SlideShare a Scribd company logo

Wordcampcolumbus 2009

Download as PPTX, PDF
Brian Lockrey
Brian Lockrey

WordCamp Columbus Presentation: Internet Security for Bloggers and Podcasters May 16, 2009 Brian Lockrey http://assistcoach.com

Technology
1 of 20
Internet Security for Bloggers and Podcasters Brian Lockrey http://AssistCoach.com
Overview Blog Security WordPress Social Networking Micro-Blogging Podcasts Advertising Best Practices
Blog Security: WordPress WordPress Security: Google 11,800,000 Very Popular Platform Prime Target for Hackers SEO: Search Engine Optimization Traffic Redirection Links to Pharmacy / Adult sites Graphics Replacement Ad / Affiliate Redirection Many others…
Blog Security: WordPress You are on their hit list! Game… Like you play Guitar Hero… Always run the latest versions Backdoor entry points Passwords for users are downloaded Open Source Software Backups are essential Frequent updates are essential Many others…
Blog Security: WordPress Monitor log files Block probers if you can Delete meta tag that displays WP version “Powered by WordPress” Private site or hosted? WordPress.com What is your Time worth? What is your Blog worth?
Blog Security: WordPress Turn off Open Registration WP 2.5+ has better password encryption Use a Strong admin password! Limit Search on your server Protect Directories from public browsing Drop the version string in Meta Tags
Blog Security: WordPress Limitwp-admin access by IP address Protect using .htaccess Protect your MySQL database Use SSH/Shell access, not FTP Use SFTP uploads if you can Use VPN if you can Never use Telnet!
Hosting Platform? Use Linux / Apache if you can Do NOT use Microsoft Windows Automattic PollDaddy migration PollDaddy .NET / SQL to PHP/MySQL Automattic has 1,200 servers in use Per Matt’s Blog - Stable and Scalable
WordPress: Internals PHP MySQL Known Database Schema Known Class and Function Names Known File Names Known Folder Names
WordPress: Internals PHP – Must be kept updated MySQL – Must be kept updated OpenSource Software more secure Security Through Transparency Millions of people looking at it Often fixed quickly
WordPress: Look For? The Obvious PlugIns that you did not install header.php changes Search Engine redirection (hard to detect) Spammers may hide text View HTML Source Code Google records your “bad” content
WordPress: Look For More? New Directories Your RSS feeds Search Engines Google = link:twittgroups.com Digg, StumbleUpon Many others…
If You Get Hacked? Justa matter of time Change ALL passwords Backup databases Update software quickly Shut down site. Maybe… Email to security@wordpress.com
WordPress: Plugins / Widgets Only use what you can trust Watch for suspicious activity WP Security Scan File Permissions Database Security XSS vulnerabilities Many others…
Comment Boxes / Widgets Comment Spam Login Required reCHAPTCHA codes Google Friend Connect OpenID Twitter OAuth Many others…
Advertising On Your Blog Google AdWords / AdSense Others ??? Affiliate Programs Be Careful… WordPress Plugins $5000 per Week? Slim Chance Should you $$$ to Advertise?
Podcasts Reliable Hosting Service Your XML feeds Search Engines Password Protect the Content Folders Will keep out the Google Spiders
Best Practices Software Up To Date! Backup Databases Directory Protection Codes File Protection Codes Remove Install Files Remove Version # Layered Software Do NOT use Microsoft Windows!
Summary Overwhelmed? StartSimple Best Practices Stay Updated Follow the Experts Network with others Collaborate with others
Questions? @AssistCoach

Recommended

Library Program Technology in Ukraine & Romania
Library Program Technology in Ukraine & RomaniaLibrary Program Technology in Ukraine & Romania
Library Program Technology in Ukraine & Romania
Mark Belinsky
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-security
Digamber Pradhan
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Heroku
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security session
Pratik Jagdishwala
 
Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]
HaMiD Fadaei
 
Website security
Website securityWebsite security
Website security
Akhilesh Kant
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
Thor Kristiansen
 

Recommended

Library Program Technology in Ukraine & Romania
Library Program Technology in Ukraine & RomaniaLibrary Program Technology in Ukraine & Romania
Library Program Technology in Ukraine & Romania
Mark Belinsky
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-security
Digamber Pradhan
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Heroku
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security session
Pratik Jagdishwala
 
Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]
HaMiD Fadaei
 
Website security
Website securityWebsite security
Website security
Akhilesh Kant
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
Thor Kristiansen
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
Otto Kekäläinen
 
Security 101
Security 101Security 101
Security 101
Red Gate Software
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
Dre Armeda
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101
Seravo
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
SiteGround.com
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff Hoffman
Jeff Hoffman
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011
Dre Armeda
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
Acodez IT Solutions
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP Profiling
Otto Kekäläinen
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
Brad Williams
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basics
amiable_indian
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
Brad Williams
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPress
Dre Armeda
 
Use Xdebug to profile PHP
Use Xdebug to profile PHPUse Xdebug to profile PHP
Use Xdebug to profile PHP
Seravo
 
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Bastian Grimm
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home Ownership
Denise (Dee) Teal
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
SiteGround.com
 
Don't Get Stung
Don't Get StungDon't Get Stung
Don't Get Stung
Barry Dorrans
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developers
Seravo
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
Brad Williams
 
PodCamp Ohio 2009
PodCamp Ohio 2009PodCamp Ohio 2009
PodCamp Ohio 2009
Brian Lockrey
 
Innovation, Education, and Technology
Innovation, Education, and TechnologyInnovation, Education, and Technology
Innovation, Education, and Technology
Dave Shortreed
 

More Related Content

What's hot

Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPress
Dre Armeda
 

What's hot (20)

WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
 
Security 101
Security 101Security 101
Security 101
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff Hoffman
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP Profiling
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basics
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPress
 
Use Xdebug to profile PHP
Use Xdebug to profile PHPUse Xdebug to profile PHP
Use Xdebug to profile PHP
 
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home Ownership
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
Don't Get Stung
Don't Get StungDon't Get Stung
Don't Get Stung
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developers
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
 

Viewers also liked

Viewers also liked (6)

PodCamp Ohio 2009
PodCamp Ohio 2009PodCamp Ohio 2009
PodCamp Ohio 2009
 
Innovation, Education, and Technology
Innovation, Education, and TechnologyInnovation, Education, and Technology
Innovation, Education, and Technology
 
Innovation In Education Using Social Media
Innovation In Education Using Social MediaInnovation In Education Using Social Media
Innovation In Education Using Social Media
 
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
 
Innovating in Education, Educating for Innovation
Innovating in Education, Educating for InnovationInnovating in Education, Educating for Innovation
Innovating in Education, Educating for Innovation
 
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
 

Similar to Wordcampcolumbus 2009

Gmr Highload Presentation Revised
Gmr Highload Presentation RevisedGmr Highload Presentation Revised
Gmr Highload Presentation Revised
Ontico
 
Gmr Highload Presentation
Gmr Highload PresentationGmr Highload Presentation
Gmr Highload Presentation
Ontico
 
Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09
heikowebers
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
hernanibf
 
The Yahoo Open Stack
The Yahoo Open StackThe Yahoo Open Stack
The Yahoo Open Stack
Megan Eskey
 

Similar to Wordcampcolumbus 2009 (20)

Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRFBe Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
 
Gmr Highload Presentation Revised
Gmr Highload Presentation RevisedGmr Highload Presentation Revised
Gmr Highload Presentation Revised
 
Gmr Highload Presentation
Gmr Highload PresentationGmr Highload Presentation
Gmr Highload Presentation
 
Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09
 
PHP & MVC
PHP & MVCPHP & MVC
PHP & MVC
 
Whats New In Silverlight 3
Whats New In Silverlight 3Whats New In Silverlight 3
Whats New In Silverlight 3
 
Glasgow Reversing Club
Glasgow Reversing ClubGlasgow Reversing Club
Glasgow Reversing Club
 
Drupal
DrupalDrupal
Drupal
 
Performance, Games, and Distributed Testing in JavaScript
Performance, Games, and Distributed Testing in JavaScriptPerformance, Games, and Distributed Testing in JavaScript
Performance, Games, and Distributed Testing in JavaScript
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
 
How to set up a Wordpress Blog
How to set up a Wordpress BlogHow to set up a Wordpress Blog
How to set up a Wordpress Blog
 
Mojomojo Talk
Mojomojo TalkMojomojo Talk
Mojomojo Talk
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA Hum
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA Hum
 
SEASR Installation
SEASR InstallationSEASR Installation
SEASR Installation
 
Turbogears Presentation
Turbogears PresentationTurbogears Presentation
Turbogears Presentation
 
The Yahoo Open Stack
The Yahoo Open StackThe Yahoo Open Stack
The Yahoo Open Stack
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!
 
LSG Webinar - 13 Nov 08
LSG Webinar - 13 Nov 08LSG Webinar - 13 Nov 08
LSG Webinar - 13 Nov 08
 
Getting Started: The Installation
Getting Started: The InstallationGetting Started: The Installation
Getting Started: The Installation
 

Recently uploaded

Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
Syngulon
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
EasyPrinterHelp
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
UXDXConf
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 

Recently uploaded (20)

Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 

Wordcampcolumbus 2009

  • 1. Internet Security for Bloggers and Podcasters Brian Lockrey http://AssistCoach.com
  • 3. Blog Security: WordPress WordPress Security: Google 11,800,000 Very Popular Platform Prime Target for Hackers SEO: Search Engine Optimization Traffic Redirection Links to Pharmacy / Adult sites Graphics Replacement Ad / Affiliate Redirection Many others…
  • 4. Blog Security: WordPress You are on their hit list! Game… Like you play Guitar Hero… Always run the latest versions Backdoor entry points Passwords for users are downloaded Open Source Software Backups are essential Frequent updates are essential Many others…
  • 5. Blog Security: WordPress Monitor log files Block probers if you can Delete meta tag that displays WP version “Powered by WordPress” Private site or hosted? WordPress.com What is your Time worth? What is your Blog worth?
  • 6. Blog Security: WordPress Turn off Open Registration WP 2.5+ has better password encryption Use a Strong admin password! Limit Search on your server Protect Directories from public browsing Drop the version string in Meta Tags
  • 7. Blog Security: WordPress Limitwp-admin access by IP address Protect using .htaccess Protect your MySQL database Use SSH/Shell access, not FTP Use SFTP uploads if you can Use VPN if you can Never use Telnet!
  • 8. Hosting Platform? Use Linux / Apache if you can Do NOT use Microsoft Windows Automattic PollDaddy migration PollDaddy .NET / SQL to PHP/MySQL Automattic has 1,200 servers in use Per Matt’s Blog - Stable and Scalable
  • 9. WordPress: Internals PHP MySQL Known Database Schema Known Class and Function Names Known File Names Known Folder Names
  • 10. WordPress: Internals PHP – Must be kept updated MySQL – Must be kept updated OpenSource Software more secure Security Through Transparency Millions of people looking at it Often fixed quickly
  • 11. WordPress: Look For? The Obvious PlugIns that you did not install header.php changes Search Engine redirection (hard to detect) Spammers may hide text View HTML Source Code Google records your “bad” content
  • 12. WordPress: Look For More? New Directories Your RSS feeds Search Engines Google = link:twittgroups.com Digg, StumbleUpon Many others…
  • 13. If You Get Hacked? Justa matter of time Change ALL passwords Backup databases Update software quickly Shut down site. Maybe… Email to security@wordpress.com
  • 14. WordPress: Plugins / Widgets Only use what you can trust Watch for suspicious activity WP Security Scan File Permissions Database Security XSS vulnerabilities Many others…
  • 15. Comment Boxes / Widgets Comment Spam Login Required reCHAPTCHA codes Google Friend Connect OpenID Twitter OAuth Many others…
  • 16. Advertising On Your Blog Google AdWords / AdSense Others ??? Affiliate Programs Be Careful… WordPress Plugins $5000 per Week? Slim Chance Should you $$$ to Advertise?
  • 17. Podcasts Reliable Hosting Service Your XML feeds Search Engines Password Protect the Content Folders Will keep out the Google Spiders
  • 18. Best Practices Software Up To Date! Backup Databases Directory Protection Codes File Protection Codes Remove Install Files Remove Version # Layered Software Do NOT use Microsoft Windows!
  • 19. Summary Overwhelmed? StartSimple Best Practices Stay Updated Follow the Experts Network with others Collaborate with others