 2009
NJEA Lisa Thumann's Keynote July 7, 2009Lisa Thumann
 
Western sscoop.ppt
Western sscoop.pptWestern sscoop.ppt
Western sscoop.pptWesterncoop
 
La escasez
La escasezLa escasez
La escasezmtf63
 
The most complete protfolio of RF beacon intellectual property
The most complete protfolio of RF beacon intellectual propertyThe most complete protfolio of RF beacon intellectual property
The most complete protfolio of RF beacon intellectual propertyEhud Mendelson
 
10 Skills our Students Should Graduate With
10 Skills our Students Should Graduate With10 Skills our Students Should Graduate With
10 Skills our Students Should Graduate WithLisa Thumann
 
Análise global do turismo pg inp
Análise global do turismo pg inpAnálise global do turismo pg inp
Análise global do turismo pg inpth2
 
WordCamp Cantabria 2015 : Como hacer un Smart Theme
WordCamp Cantabria 2015 : Como hacer un Smart ThemeWordCamp Cantabria 2015 : Como hacer un Smart Theme
WordCamp Cantabria 2015 : Como hacer un Smart ThemePancho Pérez Salazar
 
Twitter PowerPoint (1)
Twitter PowerPoint (1)Twitter PowerPoint (1)
Twitter PowerPoint (1)Devyn Nance
 
Using the Power of Twitter: Building Online Learning
Using the Power of Twitter: Building Online LearningUsing the Power of Twitter: Building Online Learning
Using the Power of Twitter: Building Online LearningLisa Thumann
 
Be More Connected: Social Media Marketing Strategies for Non-Profits
Be More Connected: Social Media Marketing Strategies for Non-ProfitsBe More Connected: Social Media Marketing Strategies for Non-Profits
Be More Connected: Social Media Marketing Strategies for Non-ProfitsJulia Gorzka Freeman
 
Jak na SEO ve WordPressu (Pavel Ungr)
Jak na SEO ve WordPressu (Pavel Ungr)Jak na SEO ve WordPressu (Pavel Ungr)
Jak na SEO ve WordPressu (Pavel Ungr)wcsk
 
WordPress, WordPress Multisite y WordPress Multinetwork
WordPress, WordPress Multisite y WordPress MultinetworkWordPress, WordPress Multisite y WordPress Multinetwork
WordPress, WordPress Multisite y WordPress MultinetworkJosé Conti Calveras
 

En vedette (20)

Ako na vlastne WP temy
Ako na vlastne WP temyAko na vlastne WP temy
Ako na vlastne WP temy
 
25 Ed Tech Leaders to Follow
25 Ed Tech Leaders to Follow25 Ed Tech Leaders to Follow
25 Ed Tech Leaders to Follow
 
A better you
A better youA better you
A better you
 
Advanced media in 2012
Advanced media in 2012Advanced media in 2012
Advanced media in 2012
 
Cloughjordan
CloughjordanCloughjordan
Cloughjordan
 
NJEA Lisa Thumann's Keynote July 7, 2009
NJEA Lisa Thumann's Keynote July 7, 2009NJEA Lisa Thumann's Keynote July 7, 2009
NJEA Lisa Thumann's Keynote July 7, 2009
 
Legislación Turística
Legislación Turística Legislación Turística
Legislación Turística
 
Campaña publicitaria
Campaña publicitariaCampaña publicitaria
Campaña publicitaria
 
Western sscoop.ppt
Western sscoop.pptWestern sscoop.ppt
Western sscoop.ppt
 
Sait
SaitSait
Sait
 
La escasez
La escasezLa escasez
La escasez
 
The most complete protfolio of RF beacon intellectual property
The most complete protfolio of RF beacon intellectual propertyThe most complete protfolio of RF beacon intellectual property
The most complete protfolio of RF beacon intellectual property
 
10 Skills our Students Should Graduate With
10 Skills our Students Should Graduate With10 Skills our Students Should Graduate With
10 Skills our Students Should Graduate With
 
Análise global do turismo pg inp
Análise global do turismo pg inpAnálise global do turismo pg inp
Análise global do turismo pg inp
 
WordCamp Cantabria 2015 : Como hacer un Smart Theme
WordCamp Cantabria 2015 : Como hacer un Smart ThemeWordCamp Cantabria 2015 : Como hacer un Smart Theme
WordCamp Cantabria 2015 : Como hacer un Smart Theme
 
Twitter PowerPoint (1)
Twitter PowerPoint (1)Twitter PowerPoint (1)
Twitter PowerPoint (1)
 
Using the Power of Twitter: Building Online Learning
Using the Power of Twitter: Building Online LearningUsing the Power of Twitter: Building Online Learning
Using the Power of Twitter: Building Online Learning
 
Be More Connected: Social Media Marketing Strategies for Non-Profits
Be More Connected: Social Media Marketing Strategies for Non-ProfitsBe More Connected: Social Media Marketing Strategies for Non-Profits
Be More Connected: Social Media Marketing Strategies for Non-Profits
 
Jak na SEO ve WordPressu (Pavel Ungr)
Jak na SEO ve WordPressu (Pavel Ungr)Jak na SEO ve WordPressu (Pavel Ungr)
Jak na SEO ve WordPressu (Pavel Ungr)
 
WordPress, WordPress Multisite y WordPress Multinetwork
WordPress, WordPress Multisite y WordPress MultinetworkWordPress, WordPress Multisite y WordPress Multinetwork
WordPress, WordPress Multisite y WordPress Multinetwork
 

Similaire à WP security-wordcamp2016-vitalykarasik

Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking DrupalGreg Foss
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeThuan Ng
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be PreparedAlan Eardley
 
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...K data
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
Filemaker security-protect-your-data
Filemaker security-protect-your-dataFilemaker security-protect-your-data
Filemaker security-protect-your-dataDB Services
 
MySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMark Swarbrick
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
Secure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessSecure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessStacy Clements
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App AttacksAlert Logic
 
Mr. desmond cloud security_format
Mr. desmond cloud security_formatMr. desmond cloud security_format
Mr. desmond cloud security_formatMULTIMATICS_ID
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security Amazon Web Services
 
A Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterA Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterForgeRock
 
Professional WordPress Security: Beyond Security Plugins
Professional WordPress Security: Beyond Security PluginsProfessional WordPress Security: Beyond Security Plugins
Professional WordPress Security: Beyond Security PluginsChris Burgess
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesMariaDB plc
 
Foundations of cloud security monitoring
Foundations of cloud security monitoringFoundations of cloud security monitoring
Foundations of cloud security monitoringMoshe Ferber
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014Kelly Grizzle
 

Similaire à WP security-wordcamp2016-vitalykarasik (20)

Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking Drupal
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be Prepared
 
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
Azure Iaas preso slides
Azure Iaas preso slidesAzure Iaas preso slides
Azure Iaas preso slides
 
Filemaker security-protect-your-data
Filemaker security-protect-your-dataFilemaker security-protect-your-data
Filemaker security-protect-your-data
 
MySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 Security
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
 
Secure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessSecure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your Business
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
 
Mr. desmond cloud security_format
Mr. desmond cloud security_formatMr. desmond cloud security_format
Mr. desmond cloud security_format
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security
 
A Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterA Study in Borderless Over Perimeter
A Study in Borderless Over Perimeter
 
Professional WordPress Security: Beyond Security Plugins
Professional WordPress Security: Beyond Security PluginsProfessional WordPress Security: Beyond Security Plugins
Professional WordPress Security: Beyond Security Plugins
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
 
Foundations of cloud security monitoring
Foundations of cloud security monitoringFoundations of cloud security monitoring
Foundations of cloud security monitoring
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
 

Dernier

Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Onlineanilsa9823
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Dernier (20)

Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 

WP security-wordcamp2016-vitalykarasik

  • 1. Intro to WordPress Security Security for smart people or Vitaly Karasik DevOps Consultant www.vitalykarasik.com WordCamp 2016 27.03.2016 12135
  • 2.
  • 3. Hacks Cost You More Than Money • SEO rating • Blacklisting • Reputation - “It can take years to build, and minutes to lose.” • Customer’s data leak
  • 5.
  • 6. How to prevent – Concepts • Security is a process, not a task • Limiting Access • Containment • Preparation and Knowledge • Trusted Sources
  • 7. How to prevent – Methods • Updates, Updates, Updates • WordPress Plugins – only trusted, delete unused • Credentials – usernames, passwords, dual-factor • Limiting Access to WP Admin • Server Hardening • Database User Privileges • FileSystem permissions
  • 8. Tools and Services • WP Plugins – WordFence, Sucuri • DoS Protection, WAF – CloudFlare, Incapsula • Security Scanners – LMD Scanner, WPScan • WP Managed Hosting – WPEngine
  • 9. WordFence Firewall and Brute Force Protection
  • 12. Backups and Deployment • Offsite Backup – UpdraftPlus • Revision Control – Github, Bitbucket • Automatic Deployment – Beanstalk
  • 13. Monitoring – be the first to know! • Server Monitoring – Anturis, CloudWatch • Website Monitoring – Anturis, Pingdom • Logs Monitoring – Logz.io, Loggly
  • 15. Resources • WordPress Codex – http://codex.wordpress.org/Hardening_WordPress • WordFence Blog – http://wordfence.com/blog • Sucuri Blog – https://blog.sucuri.net/category/wordpress-security/ • WPScan – http://wpscan.org/ • LMD Scanner – https://www.rfxn.com/projects/linux-malware-detect/ • Security Plugins – http://researchasahobby.com/?p=1915 • Hack Target – https://hackertarget.com/wordpress-security-scan
  • 16. Thanks for listening! Any Questions? Vitaly Karasik DevOps Consultant www.vitalykarasik.com WordCamp 2016 Scan this code to view presentation and links: