SlideShare une entreprise Scribd logo

Breaking WordPress

Télécharger en tant que PPT, PDF
David Yarde
David Yarde

A Brief overview of WordPress and common security issues. Talks about hosting, commen WordPress infection types and features resources to help keep WordPress secure.

Technologie
1  sur  15
Breaking WordPress
#WHOISDAVIDYARDE • AKA Batman • Co-founder @ Sevenality • Twitter: @dsmy
The Web is HUGE!!! There are over 1.8 Billion active websites on the web. • 43% of the top 1 million websites are hosted in USA itself. • 48% of the top 100 blogs/websites run on WordPress. • 672 Exabytes - 672,000,000,000 Gigabytes (GB) of accessible data.
Today’s Challenges • Administration • Credentials • End-users aka wildcards • Education
• Core • Themes* • Plugins* • End-users* Today’s Problem*
Implications of a Hacked Site • SEO rankings wrecked • Loss of customer trust • Visitors exposed to malware • Hours of time wasted assessing & repairing damage • Loss of sales/money
Types of Attacks Opportunistic Targeted • Web Trolls • Ability for mass exposure • Timthumb • Big Enterprises • Wordpress.com • Woothemes • Usually worth the time and energy invested to compromise • Done for bigger returns
Top 5 WordPress Infections • Backdoors • Difficult to detect via http • Good time to start crying • Pharma Attacks • Owners usually detect • Now shamefully selling viagra or some other drug • Injections • Think fake Anti-virus downloads • Defacements • You’re now supporting a rebel army • Malicious Redirects
Know Your Environment • What kind of security does your host use? • What will they do if your site gets hacked? • Will they fix it? • Will they shut it down?
If server management isn’t your thing, use a managed solution.
• WP Engine - http://wpengine.com/ • Flywheel - http://getflywheel.com/ • MediaTemple - http://mediatemple.net/ • GoDaddy - http://www.godaddy.com/ Managed WP Hosting Providers
HELP!! Everything is broken and I’ve been blacklisted!!! • Don’t panic. • Detect • Remove • Protect • Submit
Recommended Resources• WP Security Checklist - http://wpsecuritychecklist.com • Clef - https://getclef.com • iThemes Security(Better WP Security) - http://ithemes.com/security • WP Security Lock - http://wpsecuritylock.com • VaultPress - https://vaultpress.com • ManageWP - https://managewp.com
“An ounce of prevention is worth a pound of cure.” - Benjamin Franklin
Thank You • David Yarde • Co-founder @ Sevenality • Twitter: @dsmy • Email: david@sevenality.com

Recommandé

Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteChris Burgess
 
10 Ways to Secure WordPress
10 Ways to Secure WordPress10 Ways to Secure WordPress
10 Ways to Secure WordPressJeremy Green
 
10 Ways to Speed Up and Secure your WP Site
10 Ways to Speed Up and Secure your WP Site10 Ways to Speed Up and Secure your WP Site
10 Ways to Speed Up and Secure your WP SiteFLBlogCon
 
Why it's not your host's fault
Why it's not your host's faultWhy it's not your host's fault
Why it's not your host's faultchadmow03
 
Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte SecureMichele Butcher-Jones
 
VaultPress: A Plugin for your Backup needs
VaultPress: A Plugin for your Backup needsVaultPress: A Plugin for your Backup needs
VaultPress: A Plugin for your Backup needsJacklyn Stachurski
 
WP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress MeetupWP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress MeetupSuzette Franck
 
Stephen Cronin - WordPress and Government
Stephen Cronin - WordPress and GovernmentStephen Cronin - WordPress and Government
Stephen Cronin - WordPress and Governmentsjcronin99
 

Recommandé

Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteChris Burgess
 
10 Ways to Secure WordPress
10 Ways to Secure WordPress10 Ways to Secure WordPress
10 Ways to Secure WordPressJeremy Green
 
10 Ways to Speed Up and Secure your WP Site
10 Ways to Speed Up and Secure your WP Site10 Ways to Speed Up and Secure your WP Site
10 Ways to Speed Up and Secure your WP SiteFLBlogCon
 
Why it's not your host's fault
Why it's not your host's faultWhy it's not your host's fault
Why it's not your host's faultchadmow03
 
Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte SecureMichele Butcher-Jones
 
VaultPress: A Plugin for your Backup needs
VaultPress: A Plugin for your Backup needsVaultPress: A Plugin for your Backup needs
VaultPress: A Plugin for your Backup needsJacklyn Stachurski
 
WP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress MeetupWP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress MeetupSuzette Franck
 
Stephen Cronin - WordPress and Government
Stephen Cronin - WordPress and GovernmentStephen Cronin - WordPress and Government
Stephen Cronin - WordPress and Governmentsjcronin99
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress SecurityChris Burgess
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012Cyren, Inc
 
Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityStopTheHacker
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress TroubleshootingTiffany Bridge
 
MWUG wp-myths
MWUG wp-mythsMWUG wp-myths
MWUG wp-mythsMike Little
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best PracticesRobert Vidal
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014Michael Carnell
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security EssentialsAngela Bowman
 
HackAvert
HackAvertHackAvert
HackAvertfepinette
 
Multisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard WayMultisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard Waysusanwrotethis
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityIvan Storck
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server SecurityPeter Baylies
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security IntroCash Williams
 
Changemaking Through Design Thinking
Changemaking Through Design ThinkingChangemaking Through Design Thinking
Changemaking Through Design ThinkingDavid Yarde
 
The Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionThe Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionDavid Yarde
 

Contenu connexe

Similaire à Breaking WordPress

Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress SecurityChris Burgess
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012Cyren, Inc
 
Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityStopTheHacker
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress TroubleshootingTiffany Bridge
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best PracticesRobert Vidal
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014Michael Carnell
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security EssentialsAngela Bowman
 
Multisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard WayMultisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard Waysusanwrotethis
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityIvan Storck
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server SecurityPeter Baylies
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security IntroCash Williams
 

Similaire à Breaking WordPress (20)

Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress Security
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012
 
Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website Security
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress Troubleshooting
 
MWUG wp-myths
MWUG wp-mythsMWUG wp-myths
MWUG wp-myths
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
 
HackAvert
HackAvertHackAvert
HackAvert
 
Multisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard WayMultisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard Way
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security Intro
 

Plus de David Yarde

Changemaking Through Design Thinking
Changemaking Through Design ThinkingChangemaking Through Design Thinking
Changemaking Through Design ThinkingDavid Yarde
 
The Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionThe Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionDavid Yarde
 
The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...David Yarde
 
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and ThriveBranding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and ThriveDavid Yarde
 
Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.David Yarde
 
Managing Project Expectations and Roadblocks
Managing Project Expectations and RoadblocksManaging Project Expectations and Roadblocks
Managing Project Expectations and RoadblocksDavid Yarde
 
Designing for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand StoryDesigning for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand StoryDavid Yarde
 
Timeless Branding
Timeless BrandingTimeless Branding
Timeless BrandingDavid Yarde
 
Branded Content Strategies
Branded Content StrategiesBranded Content Strategies
Branded Content StrategiesDavid Yarde
 
Minimum Lovable Brands
Minimum Lovable BrandsMinimum Lovable Brands
Minimum Lovable BrandsDavid Yarde
 
Branding for Success
Branding for SuccessBranding for Success
Branding for SuccessDavid Yarde
 

Plus de David Yarde (11)

Changemaking Through Design Thinking
Changemaking Through Design ThinkingChangemaking Through Design Thinking
Changemaking Through Design Thinking
 
The Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionThe Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World Edition
 
The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...
 
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and ThriveBranding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
 
Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.
 
Managing Project Expectations and Roadblocks
Managing Project Expectations and RoadblocksManaging Project Expectations and Roadblocks
Managing Project Expectations and Roadblocks
 
Designing for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand StoryDesigning for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand Story
 
Timeless Branding
Timeless BrandingTimeless Branding
Timeless Branding
 
Branded Content Strategies
Branded Content StrategiesBranded Content Strategies
Branded Content Strategies
 
Minimum Lovable Brands
Minimum Lovable BrandsMinimum Lovable Brands
Minimum Lovable Brands
 
Branding for Success
Branding for SuccessBranding for Success
Branding for Success
 

Dernier

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Dernier (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Breaking WordPress

  • 2. #WHOISDAVIDYARDE • AKA Batman • Co-founder @ Sevenality • Twitter: @dsmy
  • 3. The Web is HUGE!!! There are over 1.8 Billion active websites on the web. • 43% of the top 1 million websites are hosted in USA itself. • 48% of the top 100 blogs/websites run on WordPress. • 672 Exabytes - 672,000,000,000 Gigabytes (GB) of accessible data.
  • 4. Today’s Challenges • Administration • Credentials • End-users aka wildcards • Education
  • 5. • Core • Themes* • Plugins* • End-users* Today’s Problem*
  • 6. Implications of a Hacked Site • SEO rankings wrecked • Loss of customer trust • Visitors exposed to malware • Hours of time wasted assessing & repairing damage • Loss of sales/money
  • 7. Types of Attacks Opportunistic Targeted • Web Trolls • Ability for mass exposure • Timthumb • Big Enterprises • Wordpress.com • Woothemes • Usually worth the time and energy invested to compromise • Done for bigger returns
  • 8. Top 5 WordPress Infections • Backdoors • Difficult to detect via http • Good time to start crying • Pharma Attacks • Owners usually detect • Now shamefully selling viagra or some other drug • Injections • Think fake Anti-virus downloads • Defacements • You’re now supporting a rebel army • Malicious Redirects
  • 9. Know Your Environment • What kind of security does your host use? • What will they do if your site gets hacked? • Will they fix it? • Will they shut it down?
  • 10. If server management isn’t your thing, use a managed solution.
  • 11. • WP Engine - http://wpengine.com/ • Flywheel - http://getflywheel.com/ • MediaTemple - http://mediatemple.net/ • GoDaddy - http://www.godaddy.com/ Managed WP Hosting Providers
  • 12. HELP!! Everything is broken and I’ve been blacklisted!!! • Don’t panic. • Detect • Remove • Protect • Submit
  • 13. Recommended Resources• WP Security Checklist - http://wpsecuritychecklist.com • Clef - https://getclef.com • iThemes Security(Better WP Security) - http://ithemes.com/security • WP Security Lock - http://wpsecuritylock.com • VaultPress - https://vaultpress.com • ManageWP - https://managewp.com
  • 14. “An ounce of prevention is worth a pound of cure.” - Benjamin Franklin
  • 15. Thank You • David Yarde • Co-founder @ Sevenality • Twitter: @dsmy • Email: david@sevenality.com