During this webinar, Alycia will explain how marketing professionals can easily add security to their diverse toolkit. This skill helps organizations prepare for incidents and prevent others. Reputation management falls on marketing. By championing the protection of web content, marketers can uphold their company’s reputation and make the web safer for everyone.

1. Website Security Primer
for Digital Marketers
SUCURI WEBINAR
Alycia Mitchell
Digital Marketing Manager

2. Housekeeping Items
•
•
•
•
•
•
•

3. WEBINAR PRESENTER
@artdecotech
Alycia Mitchell
Digital Marketing Manager

4. WEBINAR PRESENTER
A little about me
•
•
•

5. In this webinar
you will learn:
•
•
•

6. Marketers are in agreement
Content is King
… so who is guarding the king?

7. Whose responsibility
is website security?
Those are DDoS bots out there!
LET’S GO MITIGATE THEM!

8. Source: The T-Shaped Web Marketer by Rand Fishkin
Tweet #AskSucuri to @SucuriSecurity

9. Jono Alderson, YOAST
The Democratization of SEO

10. Jono Alderson, YOAST
The Democratization of SEO

11. Marketing
Nightmares
Hey marketer, want to install this plugin
to increase your SEO rankings?
They all rank organically down here!
Imagine the following scenarios…

12. Distributed Denial of
Service (DDoS) attacks.
Downtime due to

13. Blacklist Warnings
by major search engines and
antivirus vendors.

14. Malicious Redirects
sending mobile visitors to porn websites.

15. advertisements, phishing pages,
and drive-by downloads.
Malicious

16. A hacked site can
also affect your
rankings and
search engine
metadata.

17. Marketers Are Primed to Understand
• Web development languages
• Crawlers and bot behavior
• SSL certificates and HTTPS
• Redirects
• Referral traffic
• IP networking
• Analytics and logs
Tweet #AskSucuri to @SucuriSecurity

18. Black Hats White Hats

19. BLACK HAT
Hackers
Exploit security
weaknesses for
malicious purposes.
BLACK HAT
Marketers
Bully people
into buying their
products.

20. BLACK HAT
Hackers
Exploit security
weaknesses for
malicious purposes.
BLACK HAT
Marketers
Bully people
into buying their
products.
WHITE HAT
Hackers
Identify security
issues so they can
be patched.
WHITE HAT
Marketers
Shine a light on
a problem and
offer solutions.

21. Privacy and Compliance
• GDPR, CAN-SPAM, CASL – spam laws
• PCI DSS – ecommerce
• “Not Secure” - warnings in Chrome
• SSL as a ranking signal in Google search
Tweet #AskSucuri to @SucuriSecurity

22. SSL does nothing to protect the website from being attacked.
Don’t get me wrong. Encryption is a good thing. It protects passwords, credit card data, form data...
Tweet #AskSucuri to @SucuriSecurity

23. Only a WAF can protect the website from being attacked
(see more on this later…)
Tweet #AskSucuri to @SucuriSecurity

24. Google Safe Browsing Transparency Report
Tweet #AskSucuri to @SucuriSecurity
“Compromised sites:
These are legitimate
websites that have been
hacked to include content
from, or to direct users
to, sites that may exploit
their browsers.
For example, a page of a
site may be compromised
to include code that
redirects a user to an
attack site.”

25. The internet is getting more complex.
Tweet #AskSucuri to @SucuriSecurity
Bots API Plugin Scripts

26. We can hope that white hats
will find the vulnerabilities first.
We can also take steps to
prevent a compromise.
Here’s
Vulnerability!

27. What is
Website Security?
•
•
•
Tweet #AskSucuri to @SucuriSecurity

28. Tweet #AskSucuri to @SucuriSecurity
Monitor and Audit
Your Web Properties
Marketers know logs and monitoring are important.
• Spreadsheets, reports, analytics
• Social monitoring and Google Alerts
• Early detection and responsiveness
Now, apply these same concepts to your website
integrity.
Tweet #AskSucuri to @SucuriSecurity

29. Verify Domain Ownership for Alerts
Tweet #AskSucuri to @SucuriSecurity

30. Google Search Console
Security Issues section
shows any warnings.
Tweet #AskSucuri to @SucuriSecurity

31. Tweet #AskSucuri to @SucuriSecurity
Scanning for Malware
and Security Issues
You can scan your website with our
free tool:
sitecheck.sucuri.net
We check for blacklists, outdated
software, code anomalies, and
known malicious payloads.
Note: Remote scanners have limited access and
results are not guaranteed.

32. Tweet #AskSucuri to @SucuriSecurity
User Access Logging
Do you have a way to know if one
of your website administrators
suddenly logs in from a strange
location at 3AM?

33. Tweet #AskSucuri to @SucuriSecurity
Guide: How to Use the
WordPress Security Plugin
Sucuri WordPress Plugin
https://wordpress.org/plugins/sucuri-scanner https://sucuri.net/guides/how-to-use-the-wordpress-security-plugin

34. Tweet #AskSucuri to @SucuriSecurity

35. Protect Your Website from Attacks
There are two ways websites get hacked:
Tweet #AskSucuri to @SucuriSecurity
Exploiting a
Software Vulnerability
Compromising
User Access Control

36. Tweet #AskSucuri to @SucuriSecurity
How to Lock Down Access
Stronger Passwords
2FA (Two-Factor Authentication)
Principle of Least Privilege
Tweet #AskSucuri to @SucuriSecurity

37. Tweet #AskSucuri to @SucuriSecurity
How to Prevent
Vulnerability Exploitation
Apply software updates ASAP
• Patches security holes
• Requires you to be a step ahead of the black hats
Activate a web application firewall
• Blocks zero-day attacks and unpatched vulnerabilities
• Mitigates DDoS attacks
• Backed by security researchers
• Bonus content delivery network (CDN)
Tweet #AskSucuri to @SucuriSecurity

38. Tweet #AskSucuri to @SucuriSecurity
Creating an Incident
Response Plan
• Backups of everything
• Documented emergency response plan
• Roles and responsibilities
• Vet any vendors before you have an issue
Tweet #AskSucuri to @SucuriSecurity

39. Tweet #AskSucuri to @SucuriSecurity
Using a backup to
reverse a hacked site?
Make sure you have reliable backups
• Automatic
• Secure off-site storage (never on the same server as your website)
• Redundant copies
• Proven and tested recovery
Be sure to restore a backup from before hacker gained
access, not just before the symptoms showed up.
• Backdoors are often placed weeks in advance of the payload.
• If you restore a copy with a backdoor, you’ll be reinfected.
• 71% of hacked websites contain backdoors.
Tweet #AskSucuri to @SucuriSecurity

40. Who you gonna call?
• Can your IT team identify the latest PHP or JavaScript malware?
• Who is responsible for getting a hacked site fixed?
• How will you deal with downtime or scared customers?
• Do you know which professionals you would call in a pinch?
• Sucuri offers free DIY guides for cleaning hacked sites and removing blacklist warnings.

41. Tweet #AskSucuri to @SucuriSecurity
Dealing with
Google Blacklist
• Blacklisted sites lose at least
95% of their traffic.
• Once your site is clean, you
can request a review in
Google Search Console
(Sucuri does this for you).

42. Tweet #AskSucuri to @SucuriSecurity
Welcome to the club!
• Marketers shouldn’t do this alone, but they should speak up about it.
• By working with the IT counterparts within their company, marketers can
greatly improve the security posture of the brand.
• Marketers should champion these initiatives and get them prioritized by
their business development team.

43. Tweet #AskSucuri to @SucuriSecurity
In Conclusion

44. v
Security is everyone’s responsibility
and is inherently tied to trust.

45. Marketing thrives on
trust – and suffers a
quick death if it is lost.

46. The internet needs
intelligent and passionate
people to raise awareness.

47. Marketers are resourceful
enough to step up to the plate.

48. Q & A
Alycia Mitchell
You can reach me at alycia@sucuri.net