SlideShare une entreprise Scribd logo

Real WordPress Security - Kill the Noise

Télécharger en tant que PPTX, PDF
Dre Armeda
Dre Armeda

A WordPress presentation that focuses on security principles and not false sense of security through adding 20 plugins. Lets stick to the basics folks! This presentation was given at WordCamp Miami #wcmia

TechnologieActualités & Politique
1  sur  34
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Real WordPress Security Kill the noise!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Dre Armeda Co-Founder of Sucuri Inc. – Sucuri.net Co-Host of DradCast – DradCast.com @dremeda | dremeda.com | drejitsu.com • Softball Dad • Proud Navy Veteran • Brazilian Jiu-Jitsu Player • Chargers & Angels Fan • Harley Enthusiast • Taco Lover
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security The Internet Rocks With adoption and growth comes innovation! Over 2 billion internet users today(Internet World Stats) 566% growth in the last 12 years (Internet World Stats) 861,379,000 registered hostnames - Jan14 (Tech Made Easy) 180,000,000 active websites (Tech Made Easy)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security It’s Not All Peachy Malware – short for malicious software DoS/DDoS - Denial of Service Brute Force SPAM Links SEO Poisoning XSS SQL Injections Blacklisting DNS Poisoning Innovative thinking sparks risk
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Malware Type Distribution SiteCheck numbers don’t lie! 26% 19% 16% 14% 11% 4% 10% Remote iFrame Includes Remote JavaScript Includes SPAM Injections Obfuscated / Encoded JavaScript Conditional Redirects Defacements Other
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Trends
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security How Bad is it? An explosion in web malicious links! Malicious Links 2011 2012
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security What Are Malicious Links? Oh you’ve seen them. You’ve seen them everywhere!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Increase in Phishing All is not what it seems!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Search Engine Poisoning (SEP) Get Payday Loans or Cheap Pills.
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Brute Force
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Denial of Service (DoS)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Denial of Service (DoS)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Why Is This Happening? Awesome spawns not so awesome situations!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Almost always for the $$$
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security How Does This Happen A new type of webmaster!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security The Worlds Biggest Weakness
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Am I At Risk? The percentage of risk will never be zero! Ever See a Dodo Bird?
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Everyone is a Target! Even you!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security What Can We do? Be smart. Be consistent. Cut out the noise!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Things You May See Your users saying they are being redirected Spam links in your HTML or even visible Google SERP shows Viagra for your keywords Google Blacklists you Sharp traffic decreases for no reason If your site is infected
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Quick Steps Scan for malware – http://sitecheck.sucuri.net Kill WordPress sessions by resetting Salts - http://wordpress.org/support/topic/set-up-a-secret-key-in-wordpress- 25 Reset ALL passwords (WP, FTP, SSH) Replace WordPress Core Update ALL Software Look for out of place files Hire someone to audit the site and perform full server-side scan & cleanup If you think your site is infected
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Proactive Defenses!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Keep Software Updated Leading cause for infection along with passwords Scared to upgrade because stuff breaks? Major vs. Point Release Run upgrade tests Do your homework Information Security is everyone’s responsibility
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Use Trusted Sources!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security No Soup Kitchen Servers WordPressers act like they forgot about DEV Cross-contamination is a big deal Segment by user and account Not active. Not good enough If it’s not in use, get rid of it Production is not your archive server!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Reduce Access Give people enough access to do their job, nothing more; remove access when they complete their job! User Proper Roles This goes for WordPress, FTP, & DB’s, etc. Limit failed logins to thwart brute force Practice two form auth & layered login Disable PHP Execution! Least privilege to some, no privilege for most. <Files *.php> Deny from all </Files>
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Password Management Complex – Long - Unique Password still top 5 actively used password Use unique passphrases Use different passwords across accounts Password Management Tools Password is a password not to be used as your password, ever!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Backup Schedule Create a schedule today! Backup outside of your production environment Multiple backups are awesome Talk to your host to see what they offer Various tools available When they hack you, reduce downtime.
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Tools & Services Website Firewall Sucuri CloudProxy Great tools and services to help you reduce risk. Password Management LastPass KeyPass Password Safe 1Password Malware Scanning Sucuri SiteCheck UnMask Parasites Malware Cleanup Sucuri Backups Sucuri Backups VaultPress
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Notable Resources Name Tool Sucuri Blog http://blog.sucuri.net Sucuri TV http://sucuri.tv Malware Scanner http://sitecheck.sucuri.net Malware Scanner http://unmaskparasites.com Badware Busters https://badwarebusters.org Google Forums http://productforums.google.com/forum/#!categories/webmasters/malware--hacked- sites Google Webmaster Tools http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633 Secunia Security Advisories http://secunia.com/community/advisories/search/?search=wordpress Exploit-DB http://www.exploit- db.com/search/?action=search&filter_description=Wordpress&filter_platform=31 Joomla! Security and Performance FAQs http://docs.joomla.org/Security_and_Performance_FAQs Joomla! Security Checklist http://docs.joomla.org/Security_Checklist/Getting_Started
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Thank You For Listening Now go, reduce risk. Go!

Recommandé

Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPressDre Armeda
 
Real Security for WordPress
Real Security for WordPressReal Security for WordPress
Real Security for WordPressDre Armeda
 
WordPress Security - WordCamp phoenix 2013
WordPress Security - WordCamp phoenix 2013 WordPress Security - WordCamp phoenix 2013
WordPress Security - WordCamp phoenix 2013 Dre Armeda
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 
WordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User SecurityWordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User SecurityDre Armeda
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre Armeda
Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre ArmedaReno-Tahoe WordCamp 2011 - WordPress End User Security - Dre Armeda
Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011Dre Armeda
 

Recommandé

Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPressDre Armeda
 
Real Security for WordPress
Real Security for WordPressReal Security for WordPress
Real Security for WordPressDre Armeda
 
WordPress Security - WordCamp phoenix 2013
WordPress Security - WordCamp phoenix 2013 WordPress Security - WordCamp phoenix 2013
WordPress Security - WordCamp phoenix 2013 Dre Armeda
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 
WordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User SecurityWordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User SecurityDre Armeda
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre Armeda
Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre ArmedaReno-Tahoe WordCamp 2011 - WordPress End User Security - Dre Armeda
Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011Dre Armeda
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

Contenu connexe

Dernier

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Dernier (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

En vedette

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

En vedette (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Real WordPress Security - Kill the Noise

  • 1. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Real WordPress Security Kill the noise!
  • 2. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Dre Armeda Co-Founder of Sucuri Inc. – Sucuri.net Co-Host of DradCast – DradCast.com @dremeda | dremeda.com | drejitsu.com • Softball Dad • Proud Navy Veteran • Brazilian Jiu-Jitsu Player • Chargers & Angels Fan • Harley Enthusiast • Taco Lover
  • 3. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 4. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security The Internet Rocks With adoption and growth comes innovation! Over 2 billion internet users today(Internet World Stats) 566% growth in the last 12 years (Internet World Stats) 861,379,000 registered hostnames - Jan14 (Tech Made Easy) 180,000,000 active websites (Tech Made Easy)
  • 5. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 6. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security It’s Not All Peachy Malware – short for malicious software DoS/DDoS - Denial of Service Brute Force SPAM Links SEO Poisoning XSS SQL Injections Blacklisting DNS Poisoning Innovative thinking sparks risk
  • 7. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Malware Type Distribution SiteCheck numbers don’t lie! 26% 19% 16% 14% 11% 4% 10% Remote iFrame Includes Remote JavaScript Includes SPAM Injections Obfuscated / Encoded JavaScript Conditional Redirects Defacements Other
  • 8. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Trends
  • 9. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security How Bad is it? An explosion in web malicious links! Malicious Links 2011 2012
  • 10. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security What Are Malicious Links? Oh you’ve seen them. You’ve seen them everywhere!
  • 11. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Increase in Phishing All is not what it seems!
  • 12. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Search Engine Poisoning (SEP) Get Payday Loans or Cheap Pills.
  • 13. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Brute Force
  • 14. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Denial of Service (DoS)
  • 15. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Denial of Service (DoS)
  • 16. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Why Is This Happening? Awesome spawns not so awesome situations!
  • 17. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Almost always for the $$$
  • 18. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security How Does This Happen A new type of webmaster!
  • 19. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security The Worlds Biggest Weakness
  • 20. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Am I At Risk? The percentage of risk will never be zero! Ever See a Dodo Bird?
  • 21. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Everyone is a Target! Even you!
  • 22. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security What Can We do? Be smart. Be consistent. Cut out the noise!
  • 23. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Things You May See Your users saying they are being redirected Spam links in your HTML or even visible Google SERP shows Viagra for your keywords Google Blacklists you Sharp traffic decreases for no reason If your site is infected
  • 24. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Quick Steps Scan for malware – http://sitecheck.sucuri.net Kill WordPress sessions by resetting Salts - http://wordpress.org/support/topic/set-up-a-secret-key-in-wordpress- 25 Reset ALL passwords (WP, FTP, SSH) Replace WordPress Core Update ALL Software Look for out of place files Hire someone to audit the site and perform full server-side scan & cleanup If you think your site is infected
  • 25. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Proactive Defenses!
  • 26. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Keep Software Updated Leading cause for infection along with passwords Scared to upgrade because stuff breaks? Major vs. Point Release Run upgrade tests Do your homework Information Security is everyone’s responsibility
  • 27. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Use Trusted Sources!
  • 28. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security No Soup Kitchen Servers WordPressers act like they forgot about DEV Cross-contamination is a big deal Segment by user and account Not active. Not good enough If it’s not in use, get rid of it Production is not your archive server!
  • 29. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Reduce Access Give people enough access to do their job, nothing more; remove access when they complete their job! User Proper Roles This goes for WordPress, FTP, & DB’s, etc. Limit failed logins to thwart brute force Practice two form auth & layered login Disable PHP Execution! Least privilege to some, no privilege for most. <Files *.php> Deny from all </Files>
  • 30. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Password Management Complex – Long - Unique Password still top 5 actively used password Use unique passphrases Use different passwords across accounts Password Management Tools Password is a password not to be used as your password, ever!
  • 31. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Backup Schedule Create a schedule today! Backup outside of your production environment Multiple backups are awesome Talk to your host to see what they offer Various tools available When they hack you, reduce downtime.
  • 32. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Tools & Services Website Firewall Sucuri CloudProxy Great tools and services to help you reduce risk. Password Management LastPass KeyPass Password Safe 1Password Malware Scanning Sucuri SiteCheck UnMask Parasites Malware Cleanup Sucuri Backups Sucuri Backups VaultPress
  • 33. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Notable Resources Name Tool Sucuri Blog http://blog.sucuri.net Sucuri TV http://sucuri.tv Malware Scanner http://sitecheck.sucuri.net Malware Scanner http://unmaskparasites.com Badware Busters https://badwarebusters.org Google Forums http://productforums.google.com/forum/#!categories/webmasters/malware--hacked- sites Google Webmaster Tools http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633 Secunia Security Advisories http://secunia.com/community/advisories/search/?search=wordpress Exploit-DB http://www.exploit- db.com/search/?action=search&filter_description=Wordpress&filter_platform=31 Joomla! Security and Performance FAQs http://docs.joomla.org/Security_and_Performance_FAQs Joomla! Security Checklist http://docs.joomla.org/Security_Checklist/Getting_Started
  • 34. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Thank You For Listening Now go, reduce risk. Go!