This presentation talks about my passion for WordPress and how the first time I experienced having my website hacked, helped me create a secured online presence for our family project, turned multinational charity program and landed me my dream job, allowing me to work to protect WordPress sites from hackers.
It opened opportunities, allows me to work remotely for an American company, while still living in Europe (Cluj, Romania) and also providing enough time to manage the volunteers behind the ShoeBox Project.
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
Oh no! My website has been hacked and why that was a good thing
1. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
Witamy w
WordCamp GDYNIA!
2. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
#wcgdynia
OH NO!
MY WEBSITE HAS BEEN
HACKED
3. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
Val Vesa
@adspedia
Social Media and Brand Evangelist at Sucuri
Husband, father of two
Passion for travel and Instagram photography
4. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
My Family
5. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
6. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
7. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
8. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
I DON'T EAT PORK
WHEN I CLEAN THE BATHROOMI LOVE COCA-COLA
OR SEA FOOD
9. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
Shoebox Project & WordPress
10. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
11. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
12. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
MY FIRST WORDPRESS INSTALL: 2009
13. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
14. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
15. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
16. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
17. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
HACKED
DEC 22 2014
18. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
• Emails I never sent were returning: SPAM generated from site
• The host warned us they will SUSPEND the website
• EMAIL was now DOWN
• In mid project phase we were without an online presence
• Blacklisted website: visitors going to the website were seeing the “attack
site” warning, endangering credibility
IMPACTS
19. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
SELF MITIGATION
ATTEMPT
• Were there any .htaccess edits done?
• Any unauthorised FTP access?
• Check WordPress users list, any recent additions there?
• Study MySQL/phpMyAdmin for unusual content
• Change passwords: FTP, cPanel
• Scan access computer for keyloggers and malware
• Did a good job: my website was clean and back online
20. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
Until December 24 2014
When..
21. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
HACKED
DEC 24 2014
22. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
TIME TO ASK FOR HELP
23. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
24. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
25. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
• LIVE CHAT AVAILABLE ON MY LOCAL 4:00 AM
• INITIAL EVALUATION WAS PERFORMED IN THE CHAT
• SIGNUP AND OPENED TICKET FOR MALWARE REMOVAL
• 40 MINUTES LATER WEBSITE WAS CLEANED
• RECEIVED ACTIONABLE STEPS TO STAY CLEAN AFTER CLEANUP
• REMOVED FROM BLACKLIST THE NEXT DAY
HOW SUCURI HELPED
26. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
• RANDOM ATTACK
• DEFAULT WORDPRESS SITE, NO CUSTOM SECURITY SETTINGS
• VULNERABLE VERSION OF TIMTHUMB
• HACKER’S INTENT: USE SITE FOR SPAM
WHAT I THINK HAPPENED
27. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
28. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
WHY BEING HACKED WAS A “GOOD” THING
29. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
30. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
PERSONAL 5 BEST PRACTICES
FOR WEBSITE SECURITY
31. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
1. LEARN
• START WITH BLOG.SUCURI.NET
• EMPLOY A WEB APPLICATION FIREWALL (SUCURI FIREWALL)
• ACCESS CONTROL
• PLATFORM VULNERABILITIES
• CHECK YOUR WEBSITE WHEN VULNERABILITIES ARE
ANNOUNCED
32. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
2. PASSWORDS
• USE A PASSWORD MANAGER!
• COMPLEX STRUCTURES
• UPPER CASE, LOWER CASE, SPECIAL CHARACTERS, NUMBERS
• LONGER THAN 10 CHARACTERS
• DON’T REUSE PASSWORDS
33. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
3. UPDATES
• CMS
• PLUGINS
• SERVER
34. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
4. BACKUPS
• ON A SCHEDULE
• OFFSITE
• TEST FREQUENTLY
35. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
5. USE PROFESSIONALS
• SECURITY IS NOT A DYI PROJECT
• ADMIT WHEN OVERWHELMED
• EXTRA COST AND TIME TO DO IT IN-HOUSE
36. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
WHERE TO FIND ME
Twitter @adspedia
Instagram @adspedia
Email valentin@sucuri.net
37. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
38. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
WEBINAR
Q & A
Tweet us @SucuriSecurity using #AskSucuri
39. OH NO! MY WEBSITE HAS BEEN HACKED
Val Vesa| @adspedia
THANK YOU!