How I Can Hack Your WordPress Website in 5 Minutes Featuring Dre Armeda Wednesday, March 6, 2013 12pm EST / 9am PST Watch Dre perform a LIVE WordPress hack and learn how to avoid one on your site! Ever wonder if your site, your visitors, or business is safe on the internet? This session by Dre Armeda will show a demo on how quickly your site can be hacked, and your reputation put on the line. Dre will cover various scenarios that can affect your website like Pharma Hack, SEO Poisoning, and malicious redirects. He will then aid you by providing some tips to help reduce risk now and forever. Information Security is everyone’s responsibility, and should be a consideration on any web project, beginning to end. Takeaways 1. Better understanding of overall risks to running a website 2. Understand common website attack types 3. How to better approach website security 4. What to do if you or a loved one is attacked/infected 5. Tools to help you get back on track Register here: http://bit.ly/WordPressHackReg Brought to you by Sucuri Security and Pam Ann Marketing.

1. Real Security for WordPress
Life, Liberty, and the Pursuit of Risk Reduction
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

2. Dre Armeda
CEO, Co-Founder of Sucuri Inc. – sucuri.net
Co-Host of The DradCast – dradcast.com
@dremeda | dre.im
I wear many hats, and love tacos
Harley enthusiast & Chargers fan
Infatuated with WordPress & web security.
I hope hope to make the internet a safer place!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

3. The Internet Rocks
With adoption and growth comes innovation!
Over 2 billion internet users today
480% growth in the last 11 years (Internet World Stats)
100k+ domains gained weekly (Global Domain Registry)
2 billion sites in 2015 (Tony Schneider – CEO, Automattic)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

4. It’s Not All Peachy
Innovative thinking sparks risk
Malware – short for malicious software: A software
designed to disrupt operations, gather information, or
gain unauthorized access.
Monitor your website browsing & internet usage
Forced Advertising
Redirect Affiliate Marketing Revenue
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

5. How Bad is it?
Pretty bad, and getting worse.
2 million+ new malware strings monthly (McAfee)
Costs US consumers over $2bil yearly (Consumer Reports)
Google issues 3mil+ warnings daily. (Google)
Google blacklists 10k websites daily on avg. (Google)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

6. How Does This Happen
A new type of webmaster!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

7. Am I At Risk?
Ever See a Dodo Bird?
The percentage of risk
will never be zero!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

8. What Can We do?
Be smart. Be consistent. Cut out the noise!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

9. Cut Out The Noise
K.I.S.S.
Keep Software Updated
No Soup Kitchen Servers
Reduce Access
Password Management
Backup Schedule
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

10. Keep Software Updated
Information Security is everyone’s responsibility
Leading cause for infection along with passwords
Scared to upgrade because stuff breaks?
Major vs. Point Release
Run upgrade tests
Do your homework
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

11. No Soup Kitchen Servers
Production is not your archive server!
WordPressers act like they forgot about DEV
Cross-contamination is a big deal
Segment by user and account
Not active. Not good enough
If it’s not in use, get rid of it
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

12. Reduce Access
Least privilege to some, no privilege for most.
Give people enough access to do their job, nothing
more; remove access when they complete their job!
User Proper Roles
This goes for WordPress, FTP, & DB’s, etc.
Limit failed logins to thwart brute force
Practice two form auth & layered login
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

13. Password Management
Password is a password not to be used as your password, ever!
Password still top 5 actively used password
Use unique passphrases
Use different passwords across accounts
Password Management Tools
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

14. Backup Schedule
When they hack you, reduce downtime.
Create a schedule today!
Backup outside of your production environment
Multiple backups are awesome
Talk to your host to see what they offer
Various tools available
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

15. Tools & Services
Great tools and services to help you reduce risk.
Backups Password Management Malware Scanning
Backup Buddy LastPass Sucuri SiteCheck
VaultPress KeyPass Password UnMask Parasites
Safe
1Password
Malware Cleanup Two Form Auth Limit Failed Logins
Sucuri Google Limit Logon
Authenticator Attempts
Sucuri (WP
Plugin)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

16. Thank You For Listening
No go, reduce risk. Go!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security