The WordPress community has a huge security challenge on the horizon. Now powering almost 20% of the Internet, WordPress lets us build businesses and lifestyles behind a single password. Protecting one site is hard, but the real challenge is making sure that distributed attacks across WordPress sites don't find unprotected sites to attack. In this talk, Brennen Byrne, the CEO of Clef, discusses the attacks and defenses being established in the new security paradigm and the new strategies being worked on to protect your site from the robot army.

1. passwords and botnets and zombies

2. passwords and botnets and zombies
oh my!

3. this talk is about
security

4. a lot of people think security is
hard

5. a lot of people think security is
hard
confusing

6. a lot of people think security is
hard
confusing
complicated

7. a lot of people think security is
not for you
hard
confusing
impossible
technical
frustrating
complicated
infuriating
painful

8. but we all know that it’s
important

9. but we all know that it’s
important
and my job is to make it
easy

10. 3 reasons
we need to talk about security:

11. almost 20% of the web runs on wordpress

12. almost 20% of the web runs on wordpress
lots of attacks on wordpress sites

13. almost 20% of the web runs on wordpress
lots of attacks on wordpress sites
security is fun and interesting

14. hello, my name is brennen
(@brennenbyrne)

15. I’m a founder of Clef
(getclef.com)

16. what is clef?

17. passwords and botnets and zombies
oh my!

18. how important is a single password?

19. could one password:
take down your site?
hurt your clients?
ruin your business?
endanger lives?

20. as wordpress becomes more important
so do our passwords.

21. the old way to break a password

22. virus with a keylogger
guess common passwords
advanced interrogation

23. in order to defend myself

24. don’t download viruses
ban IPs that are guessing wrong
don’t piss off enemy nation-states

25. if i’m good, i could also
use an admin username other than “admin”
post from author accounts, not admin
change the table prefix of my databases
be careful about who i give permissions

26. but attackers have gotten smarter

27. botnets

28. botnets are what happens
when your parents download viruses

29. their computers become
zombies

30. botnets attack sites
sites infect visitors’ computers
visitors join botnet
bigger botnet attacks more sites

31. botnets swarm and attack your site
from millions of different computers

32. don’t download viruses
ban IPs that are guessing wrong
don’t piss off enemy nation-states

33. botnets are the attackers’ response
to our better defenses
as wordpress becomes a better target
the incentives for breaking it rise

34. with new attacks come new defenses

35. bruteprotect

36. clef

37. but attack and response isn’t enough

38. passwords are a long-term problem

39. brain
vs.
computer

40. more services
online
and
longer, harder
passwords

41. hacks this year
Adobe
Twitter
Living Social
Evernote
Drupal

42. clef

43. wordpress security requires:
making security standard
increasing accessibility to security
dedication to casual user
secure defaults

44. weakness in the community is dangerous

45. questions?