SlideShare une entreprise Scribd logo

WordPress Security by Automattic's Barry Abrahamson

B
Barry Abrahamson

The document summarizes Barry Abrahamson's presentation on WordPress security. It discusses who may attack a WordPress site, when and where attacks can occur, and how they are carried out through techniques like defacement, spam links, and installing PHP shells. The presentation then provides tips on keeping WordPress sites secure through using security plugins, proper file permissions, virus scanning, and concluding that securing a site is like securing a home through locking doors and windows and maintaining backups.

TechnologieBusiness
1  sur  18
Télécharger pour lire hors ligne
WordPress [si-kyoor-i-tee] Barry Abrahamson Automattic Thursday, February 9, 12
• Automattic since 2006 • Scaling / Servers / Security / Stuff • http://barry.wordpress.com/ Thursday, February 9, 12
Four Ws One H • Who • Why • When • Where • How Thursday, February 9, 12
Who Thursday, February 9, 12
Why • Fun • Revenge • Profit • Political Thursday, February 9, 12
When • (In)?Convenient • Least Expected • Coordinated Attacks • 0-day exploits Thursday, February 9, 12
(Every) Where • Shared Hosting • Virtual Private Server • Dedicated Server • Large Enterprises • Even your laptop! Thursday, February 9, 12
How Thursday, February 9, 12
Defacement Thursday, February 9, 12
Spam Links • base64_decode('aHR0cDovLzEyNy4wLjAu MS9oZWxsby1zcGFtbWVyLnBocA=='); • http://127.0.0.1/hello-spammer.php Thursday, February 9, 12
PHP Shell • http://phpshell.sourceforge.net/ • <?php / *00000000000000000000000000000000*/ eval(gzinflate(base64_decode('FZfFzsQ6uk Ufp89RBmHSHYWZsTJphZk5T3// npZKVbY/e++1yisd/qm/dqqG9Cj/y Thursday, February 9, 12
Demo Thursday, February 9, 12
How to Keep Your Site Safe Thursday, February 9, 12
Security Plugins • http://wordpress.org/extend/plugins/ exploit-scanner/ • VaultPress Thursday, February 9, 12
File Permissions • drwxrwxrwx 5 user group 4096 Feb 7 01:35 wp-content/ • drwxr-xr-x 5 user group 4096 Feb 7 01:35 wp-content/ • -rw-r--r-- 1 user group 3371 Feb 7 01:51 wp-config.php • chmod -R 777 Thursday, February 9, 12
Virus Scanner • FTP passwords stolen by viruses on your computer can put your website at risk Thursday, February 9, 12
Conclusion • Securing your website is a lot like securing your house or car. If someone really wants to break in, they probably will, but it is important to lock the doors and windows and have good insurance in case something bad happens. Thursday, February 9, 12
Questions? Thursday, February 9, 12

Recommandé

Boston WordPress Meetup July 2014 - Opening Remarks
Boston WordPress Meetup July 2014 - Opening RemarksBoston WordPress Meetup July 2014 - Opening Remarks
Boston WordPress Meetup July 2014 - Opening RemarksBoston WordPress
 
We Economy - Drupalsouth
We Economy - DrupalsouthWe Economy - Drupalsouth
We Economy - DrupalsouthEmma Jane Hogbin Westby
 
WordPress for Beginners
WordPress for BeginnersWordPress for Beginners
WordPress for BeginnersBrad Williams
 
WordCamp Milwaukee 2012 - Contributing to Open Source
WordCamp Milwaukee 2012 - Contributing to Open SourceWordCamp Milwaukee 2012 - Contributing to Open Source
WordCamp Milwaukee 2012 - Contributing to Open Sourcejclermont
 
Online [insert term here] made easy with WordPress
Online [insert term here] made easy with WordPressOnline [insert term here] made easy with WordPress
Online [insert term here] made easy with WordPressKristina D.C. Hoeppner
 
Contributing To WordPress
Contributing To WordPressContributing To WordPress
Contributing To WordPressMark Jaquith
 
FreeEed popcorn overview
FreeEed popcorn overviewFreeEed popcorn overview
FreeEed popcorn overviewMark Kerzner
 
FreeEed presentation
FreeEed presentationFreeEed presentation
FreeEed presentationMark Kerzner
 

Contenu connexe

En vedette

WordCamp Victoria 2013: Plugin Development 2013
WordCamp Victoria 2013: Plugin Development 2013WordCamp Victoria 2013: Plugin Development 2013
WordCamp Victoria 2013: Plugin Development 2013Joey Kudish
 
Becoming a better WordPress Developer
Becoming a better WordPress DeveloperBecoming a better WordPress Developer
Becoming a better WordPress DeveloperJoey Kudish
 
Custom Post Types in Depth at WordCamp Montreal
Custom Post Types in Depth at WordCamp MontrealCustom Post Types in Depth at WordCamp Montreal
Custom Post Types in Depth at WordCamp MontrealJoey Kudish
 
Rapid CMS enabled site development with Wordpress
Rapid CMS enabled site development with WordpressRapid CMS enabled site development with Wordpress
Rapid CMS enabled site development with WordpressPeter Kaizer
 
125 An Interview With A Teacher
125 An Interview With A Teacher125 An Interview With A Teacher
125 An Interview With A Teacherstarcookie
 
Hcc45 Principals01082007
Hcc45 Principals01082007Hcc45 Principals01082007
Hcc45 Principals01082007roger96
 

En vedette (7)

WordCamp Victoria 2013: Plugin Development 2013
WordCamp Victoria 2013: Plugin Development 2013WordCamp Victoria 2013: Plugin Development 2013
WordCamp Victoria 2013: Plugin Development 2013
 
SSDs are Awesome
SSDs are AwesomeSSDs are Awesome
SSDs are Awesome
 
Becoming a better WordPress Developer
Becoming a better WordPress DeveloperBecoming a better WordPress Developer
Becoming a better WordPress Developer
 
Custom Post Types in Depth at WordCamp Montreal
Custom Post Types in Depth at WordCamp MontrealCustom Post Types in Depth at WordCamp Montreal
Custom Post Types in Depth at WordCamp Montreal
 
Rapid CMS enabled site development with Wordpress
Rapid CMS enabled site development with WordpressRapid CMS enabled site development with Wordpress
Rapid CMS enabled site development with Wordpress
 
125 An Interview With A Teacher
125 An Interview With A Teacher125 An Interview With A Teacher
125 An Interview With A Teacher
 
Hcc45 Principals01082007
Hcc45 Principals01082007Hcc45 Principals01082007
Hcc45 Principals01082007
 

Similaire à WordPress Security by Automattic's Barry Abrahamson

What I Hate About Wordpress
What I Hate About WordpressWhat I Hate About Wordpress
What I Hate About WordpressMark Jaquith
 
Client Sites: The Aftermath
Client Sites: The AftermathClient Sites: The Aftermath
Client Sites: The AftermathWPMU DEV
 
Introduction to the Disruptor
Introduction to the DisruptorIntroduction to the Disruptor
Introduction to the DisruptorTrisha Gee
 
GitHub Notable OSS Project
GitHub Notable OSS ProjectGitHub Notable OSS Project
GitHub Notable OSS Projectroumia
 
Optimizing WordPress Performance on Shared Web Hosting
Optimizing WordPress Performance on Shared Web HostingOptimizing WordPress Performance on Shared Web Hosting
Optimizing WordPress Performance on Shared Web HostingJon Brown
 
Adapt and respond: keeping responsive into the future
Adapt and respond: keeping responsive into the futureAdapt and respond: keeping responsive into the future
Adapt and respond: keeping responsive into the futureChris Mills
 
WordCamp Philly Review
WordCamp Philly ReviewWordCamp Philly Review
WordCamp Philly Reviewcstrommer
 
Connections Lotusphere Worst Practices 2013
Connections Lotusphere Worst Practices 2013Connections Lotusphere Worst Practices 2013
Connections Lotusphere Worst Practices 2013Bill Buchan
 
LiveRebel + Pragmatic Continuous Delivery (Arcusys)
LiveRebel + Pragmatic Continuous Delivery (Arcusys)LiveRebel + Pragmatic Continuous Delivery (Arcusys)
LiveRebel + Pragmatic Continuous Delivery (Arcusys)Neeme Praks
 
OmniOS Motivation and Design ~ LISA 2012
OmniOS Motivation and Design ~ LISA 2012OmniOS Motivation and Design ~ LISA 2012
OmniOS Motivation and Design ~ LISA 2012Theo Schlossnagle
 
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services 2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services PHP Conference Argentina
 
Escalando una PHP App con DB sharding - PHP Conference
Escalando una PHP App con DB sharding - PHP ConferenceEscalando una PHP App con DB sharding - PHP Conference
Escalando una PHP App con DB sharding - PHP ConferenceMatias Paterlini
 
Performance for Product Developers
Performance for Product DevelopersPerformance for Product Developers
Performance for Product DevelopersMatthew Wilkes
 
Ryan Tech Tools EWBC 2012
Ryan Tech Tools EWBC 2012Ryan Tech Tools EWBC 2012
Ryan Tech Tools EWBC 2012Ryan Opaz
 
Software Libraries And Numbers
Software Libraries And NumbersSoftware Libraries And Numbers
Software Libraries And NumbersRobert Reiz
 
Web 2.0 - Teaching and Learning in the Cloud
Web 2.0 - Teaching and Learning in the CloudWeb 2.0 - Teaching and Learning in the Cloud
Web 2.0 - Teaching and Learning in the CloudChris Penny
 

Similaire à WordPress Security by Automattic's Barry Abrahamson (20)

What I Hate About Wordpress
What I Hate About WordpressWhat I Hate About Wordpress
What I Hate About Wordpress
 
Client Sites: The Aftermath
Client Sites: The AftermathClient Sites: The Aftermath
Client Sites: The Aftermath
 
Introduction to the Disruptor
Introduction to the DisruptorIntroduction to the Disruptor
Introduction to the Disruptor
 
GitHub Notable OSS Project
GitHub Notable OSS ProjectGitHub Notable OSS Project
GitHub Notable OSS Project
 
Optimizing WordPress Performance on Shared Web Hosting
Optimizing WordPress Performance on Shared Web HostingOptimizing WordPress Performance on Shared Web Hosting
Optimizing WordPress Performance on Shared Web Hosting
 
[Phind] Miracle
[Phind] Miracle[Phind] Miracle
[Phind] Miracle
 
Adapt and respond: keeping responsive into the future
Adapt and respond: keeping responsive into the futureAdapt and respond: keeping responsive into the future
Adapt and respond: keeping responsive into the future
 
NATO IST Symposium 2013
NATO IST Symposium 2013NATO IST Symposium 2013
NATO IST Symposium 2013
 
WordCamp Philly Review
WordCamp Philly ReviewWordCamp Philly Review
WordCamp Philly Review
 
Connections Lotusphere Worst Practices 2013
Connections Lotusphere Worst Practices 2013Connections Lotusphere Worst Practices 2013
Connections Lotusphere Worst Practices 2013
 
Best Practices in Theme Development - WordCamp Orlando 2012
Best Practices in Theme Development - WordCamp Orlando 2012Best Practices in Theme Development - WordCamp Orlando 2012
Best Practices in Theme Development - WordCamp Orlando 2012
 
Measure Everything
Measure EverythingMeasure Everything
Measure Everything
 
LiveRebel + Pragmatic Continuous Delivery (Arcusys)
LiveRebel + Pragmatic Continuous Delivery (Arcusys)LiveRebel + Pragmatic Continuous Delivery (Arcusys)
LiveRebel + Pragmatic Continuous Delivery (Arcusys)
 
OmniOS Motivation and Design ~ LISA 2012
OmniOS Motivation and Design ~ LISA 2012OmniOS Motivation and Design ~ LISA 2012
OmniOS Motivation and Design ~ LISA 2012
 
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services 2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services
 
Escalando una PHP App con DB sharding - PHP Conference
Escalando una PHP App con DB sharding - PHP ConferenceEscalando una PHP App con DB sharding - PHP Conference
Escalando una PHP App con DB sharding - PHP Conference
 
Performance for Product Developers
Performance for Product DevelopersPerformance for Product Developers
Performance for Product Developers
 
Ryan Tech Tools EWBC 2012
Ryan Tech Tools EWBC 2012Ryan Tech Tools EWBC 2012
Ryan Tech Tools EWBC 2012
 
Software Libraries And Numbers
Software Libraries And NumbersSoftware Libraries And Numbers
Software Libraries And Numbers
 
Web 2.0 - Teaching and Learning in the Cloud
Web 2.0 - Teaching and Learning in the CloudWeb 2.0 - Teaching and Learning in the Cloud
Web 2.0 - Teaching and Learning in the Cloud
 

Dernier

Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 

Dernier (20)

Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 

WordPress Security by Automattic's Barry Abrahamson

  • 1. WordPress [si-kyoor-i-tee] Barry Abrahamson Automattic Thursday, February 9, 12
  • 2. • Automattic since 2006 • Scaling / Servers / Security / Stuff • http://barry.wordpress.com/ Thursday, February 9, 12
  • 3. Four Ws One H • Who • Why • When • Where • How Thursday, February 9, 12
  • 5. Why • Fun • Revenge • Profit • Political Thursday, February 9, 12
  • 6. When • (In)?Convenient • Least Expected • Coordinated Attacks • 0-day exploits Thursday, February 9, 12
  • 7. (Every) Where • Shared Hosting • Virtual Private Server • Dedicated Server • Large Enterprises • Even your laptop! Thursday, February 9, 12
  • 10. Spam Links • base64_decode('aHR0cDovLzEyNy4wLjAu MS9oZWxsby1zcGFtbWVyLnBocA=='); • http://127.0.0.1/hello-spammer.php Thursday, February 9, 12
  • 11. PHP Shell • http://phpshell.sourceforge.net/ • <?php / *00000000000000000000000000000000*/ eval(gzinflate(base64_decode('FZfFzsQ6uk Ufp89RBmHSHYWZsTJphZk5T3// npZKVbY/e++1yisd/qm/dqqG9Cj/y Thursday, February 9, 12
  • 13. How to Keep Your Site Safe Thursday, February 9, 12
  • 14. Security Plugins • http://wordpress.org/extend/plugins/ exploit-scanner/ • VaultPress Thursday, February 9, 12
  • 15. File Permissions • drwxrwxrwx 5 user group 4096 Feb 7 01:35 wp-content/ • drwxr-xr-x 5 user group 4096 Feb 7 01:35 wp-content/ • -rw-r--r-- 1 user group 3371 Feb 7 01:51 wp-config.php • chmod -R 777 Thursday, February 9, 12
  • 16. Virus Scanner • FTP passwords stolen by viruses on your computer can put your website at risk Thursday, February 9, 12
  • 17. Conclusion • Securing your website is a lot like securing your house or car. If someone really wants to break in, they probably will, but it is important to lock the doors and windows and have good insurance in case something bad happens. Thursday, February 9, 12