SlideShare uma empresa Scribd logo

Wc maine-slideshare

Joseph Herbrandson
Joseph Herbrandson

Website security is important to everyone who has a website, as well as everyone who uses a website. Whether it gets five visitors a day or five-thousand, hackers are looking to compromise, break, infect and virtually own every website that they can for monetary and social purposes. While the topic seems mysterious to most users, website security is actually a set of simple principles that everyone can adopt to keep their risk at the absolute lowest. Being a WordPress user is a great start, and the discussion will surround habits, practices and techniques to follow to keep a WordPress site secure from hackers and malware.

Tecnologia
1 de 26
Baixar para ler offline
WordPress securityfundamentals WORDCAMPMAINE
aboutme Something Joseph Herbrandson Web design and infosec Committed to WordPress and website security since 2008 sucuri security Technical Account Manager - Cleaning up malware and protecting websites from infection everyday - Cleaned, remediated and secured over 5,000 websites Website sucuri.net twitter.com/sucuri_security facebook.com/SucuriSec sucuri.net
sucuri.net Sucurisecurity • SCAN: 3 MILLION DOMANS / MONTH: sitecheck.sucuri.net • block: 33 million / month • CLEAN: 300-500 sites / DAY • Website security: SERVICING OVER 250 THOUSAND DOMAINS • platform agnostic (wordpress, joomla, drupal, etc…) • GLOBAL OPERATIONS 24/7/365 SUPPORT
The state of… theInternet sucuri.net 3 Billion Internet Users world wide 1 billion active sites internetlivestats.com ! 60% of all CMS sites and 22% of all websites are wordpress!
No 0% Threat Rule No such thing as perfect security. If someone REALLY wants in, they will find a way. 0- Day Attacks Brand new attacks using different methods make these impossible to plan for. 0-Day attacks are resolved once it has been studied, and fix has been published. Not just Wordpress! Security starts with everyday practices. All the wrong moves made off of your website, will still affect things on your website! sucuri.net securewp Notes On
Who Are They? Hackersidentities sucuri.net Who are these Guys? - It can be anyone good with computers. - Intelligent and Mischievous; Enterprising and Effective. Where are they from? Most attacks come from Turkey, Syria, Tunisia, Brazil, Russia, China, and even the United States. !
Brute Force sql injection ddos social engineering sucuri.net what’s going on here… commonattacktypes
Hacked? Whyyou It’s nothing Personal Most attacks are automated and done on many websites at a time You're on the list Once you’re a target, you stay a target. Increasing your security is the best way to ask them to LEAVE YOU ALONE sucuri.net
The $Billionspam ! Pharma and spam attacks Viagra, Cialis, and Levitra ads, make marketers over 2 BILLION dollars every year from blackhat methods of infecting websites, and redirecting users to websites selling prescription drugs. ! sucuri.net
Pillarsofsecurity Your Security Frontline Disaster Prevention backups Basic Website Maintenance Staying current Common Sense Policies Access control WordPress Preparation sucuri.net
securedbackups Disaster Prevention Have a backup plan Playing defensively from the back is your best first line defense. Stored Remotely Away from your live server, and the clutches of an intruder. …more than one if possible! The more layers of your backup plan, the less likely it is to fail. Scheduled and Automated Don’t rely on yourself. sucuri.net
backupSolutions Options for Vault Press Web hosting Sucuri Backups sucuri.net BACKUP BUDDY
A little bit about passwordsecurity The tactics Sophisticated Password Guessing easier to crack than you think… ! Password Crack Times: - 8 letters = 52 seconds - 8 nums/letters = 11 minutes - with caps/!@#$… = 3 hours - 12 letters/nums/caps/!@#$ = 2 Thousand years sucuri.net
mostusedpassWords The web’s No. Title Ranking Last Year 1 123456 2 2 password 1 3 12345678 3 4 qwerty 5 5 abc123 4 6 123456789 New 7 111111 9 sucuri.net The following are statistics showing the most used passwords in 2013, documented from lists stolen in major organization security breaches. (SplashData.com)
passwordmanagers Tools of the trade: Lastpass keePass DashLane sucuri.net 1Password
wordpressUpdates The Importance of Your version is your level of security ! Major versus Maintenance releases ! Worried About upgrading? fear not! downgrading is a simple task ! Have an upgrade path sucuri.net As of June 2014: http://w3techs.com/technologies/details/cm-wordpress/3/all 21% 14% 5% 8% 18% 34% 3.0-3.4 3.5 3.6 3.7 3.8 3.9
sucuri.net KnowyourPlugins recent vulnerability disclosures: Update!! All in one SEO Mailpoet custom contact forms wptouch no plugin is SAFE forever! developer vigilance is key keep track of update and change logs consider plugins secured by Sucuri, or other security authorities Plug and Play for hackers!
sucuri.net Server-Side Protection websiteantivirus Malware Scanning SITECHECK: http://sitecheck.sucuri.net VIRUSTOTAL: http://www.virustotal.com wordpress security plugins Sucuri Scanner iThemes Security (Formerly Better WP Security) GOTMLS WEB premium cleanup services Sucuri Website Antivirus Sitelock
Case study cleanup Ftp/sftp File Management Basic file cleanup with FileZilla WordPress Version Archives https://codex.wordpress.org/WordPress_Versions (Google “WordPress versions”) Theme Backups Always know where to find a clean copy of your theme
Infectedsite infection: blackhat seo spam injection Spam is displayed with Javascript turned off. Otherwise it’s hidden! Infection confirmed at the free Sucuri website scanner: http://sitecheck.sucuri.net Cleanup sucuri.net
Cleanup removeandreplace wp-admin and wp-includes These directories are replaceable for cleanup and downgrading versions Replace other core files The other core files outside of these two directories can be uploaded to directly replace their counterparts do not delete wp-config.php or wp-content! These are vital to the functionality of your blog, and cannot be replaced easily, or without a backup. sucuri.net
Cleanup removeandreplace pt.2 find your theme Your theme is replaceable if you
 haven’t made custom
 changes delete your old theme This is the most common place
 for infected WordPress files replace with clean copy Good as new! sucuri.net
Cleanup cleansite cleanup accomplished: Your WordPress site is now spam free! ! sucuri.net
User-Defined Footer Text Active Defense websitefirewall fight back! -security checkpoint that monitors all users - intelligent and decisive: detect attack patterns and stop them - software versus hardware Products: - Sucuri Website Firewall - CloudFlare - Sitelock
sucuri.net A healthy dose of… paranoia worry about the right things: - Integrating a protection plan - Passwords versus Usernames - Hosting: Shared, Managed, Dedicated - Plugin/Theme origin - Patching/Updating - Who your friends are
anyquestions?

Recomendados

Wild communications
Wild communicationsWild communications
Wild communicationsWC
 
Mobile generation technology
Mobile generation technologyMobile generation technology
Mobile generation technologyVishal Rajput
 
S3 Bidet Presentation
S3 Bidet PresentationS3 Bidet Presentation
S3 Bidet Presentationno suhaila
 
The lagoon house
The lagoon houseThe lagoon house
The lagoon houseMarcos A. Radonic
 
Lages – santa catarina
Lages – santa catarinaLages – santa catarina
Lages – santa catarinaDenis Fernandes
 
Urinal selection predictability
Urinal selection predictabilityUrinal selection predictability
Urinal selection predictabilitykylesaunders
 
The lagoon
The lagoonThe lagoon
The lagoonpuspendusir
 
Generation Mobile
Generation MobileGeneration Mobile
Generation MobileMihajlo Prerad
 

Recomendados

Wild communications
Wild communicationsWild communications
Wild communicationsWC
 
Mobile generation technology
Mobile generation technologyMobile generation technology
Mobile generation technologyVishal Rajput
 
S3 Bidet Presentation
S3 Bidet PresentationS3 Bidet Presentation
S3 Bidet Presentationno suhaila
 
The lagoon house
The lagoon houseThe lagoon house
The lagoon houseMarcos A. Radonic
 
Lages – santa catarina
Lages – santa catarinaLages – santa catarina
Lages – santa catarinaDenis Fernandes
 
Urinal selection predictability
Urinal selection predictabilityUrinal selection predictability
Urinal selection predictabilitykylesaunders
 
The lagoon
The lagoonThe lagoon
The lagoonpuspendusir
 
Generation Mobile
Generation MobileGeneration Mobile
Generation MobileMihajlo Prerad
 
Toilets
ToiletsToilets
Toiletsjosephdesilva
 
Lages - 5.04
Lages - 5.04Lages - 5.04
Lages - 5.04Adrinic
 
Aqualisa Quartz: Simply a Better Shower
Aqualisa Quartz: Simply a Better ShowerAqualisa Quartz: Simply a Better Shower
Aqualisa Quartz: Simply a Better ShowerAkshay Hiremath
 
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)Aqualisa Quartz - Simply A Better Shower (HBR Case Study)
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)Arjun Parekh
 
Sink Or Float
Sink Or FloatSink Or Float
Sink Or FloatGraciela Bilat
 
Spyware
SpywareSpyware
SpywareKardan university, kabul , Afghanistan
 
Floating and Sinking
Floating and SinkingFloating and Sinking
Floating and SinkingAmanda Will
 
CSF cisterns
CSF cisternsCSF cisterns
CSF cisternsHytham Nafady
 
Septic Tank
Septic TankSeptic Tank
Septic TankVikas Verma
 
Septic tank
Septic tankSeptic tank
Septic tankDr. shrikant jahagirdar
 
Wireless communication
Wireless communicationWireless communication
Wireless communicationDarshan Maru
 
Traps
TrapsTraps
TrapsInazarina Ady
 
Flue gas analysis
Flue gas analysisFlue gas analysis
Flue gas analysisNIT MEGHALAYA
 
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesPresentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesKaushal Kaith
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Mais conteúdo relacionado

Destaque

Lages - 5.04
Lages - 5.04Lages - 5.04
Lages - 5.04Adrinic
 
Aqualisa Quartz: Simply a Better Shower
Aqualisa Quartz: Simply a Better ShowerAqualisa Quartz: Simply a Better Shower
Aqualisa Quartz: Simply a Better ShowerAkshay Hiremath
 
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)Aqualisa Quartz - Simply A Better Shower (HBR Case Study)
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)Arjun Parekh
 
Floating and Sinking
Floating and SinkingFloating and Sinking
Floating and SinkingAmanda Will
 
Wireless communication
Wireless communicationWireless communication
Wireless communicationDarshan Maru
 
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesPresentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesKaushal Kaith
 

Destaque (14)

Toilets
ToiletsToilets
Toilets
 
Lages - 5.04
Lages - 5.04Lages - 5.04
Lages - 5.04
 
Aqualisa Quartz: Simply a Better Shower
Aqualisa Quartz: Simply a Better ShowerAqualisa Quartz: Simply a Better Shower
Aqualisa Quartz: Simply a Better Shower
 
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)Aqualisa Quartz - Simply A Better Shower (HBR Case Study)
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)
 
Sink Or Float
Sink Or FloatSink Or Float
Sink Or Float
 
Spyware
SpywareSpyware
Spyware
 
Floating and Sinking
Floating and SinkingFloating and Sinking
Floating and Sinking
 
CSF cisterns
CSF cisternsCSF cisterns
CSF cisterns
 
Septic Tank
Septic TankSeptic Tank
Septic Tank
 
Septic tank
Septic tankSeptic tank
Septic tank
 
Wireless communication
Wireless communicationWireless communication
Wireless communication
 
Traps
TrapsTraps
Traps
 
Flue gas analysis
Flue gas analysisFlue gas analysis
Flue gas analysis
 
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesPresentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
 

Último

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Wc maine-slideshare

  • 2. aboutme Something Joseph Herbrandson Web design and infosec Committed to WordPress and website security since 2008 sucuri security Technical Account Manager - Cleaning up malware and protecting websites from infection everyday - Cleaned, remediated and secured over 5,000 websites Website sucuri.net twitter.com/sucuri_security facebook.com/SucuriSec sucuri.net
  • 3. sucuri.net Sucurisecurity • SCAN: 3 MILLION DOMANS / MONTH: sitecheck.sucuri.net • block: 33 million / month • CLEAN: 300-500 sites / DAY • Website security: SERVICING OVER 250 THOUSAND DOMAINS • platform agnostic (wordpress, joomla, drupal, etc…) • GLOBAL OPERATIONS 24/7/365 SUPPORT
  • 4. The state of… theInternet sucuri.net 3 Billion Internet Users world wide 1 billion active sites internetlivestats.com ! 60% of all CMS sites and 22% of all websites are wordpress!
  • 5. No 0% Threat Rule No such thing as perfect security. If someone REALLY wants in, they will find a way. 0- Day Attacks Brand new attacks using different methods make these impossible to plan for. 0-Day attacks are resolved once it has been studied, and fix has been published. Not just Wordpress! Security starts with everyday practices. All the wrong moves made off of your website, will still affect things on your website! sucuri.net securewp Notes On
  • 6. Who Are They? Hackersidentities sucuri.net Who are these Guys? - It can be anyone good with computers. - Intelligent and Mischievous; Enterprising and Effective. Where are they from? Most attacks come from Turkey, Syria, Tunisia, Brazil, Russia, China, and even the United States. !
  • 7. Brute Force sql injection ddos social engineering sucuri.net what’s going on here… commonattacktypes
  • 8. Hacked? Whyyou It’s nothing Personal Most attacks are automated and done on many websites at a time You're on the list Once you’re a target, you stay a target. Increasing your security is the best way to ask them to LEAVE YOU ALONE sucuri.net
  • 9. The $Billionspam ! Pharma and spam attacks Viagra, Cialis, and Levitra ads, make marketers over 2 BILLION dollars every year from blackhat methods of infecting websites, and redirecting users to websites selling prescription drugs. ! sucuri.net
  • 10. Pillarsofsecurity Your Security Frontline Disaster Prevention backups Basic Website Maintenance Staying current Common Sense Policies Access control WordPress Preparation sucuri.net
  • 11. securedbackups Disaster Prevention Have a backup plan Playing defensively from the back is your best first line defense. Stored Remotely Away from your live server, and the clutches of an intruder. …more than one if possible! The more layers of your backup plan, the less likely it is to fail. Scheduled and Automated Don’t rely on yourself. sucuri.net
  • 12. backupSolutions Options for Vault Press Web hosting Sucuri Backups sucuri.net BACKUP BUDDY
  • 13. A little bit about passwordsecurity The tactics Sophisticated Password Guessing easier to crack than you think… ! Password Crack Times: - 8 letters = 52 seconds - 8 nums/letters = 11 minutes - with caps/!@#$… = 3 hours - 12 letters/nums/caps/!@#$ = 2 Thousand years sucuri.net
  • 14. mostusedpassWords The web’s No. Title Ranking Last Year 1 123456 2 2 password 1 3 12345678 3 4 qwerty 5 5 abc123 4 6 123456789 New 7 111111 9 sucuri.net The following are statistics showing the most used passwords in 2013, documented from lists stolen in major organization security breaches. (SplashData.com)
  • 15. passwordmanagers Tools of the trade: Lastpass keePass DashLane sucuri.net 1Password
  • 16. wordpressUpdates The Importance of Your version is your level of security ! Major versus Maintenance releases ! Worried About upgrading? fear not! downgrading is a simple task ! Have an upgrade path sucuri.net As of June 2014: http://w3techs.com/technologies/details/cm-wordpress/3/all 21% 14% 5% 8% 18% 34% 3.0-3.4 3.5 3.6 3.7 3.8 3.9
  • 17. sucuri.net KnowyourPlugins recent vulnerability disclosures: Update!! All in one SEO Mailpoet custom contact forms wptouch no plugin is SAFE forever! developer vigilance is key keep track of update and change logs consider plugins secured by Sucuri, or other security authorities Plug and Play for hackers!
  • 18. sucuri.net Server-Side Protection websiteantivirus Malware Scanning SITECHECK: http://sitecheck.sucuri.net VIRUSTOTAL: http://www.virustotal.com wordpress security plugins Sucuri Scanner iThemes Security (Formerly Better WP Security) GOTMLS WEB premium cleanup services Sucuri Website Antivirus Sitelock
  • 19. Case study cleanup Ftp/sftp File Management Basic file cleanup with FileZilla WordPress Version Archives https://codex.wordpress.org/WordPress_Versions (Google “WordPress versions”) Theme Backups Always know where to find a clean copy of your theme
  • 20. Infectedsite infection: blackhat seo spam injection Spam is displayed with Javascript turned off. Otherwise it’s hidden! Infection confirmed at the free Sucuri website scanner: http://sitecheck.sucuri.net Cleanup sucuri.net
  • 21. Cleanup removeandreplace wp-admin and wp-includes These directories are replaceable for cleanup and downgrading versions Replace other core files The other core files outside of these two directories can be uploaded to directly replace their counterparts do not delete wp-config.php or wp-content! These are vital to the functionality of your blog, and cannot be replaced easily, or without a backup. sucuri.net
  • 22. Cleanup removeandreplace pt.2 find your theme Your theme is replaceable if you
 haven’t made custom
 changes delete your old theme This is the most common place
 for infected WordPress files replace with clean copy Good as new! sucuri.net
  • 23. Cleanup cleansite cleanup accomplished: Your WordPress site is now spam free! ! sucuri.net
  • 24. User-Defined Footer Text Active Defense websitefirewall fight back! -security checkpoint that monitors all users - intelligent and decisive: detect attack patterns and stop them - software versus hardware Products: - Sucuri Website Firewall - CloudFlare - Sitelock
  • 25. sucuri.net A healthy dose of… paranoia worry about the right things: - Integrating a protection plan - Passwords versus Usernames - Hosting: Shared, Managed, Dedicated - Plugin/Theme origin - Patching/Updating - Who your friends are