SlideShare uma empresa Scribd logo

Wordcampcolumbus 2009

Transferir como PPTX, PDF
Brian Lockrey
Brian Lockrey

WordCamp Columbus Presentation: Internet Security for Bloggers and Podcasters May 16, 2009 Brian Lockrey http://assistcoach.com

Tecnologia
1 de 20
Internet Security for Bloggers and Podcasters Brian Lockrey http://AssistCoach.com
Overview Blog Security WordPress Social Networking Micro-Blogging Podcasts Advertising Best Practices
Blog Security: WordPress WordPress Security: Google 11,800,000 Very Popular Platform Prime Target for Hackers SEO: Search Engine Optimization Traffic Redirection Links to Pharmacy / Adult sites Graphics Replacement Ad / Affiliate Redirection Many others…
Blog Security: WordPress You are on their hit list! Game… Like you play Guitar Hero… Always run the latest versions Backdoor entry points Passwords for users are downloaded Open Source Software Backups are essential Frequent updates are essential Many others…
Blog Security: WordPress Monitor log files Block probers if you can Delete meta tag that displays WP version “Powered by WordPress” Private site or hosted? WordPress.com What is your Time worth? What is your Blog worth?
Blog Security: WordPress Turn off Open Registration WP 2.5+ has better password encryption Use a Strong admin password! Limit Search on your server Protect Directories from public browsing Drop the version string in Meta Tags
Blog Security: WordPress Limitwp-admin access by IP address Protect using .htaccess Protect your MySQL database Use SSH/Shell access, not FTP Use SFTP uploads if you can Use VPN if you can Never use Telnet!
Hosting Platform? Use Linux / Apache if you can Do NOT use Microsoft Windows Automattic PollDaddy migration PollDaddy .NET / SQL to PHP/MySQL Automattic has 1,200 servers in use Per Matt’s Blog - Stable and Scalable
WordPress: Internals PHP MySQL Known Database Schema Known Class and Function Names Known File Names Known Folder Names
WordPress: Internals PHP – Must be kept updated MySQL – Must be kept updated OpenSource Software more secure Security Through Transparency Millions of people looking at it Often fixed quickly
WordPress: Look For? The Obvious PlugIns that you did not install header.php changes Search Engine redirection (hard to detect) Spammers may hide text View HTML Source Code Google records your “bad” content
WordPress: Look For More? New Directories Your RSS feeds Search Engines Google = link:twittgroups.com Digg, StumbleUpon Many others…
If You Get Hacked? Justa matter of time Change ALL passwords Backup databases Update software quickly Shut down site. Maybe… Email to security@wordpress.com
WordPress: Plugins / Widgets Only use what you can trust Watch for suspicious activity WP Security Scan File Permissions Database Security XSS vulnerabilities Many others…
Comment Boxes / Widgets Comment Spam Login Required reCHAPTCHA codes Google Friend Connect OpenID Twitter OAuth Many others…
Advertising On Your Blog Google AdWords / AdSense Others ??? Affiliate Programs Be Careful… WordPress Plugins $5000 per Week? Slim Chance Should you $$$ to Advertise?
Podcasts Reliable Hosting Service Your XML feeds Search Engines Password Protect the Content Folders Will keep out the Google Spiders
Best Practices Software Up To Date! Backup Databases Directory Protection Codes File Protection Codes Remove Install Files Remove Version # Layered Software Do NOT use Microsoft Windows!
Summary Overwhelmed? StartSimple Best Practices Stay Updated Follow the Experts Network with others Collaborate with others
Questions? @AssistCoach

Recomendados

Library Program Technology in Ukraine & Romania
Library Program Technology in Ukraine & RomaniaLibrary Program Technology in Ukraine & Romania
Library Program Technology in Ukraine & Romania
Mark Belinsky
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-security
Digamber Pradhan
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Heroku
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security session
Pratik Jagdishwala
 
Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]
HaMiD Fadaei
 
Website security
Website securityWebsite security
Website security
Akhilesh Kant
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
Thor Kristiansen
 

Recomendados

Library Program Technology in Ukraine & Romania
Library Program Technology in Ukraine & RomaniaLibrary Program Technology in Ukraine & Romania
Library Program Technology in Ukraine & Romania
Mark Belinsky
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-security
Digamber Pradhan
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Heroku
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security session
Pratik Jagdishwala
 
Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]
HaMiD Fadaei
 
Website security
Website securityWebsite security
Website security
Akhilesh Kant
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
Thor Kristiansen
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
Otto Kekäläinen
 
Security 101
Security 101Security 101
Security 101
Red Gate Software
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
Dre Armeda
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101
Seravo
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
SiteGround.com
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff Hoffman
Jeff Hoffman
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011
Dre Armeda
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
Acodez IT Solutions
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP Profiling
Otto Kekäläinen
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
Brad Williams
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basics
amiable_indian
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
Brad Williams
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPress
Dre Armeda
 
Use Xdebug to profile PHP
Use Xdebug to profile PHPUse Xdebug to profile PHP
Use Xdebug to profile PHP
Seravo
 
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Bastian Grimm
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home Ownership
Denise (Dee) Teal
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
SiteGround.com
 
Don't Get Stung
Don't Get StungDon't Get Stung
Don't Get Stung
Barry Dorrans
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developers
Seravo
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
Brad Williams
 
PodCamp Ohio 2009
PodCamp Ohio 2009PodCamp Ohio 2009
PodCamp Ohio 2009
Brian Lockrey
 
Innovation, Education, and Technology
Innovation, Education, and TechnologyInnovation, Education, and Technology
Innovation, Education, and Technology
Dave Shortreed
 

Mais conteúdo relacionado

Mais procurados

Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPress
Dre Armeda
 

Mais procurados (20)

WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
 
Security 101
Security 101Security 101
Security 101
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff Hoffman
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP Profiling
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basics
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPress
 
Use Xdebug to profile PHP
Use Xdebug to profile PHPUse Xdebug to profile PHP
Use Xdebug to profile PHP
 
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home Ownership
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
Don't Get Stung
Don't Get StungDon't Get Stung
Don't Get Stung
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developers
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
 

Destaque

Destaque (6)

PodCamp Ohio 2009
PodCamp Ohio 2009PodCamp Ohio 2009
PodCamp Ohio 2009
 
Innovation, Education, and Technology
Innovation, Education, and TechnologyInnovation, Education, and Technology
Innovation, Education, and Technology
 
Innovation In Education Using Social Media
Innovation In Education Using Social MediaInnovation In Education Using Social Media
Innovation In Education Using Social Media
 
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
 
Innovating in Education, Educating for Innovation
Innovating in Education, Educating for InnovationInnovating in Education, Educating for Innovation
Innovating in Education, Educating for Innovation
 
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
 

Semelhante a Wordcampcolumbus 2009

Gmr Highload Presentation Revised
Gmr Highload Presentation RevisedGmr Highload Presentation Revised
Gmr Highload Presentation Revised
Ontico
 
Gmr Highload Presentation
Gmr Highload PresentationGmr Highload Presentation
Gmr Highload Presentation
Ontico
 
Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09
heikowebers
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
hernanibf
 
The Yahoo Open Stack
The Yahoo Open StackThe Yahoo Open Stack
The Yahoo Open Stack
Megan Eskey
 

Semelhante a Wordcampcolumbus 2009 (20)

Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRFBe Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
 
Gmr Highload Presentation Revised
Gmr Highload Presentation RevisedGmr Highload Presentation Revised
Gmr Highload Presentation Revised
 
Gmr Highload Presentation
Gmr Highload PresentationGmr Highload Presentation
Gmr Highload Presentation
 
Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09
 
PHP & MVC
PHP & MVCPHP & MVC
PHP & MVC
 
Whats New In Silverlight 3
Whats New In Silverlight 3Whats New In Silverlight 3
Whats New In Silverlight 3
 
Glasgow Reversing Club
Glasgow Reversing ClubGlasgow Reversing Club
Glasgow Reversing Club
 
Drupal
DrupalDrupal
Drupal
 
Performance, Games, and Distributed Testing in JavaScript
Performance, Games, and Distributed Testing in JavaScriptPerformance, Games, and Distributed Testing in JavaScript
Performance, Games, and Distributed Testing in JavaScript
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
 
How to set up a Wordpress Blog
How to set up a Wordpress BlogHow to set up a Wordpress Blog
How to set up a Wordpress Blog
 
Mojomojo Talk
Mojomojo TalkMojomojo Talk
Mojomojo Talk
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA Hum
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA Hum
 
SEASR Installation
SEASR InstallationSEASR Installation
SEASR Installation
 
Turbogears Presentation
Turbogears PresentationTurbogears Presentation
Turbogears Presentation
 
The Yahoo Open Stack
The Yahoo Open StackThe Yahoo Open Stack
The Yahoo Open Stack
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!
 
LSG Webinar - 13 Nov 08
LSG Webinar - 13 Nov 08LSG Webinar - 13 Nov 08
LSG Webinar - 13 Nov 08
 
Getting Started: The Installation
Getting Started: The InstallationGetting Started: The Installation
Getting Started: The Installation
 

Último

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Último (20)

Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Wordcampcolumbus 2009

  • 1. Internet Security for Bloggers and Podcasters Brian Lockrey http://AssistCoach.com
  • 3. Blog Security: WordPress WordPress Security: Google 11,800,000 Very Popular Platform Prime Target for Hackers SEO: Search Engine Optimization Traffic Redirection Links to Pharmacy / Adult sites Graphics Replacement Ad / Affiliate Redirection Many others…
  • 4. Blog Security: WordPress You are on their hit list! Game… Like you play Guitar Hero… Always run the latest versions Backdoor entry points Passwords for users are downloaded Open Source Software Backups are essential Frequent updates are essential Many others…
  • 5. Blog Security: WordPress Monitor log files Block probers if you can Delete meta tag that displays WP version “Powered by WordPress” Private site or hosted? WordPress.com What is your Time worth? What is your Blog worth?
  • 6. Blog Security: WordPress Turn off Open Registration WP 2.5+ has better password encryption Use a Strong admin password! Limit Search on your server Protect Directories from public browsing Drop the version string in Meta Tags
  • 7. Blog Security: WordPress Limitwp-admin access by IP address Protect using .htaccess Protect your MySQL database Use SSH/Shell access, not FTP Use SFTP uploads if you can Use VPN if you can Never use Telnet!
  • 8. Hosting Platform? Use Linux / Apache if you can Do NOT use Microsoft Windows Automattic PollDaddy migration PollDaddy .NET / SQL to PHP/MySQL Automattic has 1,200 servers in use Per Matt’s Blog - Stable and Scalable
  • 9. WordPress: Internals PHP MySQL Known Database Schema Known Class and Function Names Known File Names Known Folder Names
  • 10. WordPress: Internals PHP – Must be kept updated MySQL – Must be kept updated OpenSource Software more secure Security Through Transparency Millions of people looking at it Often fixed quickly
  • 11. WordPress: Look For? The Obvious PlugIns that you did not install header.php changes Search Engine redirection (hard to detect) Spammers may hide text View HTML Source Code Google records your “bad” content
  • 12. WordPress: Look For More? New Directories Your RSS feeds Search Engines Google = link:twittgroups.com Digg, StumbleUpon Many others…
  • 13. If You Get Hacked? Justa matter of time Change ALL passwords Backup databases Update software quickly Shut down site. Maybe… Email to security@wordpress.com
  • 14. WordPress: Plugins / Widgets Only use what you can trust Watch for suspicious activity WP Security Scan File Permissions Database Security XSS vulnerabilities Many others…
  • 15. Comment Boxes / Widgets Comment Spam Login Required reCHAPTCHA codes Google Friend Connect OpenID Twitter OAuth Many others…
  • 16. Advertising On Your Blog Google AdWords / AdSense Others ??? Affiliate Programs Be Careful… WordPress Plugins $5000 per Week? Slim Chance Should you $$$ to Advertise?
  • 17. Podcasts Reliable Hosting Service Your XML feeds Search Engines Password Protect the Content Folders Will keep out the Google Spiders
  • 18. Best Practices Software Up To Date! Backup Databases Directory Protection Codes File Protection Codes Remove Install Files Remove Version # Layered Software Do NOT use Microsoft Windows!
  • 19. Summary Overwhelmed? StartSimple Best Practices Stay Updated Follow the Experts Network with others Collaborate with others