SlideShare une entreprise Scribd logo

Real WordPress Security - Kill the Noise

Télécharger en tant que PPTX, PDF
Dre Armeda
Dre Armeda

A WordPress presentation that focuses on security principles and not false sense of security through adding 20 plugins. Lets stick to the basics folks! This presentation was given at WordCamp Miami #wcmia

TechnologieActualités & Politique
1  sur  34
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Real WordPress Security Kill the noise!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Dre Armeda Co-Founder of Sucuri Inc. – Sucuri.net Co-Host of DradCast – DradCast.com @dremeda | dremeda.com | drejitsu.com • Softball Dad • Proud Navy Veteran • Brazilian Jiu-Jitsu Player • Chargers & Angels Fan • Harley Enthusiast • Taco Lover
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security The Internet Rocks With adoption and growth comes innovation! Over 2 billion internet users today(Internet World Stats) 566% growth in the last 12 years (Internet World Stats) 861,379,000 registered hostnames - Jan14 (Tech Made Easy) 180,000,000 active websites (Tech Made Easy)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security It’s Not All Peachy Malware – short for malicious software DoS/DDoS - Denial of Service Brute Force SPAM Links SEO Poisoning XSS SQL Injections Blacklisting DNS Poisoning Innovative thinking sparks risk
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Malware Type Distribution SiteCheck numbers don’t lie! 26% 19% 16% 14% 11% 4% 10% Remote iFrame Includes Remote JavaScript Includes SPAM Injections Obfuscated / Encoded JavaScript Conditional Redirects Defacements Other
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Trends
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security How Bad is it? An explosion in web malicious links! Malicious Links 2011 2012
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security What Are Malicious Links? Oh you’ve seen them. You’ve seen them everywhere!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Increase in Phishing All is not what it seems!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Search Engine Poisoning (SEP) Get Payday Loans or Cheap Pills.
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Brute Force
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Denial of Service (DoS)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Denial of Service (DoS)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Why Is This Happening? Awesome spawns not so awesome situations!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Almost always for the $$$
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security How Does This Happen A new type of webmaster!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security The Worlds Biggest Weakness
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Am I At Risk? The percentage of risk will never be zero! Ever See a Dodo Bird?
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Everyone is a Target! Even you!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security What Can We do? Be smart. Be consistent. Cut out the noise!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Things You May See Your users saying they are being redirected Spam links in your HTML or even visible Google SERP shows Viagra for your keywords Google Blacklists you Sharp traffic decreases for no reason If your site is infected
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Quick Steps Scan for malware – http://sitecheck.sucuri.net Kill WordPress sessions by resetting Salts - http://wordpress.org/support/topic/set-up-a-secret-key-in-wordpress- 25 Reset ALL passwords (WP, FTP, SSH) Replace WordPress Core Update ALL Software Look for out of place files Hire someone to audit the site and perform full server-side scan & cleanup If you think your site is infected
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Proactive Defenses!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Keep Software Updated Leading cause for infection along with passwords Scared to upgrade because stuff breaks? Major vs. Point Release Run upgrade tests Do your homework Information Security is everyone’s responsibility
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Use Trusted Sources!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security No Soup Kitchen Servers WordPressers act like they forgot about DEV Cross-contamination is a big deal Segment by user and account Not active. Not good enough If it’s not in use, get rid of it Production is not your archive server!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Reduce Access Give people enough access to do their job, nothing more; remove access when they complete their job! User Proper Roles This goes for WordPress, FTP, & DB’s, etc. Limit failed logins to thwart brute force Practice two form auth & layered login Disable PHP Execution! Least privilege to some, no privilege for most. <Files *.php> Deny from all </Files>
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Password Management Complex – Long - Unique Password still top 5 actively used password Use unique passphrases Use different passwords across accounts Password Management Tools Password is a password not to be used as your password, ever!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Backup Schedule Create a schedule today! Backup outside of your production environment Multiple backups are awesome Talk to your host to see what they offer Various tools available When they hack you, reduce downtime.
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Tools & Services Website Firewall Sucuri CloudProxy Great tools and services to help you reduce risk. Password Management LastPass KeyPass Password Safe 1Password Malware Scanning Sucuri SiteCheck UnMask Parasites Malware Cleanup Sucuri Backups Sucuri Backups VaultPress
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Notable Resources Name Tool Sucuri Blog http://blog.sucuri.net Sucuri TV http://sucuri.tv Malware Scanner http://sitecheck.sucuri.net Malware Scanner http://unmaskparasites.com Badware Busters https://badwarebusters.org Google Forums http://productforums.google.com/forum/#!categories/webmasters/malware--hacked- sites Google Webmaster Tools http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633 Secunia Security Advisories http://secunia.com/community/advisories/search/?search=wordpress Exploit-DB http://www.exploit- db.com/search/?action=search&filter_description=Wordpress&filter_platform=31 Joomla! Security and Performance FAQs http://docs.joomla.org/Security_and_Performance_FAQs Joomla! Security Checklist http://docs.joomla.org/Security_Checklist/Getting_Started
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Thank You For Listening Now go, reduce risk. Go!

Recommandé

Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPressDre Armeda
 
Real Security for WordPress
Real Security for WordPressReal Security for WordPress
Real Security for WordPressDre Armeda
 
WordPress Security - WordCamp phoenix 2013
WordPress Security - WordCamp phoenix 2013 WordPress Security - WordCamp phoenix 2013
WordPress Security - WordCamp phoenix 2013 Dre Armeda
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 
WordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User SecurityWordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User SecurityDre Armeda
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre Armeda
Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre ArmedaReno-Tahoe WordCamp 2011 - WordPress End User Security - Dre Armeda
Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011Dre Armeda
 

Recommandé

Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPressDre Armeda
 
Real Security for WordPress
Real Security for WordPressReal Security for WordPress
Real Security for WordPressDre Armeda
 
WordPress Security - WordCamp phoenix 2013
WordPress Security - WordCamp phoenix 2013 WordPress Security - WordCamp phoenix 2013
WordPress Security - WordCamp phoenix 2013 Dre Armeda
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 
WordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User SecurityWordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User SecurityDre Armeda
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre Armeda
Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre ArmedaReno-Tahoe WordCamp 2011 - WordPress End User Security - Dre Armeda
Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011Dre Armeda
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

Contenu connexe

Dernier

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 

Dernier (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 

En vedette

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

En vedette (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Real WordPress Security - Kill the Noise

  • 1. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Real WordPress Security Kill the noise!
  • 2. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Dre Armeda Co-Founder of Sucuri Inc. – Sucuri.net Co-Host of DradCast – DradCast.com @dremeda | dremeda.com | drejitsu.com • Softball Dad • Proud Navy Veteran • Brazilian Jiu-Jitsu Player • Chargers & Angels Fan • Harley Enthusiast • Taco Lover
  • 3. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 4. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security The Internet Rocks With adoption and growth comes innovation! Over 2 billion internet users today(Internet World Stats) 566% growth in the last 12 years (Internet World Stats) 861,379,000 registered hostnames - Jan14 (Tech Made Easy) 180,000,000 active websites (Tech Made Easy)
  • 5. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 6. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security It’s Not All Peachy Malware – short for malicious software DoS/DDoS - Denial of Service Brute Force SPAM Links SEO Poisoning XSS SQL Injections Blacklisting DNS Poisoning Innovative thinking sparks risk
  • 7. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Malware Type Distribution SiteCheck numbers don’t lie! 26% 19% 16% 14% 11% 4% 10% Remote iFrame Includes Remote JavaScript Includes SPAM Injections Obfuscated / Encoded JavaScript Conditional Redirects Defacements Other
  • 8. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Trends
  • 9. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security How Bad is it? An explosion in web malicious links! Malicious Links 2011 2012
  • 10. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security What Are Malicious Links? Oh you’ve seen them. You’ve seen them everywhere!
  • 11. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Increase in Phishing All is not what it seems!
  • 12. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Search Engine Poisoning (SEP) Get Payday Loans or Cheap Pills.
  • 13. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Brute Force
  • 14. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Denial of Service (DoS)
  • 15. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Denial of Service (DoS)
  • 16. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Why Is This Happening? Awesome spawns not so awesome situations!
  • 17. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Almost always for the $$$
  • 18. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security How Does This Happen A new type of webmaster!
  • 19. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security The Worlds Biggest Weakness
  • 20. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Am I At Risk? The percentage of risk will never be zero! Ever See a Dodo Bird?
  • 21. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Everyone is a Target! Even you!
  • 22. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security What Can We do? Be smart. Be consistent. Cut out the noise!
  • 23. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Things You May See Your users saying they are being redirected Spam links in your HTML or even visible Google SERP shows Viagra for your keywords Google Blacklists you Sharp traffic decreases for no reason If your site is infected
  • 24. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Quick Steps Scan for malware – http://sitecheck.sucuri.net Kill WordPress sessions by resetting Salts - http://wordpress.org/support/topic/set-up-a-secret-key-in-wordpress- 25 Reset ALL passwords (WP, FTP, SSH) Replace WordPress Core Update ALL Software Look for out of place files Hire someone to audit the site and perform full server-side scan & cleanup If you think your site is infected
  • 25. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Proactive Defenses!
  • 26. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Keep Software Updated Leading cause for infection along with passwords Scared to upgrade because stuff breaks? Major vs. Point Release Run upgrade tests Do your homework Information Security is everyone’s responsibility
  • 27. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Use Trusted Sources!
  • 28. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security No Soup Kitchen Servers WordPressers act like they forgot about DEV Cross-contamination is a big deal Segment by user and account Not active. Not good enough If it’s not in use, get rid of it Production is not your archive server!
  • 29. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Reduce Access Give people enough access to do their job, nothing more; remove access when they complete their job! User Proper Roles This goes for WordPress, FTP, & DB’s, etc. Limit failed logins to thwart brute force Practice two form auth & layered login Disable PHP Execution! Least privilege to some, no privilege for most. <Files *.php> Deny from all </Files>
  • 30. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Password Management Complex – Long - Unique Password still top 5 actively used password Use unique passphrases Use different passwords across accounts Password Management Tools Password is a password not to be used as your password, ever!
  • 31. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Backup Schedule Create a schedule today! Backup outside of your production environment Multiple backups are awesome Talk to your host to see what they offer Various tools available When they hack you, reduce downtime.
  • 32. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Tools & Services Website Firewall Sucuri CloudProxy Great tools and services to help you reduce risk. Password Management LastPass KeyPass Password Safe 1Password Malware Scanning Sucuri SiteCheck UnMask Parasites Malware Cleanup Sucuri Backups Sucuri Backups VaultPress
  • 33. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Notable Resources Name Tool Sucuri Blog http://blog.sucuri.net Sucuri TV http://sucuri.tv Malware Scanner http://sitecheck.sucuri.net Malware Scanner http://unmaskparasites.com Badware Busters https://badwarebusters.org Google Forums http://productforums.google.com/forum/#!categories/webmasters/malware--hacked- sites Google Webmaster Tools http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633 Secunia Security Advisories http://secunia.com/community/advisories/search/?search=wordpress Exploit-DB http://www.exploit- db.com/search/?action=search&filter_description=Wordpress&filter_platform=31 Joomla! Security and Performance FAQs http://docs.joomla.org/Security_and_Performance_FAQs Joomla! Security Checklist http://docs.joomla.org/Security_Checklist/Getting_Started
  • 34. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security Thank You For Listening Now go, reduce risk. Go!