SlideShare una empresa de Scribd logo

Word Press Security Audits

Descargar como PPTX, PDF
Kristine Schachinger SEO and Online Marketing
Kristine Schachinger SEO and Online Marketing

WordPress is used by 25-30% of websites but faces security risks. Hackers target WordPress sites to install malware, spam, or steal information. The top reasons WordPress sites get hacked are outdated software, themes, and plugins. Site owners can reduce risks by limiting access, using security plugins, regularly updating WordPress and plugins, choosing secure hosting, and strengthening login protections.

Tecnología
1 de 42
#pubcon @schachin Word Press Security Audits Kristine Schachinger @schachin kristine@siteswithoutwalls.com
#pubcon @schachin Word Press is used by between 25-30% of sites.
#pubcon @schachin
#pubcon @schachin State of Security • As of March 2016, Google reports that over 50 million website users have been greeted with some form of warning that websites visited were either trying to steal information or install malicious software. In March 2015, that number was 17 million. Google currently blacklists close to ~20,000 websites a week for malware and another ~50,000 a week for phishing. PhishTank alone flags over 2,000 websites a week for phishing. https://sucuri.net/website-security/Reports/Sucuri-Website-Hacked-Report-2016Q1.pdf
#pubcon @schachin Word Press is used by between 25-30% of sites (or 10 million if Gary Ilyes is correct – either or it is a lot! )
#pubcon @schachin “Over a third of the websites online are powered by four key platforms: WordPress, Joomla!, Drupal, and Magento. WordPress is leading the CMS market with over 60% market share. This explosion and dominance by WordPress is facilitated by global-user adoption, a highly extensible platform and focus on end users. Other platform technologies have experienced growth in more niche markets, like Magento in the online commerce domain with large and enterprise organizations, and Drupal in large, enterprise, and federal organizations.” https://sucuri.net/website-security/Reports/Sucuri-Website-Hacked-Report-2016Q1.pdf WordPress is King!
#pubcon @schachin
#pubcon @schachin
#pubcon @schachin https://sucuri.net/website-security/Reports/Sucuri-Website-Hacked-Report-2016Q1.pdf
#pubcon @schachin https://sucuri.net/website-security/Reports/Sucuri-Website-Hacked-Report-2016Q1.pdf
#pubcon @schachin
#pubcon @schachin https://sucuri.net/website-security/Reports/Sucuri-Website-Hacked-Report-2016Q1.pdf Approximately 31% of all infection cases are misused for SEO Spam campaigns (either through PHP, Database injections or.htaccess redirections) where the site was infected with spam content or redirected visitors to spam-specific pages. The content used is often in the form of Pharmaceutical ad placements (i.e., erectile dysfunction, Viagra, Cialis, etc...) and includes others injections for industries like Fashion and Entertainment (i.e., Casino, Porn). #1 REASON for Getting Hacked on WordPress – SEO SPAM!
#pubcon @schachin
#pubcon @schachin Low Hanging Fruit
#pubcon @schachin Most Hackers Are Not Human
#pubcon @schachin WordPress Has A Lot Of Low Hanging Fruit
#pubcon @schachin • SEO - multiple uses here including DDOS • SPAM – site used to send SPAM emails • MALWARE – hides the origin of the malware • THEFT – Passwords, credit card information, banking information, etc. • ATTACKING OTHER SITES – Sometimes a hacker’s objective is to make a website unavailable to users. Why Would Anyone Want to Hack Your Word Press Website?
#pubcon @schachin http://www.wptemplate.com/wp-content/uploads/2013/07/Safety-and-Security-of-Word Press-Blog-Infographic.jpg
#pubcon @schachin http://www.wptemplate.com/wp-content/uploads/2013/07/Safety-and-Security-of-Word Press-Blog-Infographic.jpg • 41% by hosting platform vulnerabilities • 29% by means of an insecure theme • 22% via a vulnerable plugin • 8% because of weak passwords How Do WordPress Sites Get Hacked?
#pubcon @schachin Low Hanging Fruit – Gets Picked
#pubcon @schachin Don’t Be Low Hanging Fruit
#pubcon @schachin Fortifying Your Site
#pubcon @schachin Analysis = Audit Need to review •Access •Security (Walls) •Hosting •Logins •Plugins
#pubcon @schachin • Secure WPConfig. Makes accessing specific parts or your Word Press installation more difficult. Secure your wp- config.php file by moving it one directory above your Word Press installation. • File Editor. Disable the File Editor in the Word Press Admin panel which means a hacker will require FTP access to access core and theme files. • Limit Roles. Limiting access also includes the use of appropriate user roles. Don’t assign an administrator role unless a person actually requires admin functionality. Access – Has it been limited?
#pubcon @schachin State of Security “… out of the 11,000 + infected websites analyzed, 75% of them were on the WordPress platform and over 50% of those websites were out of date. Compare that to other similar platforms that placed less emphasis on backwards compatability, like Joomla! and Drupal, the percentage of out-of-date software was above 80%.” ~ Sucuri https://sucuri.net/website-security/Reports/Sucuri-Website-Hacked-Report-2016Q1.pdf
#pubcon @schachin Update. Update. Update. Typical biggest hole in a WordPress site. Update not only only WordPress, but … - Inactive themes and plugins (better to delete) - Plugins - Check that all plugins have updates - If a plugin has not been updated in some time take it off the site. Good example is W3Cache Security
#pubcon @schachin Two Most Popular Security Tools • WordFence. – one of the most popular security plug-ins. • Sucuri – step above just a security plug-in with their paid service you get 24/7 server side monitoring including databases and file changes • Here are list of other Malware tools for Word Press. Security Plug-Ins
#pubcon @schachin BE VERY CAREFUL TO NEVER use the ONLY WHITE LIST IPs setting in any security plug-in. You can block unknown IPs for search engine crawlers Security Plug-Ins
#pubcon @schachin Hosting
#pubcon @schachin Hosting is one of the most important ways to prevent hacking attempts. What should I look for in a good host? • Database Support. Besides supporting the latest versions of PHP and MySQL. • Security & Malware Scanning. They should perform regular scans for malware • Backups. Company should give perform daily backups. • Site Support. Helpful to have support to chat with if your site does get hacked • WordPress Hosting Specific. WordPress has a unique set of issues not only with security, but with how it loads. WordPress providers have specialized in addressing these issues. Review of hosting providers. https://fancythemes.com/best-wordpress-hosting-providers/ Hosting
#pubcon @schachin Hosting + SSL
#pubcon @schachin • SSL (HTTPS) is an added layer of security on your site and provides a slight ranking boost in Google. • Don’t get FREE Certificates. Go to a reputable hosting company and purchase one. • SEO Caveat. There are many SEO issues related to moving from http to https, so make sure you have checked off those. – Aleyda Solis has created an excellent checklist. https://docs.google.com/spreadsheets/d/1XB26X_wFoBBlQEqecj7HB79hQ7DTLIPo97SS5irwsK8/edit#gid=1975121463 Hosting + SSL
#pubcon @schachin Logins
#pubcon @schachin Securing your Logins. • Frequently change your passwords • Avoid using the admin username • Create a strong password • Force users to use strong passwords with Force Strong Passwords • Store passwords in a secure place like LastPass You can take it one step further and … • Limit login attempts. Plugins like Wordfence, Sucuri, Login LockDown and Login Security Solution enable you to constrain the number of login attempts from a single IP address within a certain amount of time. Perfect for keeping brute force attacks at bay. • Employ two-step authentication. Adds a second layer of security that can only be passed by means of your cell phone, social network account or else. Options include Duo Two-Factor Authentication, OpenID, and Clef. • Hide your login page. Moving wp-admin and wp-login to non-standard addresses makes it harder for hackers to attack them. You can do so via Rename wp-login.php, HideLogin+ or Lockdown WP Admin. http://torquemag.io/2016/03/wordpress-sites-hacked/ Logins
#pubcon @schachin Plugins
#pubcon @schachin Plugins These were the top three out of date, vulnerable, plugins at the point in which a website engaged Sucuri for incident response services https://sucuri.net/website-security/Reports/Sucuri-Website-Hacked-Report-2016Q1.pdf
#pubcon @schachin Hosting is one of the most important ways to prevent hacking attempts. There is … • Get it from a known source like Yoast, Scuri, Wordfence – Hackers, SEO, Affiliate Marketers, others create legitimate plugins to get backdoor access to your site • Check last update by developer – If it has not been updated recently, it is likely vulnerable. • Check reviews sometimes good plugins go bad • Check number of installations Plugins
#pubcon @schachin Advanced
#pubcon @schachin Add SALTs To wp-config.php • Word Press security keys were introduced in Word Press 2.6. • SALTs encrypt user cookies and make it more difficult to access this data The keys go into your wp-config.php file here http://torquemag.io/2016/03/wordpress-sites-hacked/ Advanced
#pubcon @schachin Add SALTs To wp-config.php cont. Replace them with code from the Word Press SALT generator and you get something like this .. http://torquemag.io/2016/03/wordpress-sites-hacked/ Advanced
#pubcon @schachin Hide Your WP Version Number • Word Press adds a meta tag to your site’s head section that shows off which version of the CMS you are running. Knowing what version you are using helps hackers know what vulnerabilities are in your site. Below is a useful piece of code that stops Word Press from doing so: – remove_action('wp_head', 'wp_generator'); Just add it to your functions.php file and you are done with it. http://torquemag.io/2016/03/wordpress-sites-hacked/ Advanced
#pubcon @schachin Word Press Security Audits Kristine Schachinger @schachin kristine@siteswithoutwalls.com

Recomendados

Knowledge Graphs and Rich Snippets - Pubcon 2016 - Carrie Hill
Knowledge Graphs and Rich Snippets - Pubcon 2016 - Carrie HillKnowledge Graphs and Rich Snippets - Pubcon 2016 - Carrie Hill
Knowledge Graphs and Rich Snippets - Pubcon 2016 - Carrie HillCarrie Hill
 
The Thin Line Between Seth Godin & Neil Strauss
The Thin Line Between Seth Godin & Neil StraussThe Thin Line Between Seth Godin & Neil Strauss
The Thin Line Between Seth Godin & Neil StraussMichael King
 
Make your pitch perfect, using competitive and emotional intelligence - SEOZONE
Make your pitch perfect, using competitive and emotional intelligence - SEOZONEMake your pitch perfect, using competitive and emotional intelligence - SEOZONE
Make your pitch perfect, using competitive and emotional intelligence - SEOZONEAlexandraTachalova
 
Optimising Content For Voice Search & Virtual Assistants
Optimising Content For Voice Search & Virtual AssistantsOptimising Content For Voice Search & Virtual Assistants
Optimising Content For Voice Search & Virtual AssistantsKaizen
 
Berlin Affliliate Days - The future of SEO
Berlin Affliliate Days - The future of SEOBerlin Affliliate Days - The future of SEO
Berlin Affliliate Days - The future of SEOAlexandraTachalova
 
Sucuri Webinar: Oh No! My Website Has Been Hacked.
Sucuri Webinar: Oh No! My Website Has Been Hacked.Sucuri Webinar: Oh No! My Website Has Been Hacked.
Sucuri Webinar: Oh No! My Website Has Been Hacked.Sucuri
 
Site Speed for Google's Mobile First Index - SMX London 2017
Site Speed for Google's Mobile First Index - SMX London 2017Site Speed for Google's Mobile First Index - SMX London 2017
Site Speed for Google's Mobile First Index - SMX London 2017Kaizen
 
Pubcon Las Vegas Mobile First / Mobile Last
Pubcon Las Vegas Mobile First / Mobile LastPubcon Las Vegas Mobile First / Mobile Last
Pubcon Las Vegas Mobile First / Mobile LastKristine Schachinger SEO and Online Marketing
 

Recomendados

Knowledge Graphs and Rich Snippets - Pubcon 2016 - Carrie Hill
Knowledge Graphs and Rich Snippets - Pubcon 2016 - Carrie HillKnowledge Graphs and Rich Snippets - Pubcon 2016 - Carrie Hill
Knowledge Graphs and Rich Snippets - Pubcon 2016 - Carrie HillCarrie Hill
 
The Thin Line Between Seth Godin & Neil Strauss
The Thin Line Between Seth Godin & Neil StraussThe Thin Line Between Seth Godin & Neil Strauss
The Thin Line Between Seth Godin & Neil StraussMichael King
 
Make your pitch perfect, using competitive and emotional intelligence - SEOZONE
Make your pitch perfect, using competitive and emotional intelligence - SEOZONEMake your pitch perfect, using competitive and emotional intelligence - SEOZONE
Make your pitch perfect, using competitive and emotional intelligence - SEOZONEAlexandraTachalova
 
Optimising Content For Voice Search & Virtual Assistants
Optimising Content For Voice Search & Virtual AssistantsOptimising Content For Voice Search & Virtual Assistants
Optimising Content For Voice Search & Virtual AssistantsKaizen
 
Berlin Affliliate Days - The future of SEO
Berlin Affliliate Days - The future of SEOBerlin Affliliate Days - The future of SEO
Berlin Affliliate Days - The future of SEOAlexandraTachalova
 
Sucuri Webinar: Oh No! My Website Has Been Hacked.
Sucuri Webinar: Oh No! My Website Has Been Hacked.Sucuri Webinar: Oh No! My Website Has Been Hacked.
Sucuri Webinar: Oh No! My Website Has Been Hacked.Sucuri
 
Site Speed for Google's Mobile First Index - SMX London 2017
Site Speed for Google's Mobile First Index - SMX London 2017Site Speed for Google's Mobile First Index - SMX London 2017
Site Speed for Google's Mobile First Index - SMX London 2017Kaizen
 
Pubcon Las Vegas Mobile First / Mobile Last
Pubcon Las Vegas Mobile First / Mobile LastPubcon Las Vegas Mobile First / Mobile Last
Pubcon Las Vegas Mobile First / Mobile LastKristine Schachinger SEO and Online Marketing
 
Getting Buy-In for Content Marketing (MozCon Remix)
Getting Buy-In for Content Marketing (MozCon Remix)Getting Buy-In for Content Marketing (MozCon Remix)
Getting Buy-In for Content Marketing (MozCon Remix)Michael King
 
HOW TO INCREASE YOUR TRAFFIC 5X WITH THIS ONE SEO METHOD
HOW TO INCREASE YOUR TRAFFIC 5X WITH THIS ONE SEO METHODHOW TO INCREASE YOUR TRAFFIC 5X WITH THIS ONE SEO METHOD
HOW TO INCREASE YOUR TRAFFIC 5X WITH THIS ONE SEO METHODChristoph C. Cemper
 
Pubcon Las Vegas Technical SEO
Pubcon Las Vegas Technical SEOPubcon Las Vegas Technical SEO
Pubcon Las Vegas Technical SEOKristine Schachinger SEO and Online Marketing
 
Technical SEO for a Mobile First World
Technical SEO for a Mobile First WorldTechnical SEO for a Mobile First World
Technical SEO for a Mobile First WorldKaizen
 
Conflicting Website Signals & Confused Search Engines - Rachel Costello, Tech...
Conflicting Website Signals & Confused Search Engines - Rachel Costello, Tech...Conflicting Website Signals & Confused Search Engines - Rachel Costello, Tech...
Conflicting Website Signals & Confused Search Engines - Rachel Costello, Tech...Rachel Costello
 
Omi sido-beyond-the-basics-of-website-migration.pptx
Omi sido-beyond-the-basics-of-website-migration.pptxOmi sido-beyond-the-basics-of-website-migration.pptx
Omi sido-beyond-the-basics-of-website-migration.pptxOmi Sido
 
Google Tag Manager Crash Course | MnSummit
Google Tag Manager Crash Course | MnSummitGoogle Tag Manager Crash Course | MnSummit
Google Tag Manager Crash Course | MnSummitMike Arnesen
 
Using Your Blog to Build Links Through Interviews
Using Your Blog to Build Links Through InterviewsUsing Your Blog to Build Links Through Interviews
Using Your Blog to Build Links Through Interviewsscbarrus
 
Searchlove London 2016 - The Changing Landscape of Mobile Search - Bridget Ra...
Searchlove London 2016 - The Changing Landscape of Mobile Search - Bridget Ra...Searchlove London 2016 - The Changing Landscape of Mobile Search - Bridget Ra...
Searchlove London 2016 - The Changing Landscape of Mobile Search - Bridget Ra...Bridget Randolph
 
SMC Presentations: 5 Star Secrets
SMC Presentations: 5 Star SecretsSMC Presentations: 5 Star Secrets
SMC Presentations: 5 Star SecretsDan Gardeen
 
Big budget Link Building: Advanced Analysis
Big budget Link Building: Advanced AnalysisBig budget Link Building: Advanced Analysis
Big budget Link Building: Advanced AnalysisRand Fishkin
 
The inbounder London - 2. May 2017 Tom Anthony
The inbounder London - 2. May 2017 Tom Anthony The inbounder London - 2. May 2017 Tom Anthony
The inbounder London - 2. May 2017 Tom Anthony We Are Marketing
 
Google presentation to Hacks/Hackers London
Google presentation to Hacks/Hackers LondonGoogle presentation to Hacks/Hackers London
Google presentation to Hacks/Hackers Londonjoannageary
 
ReadingSEO - 14th of November - Master Deck
ReadingSEO - 14th of November - Master DeckReadingSEO - 14th of November - Master Deck
ReadingSEO - 14th of November - Master DeckMatt Williamson
 
Modern Day Link Building by Jon Cooper
Modern Day Link Building by Jon CooperModern Day Link Building by Jon Cooper
Modern Day Link Building by Jon CooperGlen Dimaandal
 
Building your outreach machine
Building your outreach machineBuilding your outreach machine
Building your outreach machineMichael King
 
Google News & How To Make It Work For You
Google News & How To Make It Work For YouGoogle News & How To Make It Work For You
Google News & How To Make It Work For YouOrganical - The SEO Experts
 
How To Tackle Enterprise Sites - Rachel Costello, Technical SEO, DeepCrawl
How To Tackle Enterprise Sites - Rachel Costello, Technical SEO, DeepCrawlHow To Tackle Enterprise Sites - Rachel Costello, Technical SEO, DeepCrawl
How To Tackle Enterprise Sites - Rachel Costello, Technical SEO, DeepCrawlDeepCrawl
 
The Incredible World Of Voice Search In Less Than 15 Minutes
The Incredible World Of Voice Search In Less Than 15 MinutesThe Incredible World Of Voice Search In Less Than 15 Minutes
The Incredible World Of Voice Search In Less Than 15 MinutesJohn Lincoln
 
Links for SEO in 2018 - Christoph C. Cemper at London Affiliate Conference 2018
Links for SEO in 2018 - Christoph C. Cemper at London Affiliate Conference 2018Links for SEO in 2018 - Christoph C. Cemper at London Affiliate Conference 2018
Links for SEO in 2018 - Christoph C. Cemper at London Affiliate Conference 2018Christoph C. Cemper
 
Local Targeting for Global Reach - Pubcon 2016
Local Targeting for Global Reach - Pubcon 2016Local Targeting for Global Reach - Pubcon 2016
Local Targeting for Global Reach - Pubcon 2016Bryant Goodall
 
How small businesses can compete with Bigger Brands
How small businesses can compete with Bigger BrandsHow small businesses can compete with Bigger Brands
How small businesses can compete with Bigger BrandsDamon Gochneaur
 

Más contenido relacionado

La actualidad más candente

Getting Buy-In for Content Marketing (MozCon Remix)
Getting Buy-In for Content Marketing (MozCon Remix)Getting Buy-In for Content Marketing (MozCon Remix)
Getting Buy-In for Content Marketing (MozCon Remix)Michael King
 
HOW TO INCREASE YOUR TRAFFIC 5X WITH THIS ONE SEO METHOD
HOW TO INCREASE YOUR TRAFFIC 5X WITH THIS ONE SEO METHODHOW TO INCREASE YOUR TRAFFIC 5X WITH THIS ONE SEO METHOD
HOW TO INCREASE YOUR TRAFFIC 5X WITH THIS ONE SEO METHODChristoph C. Cemper
 
Technical SEO for a Mobile First World
Technical SEO for a Mobile First WorldTechnical SEO for a Mobile First World
Technical SEO for a Mobile First WorldKaizen
 
Conflicting Website Signals & Confused Search Engines - Rachel Costello, Tech...
Conflicting Website Signals & Confused Search Engines - Rachel Costello, Tech...Conflicting Website Signals & Confused Search Engines - Rachel Costello, Tech...
Conflicting Website Signals & Confused Search Engines - Rachel Costello, Tech...Rachel Costello
 
Omi sido-beyond-the-basics-of-website-migration.pptx
Omi sido-beyond-the-basics-of-website-migration.pptxOmi sido-beyond-the-basics-of-website-migration.pptx
Omi sido-beyond-the-basics-of-website-migration.pptxOmi Sido
 
Google Tag Manager Crash Course | MnSummit
Google Tag Manager Crash Course | MnSummitGoogle Tag Manager Crash Course | MnSummit
Google Tag Manager Crash Course | MnSummitMike Arnesen
 
Using Your Blog to Build Links Through Interviews
Using Your Blog to Build Links Through InterviewsUsing Your Blog to Build Links Through Interviews
Using Your Blog to Build Links Through Interviewsscbarrus
 
Searchlove London 2016 - The Changing Landscape of Mobile Search - Bridget Ra...
Searchlove London 2016 - The Changing Landscape of Mobile Search - Bridget Ra...Searchlove London 2016 - The Changing Landscape of Mobile Search - Bridget Ra...
Searchlove London 2016 - The Changing Landscape of Mobile Search - Bridget Ra...Bridget Randolph
 
SMC Presentations: 5 Star Secrets
SMC Presentations: 5 Star SecretsSMC Presentations: 5 Star Secrets
SMC Presentations: 5 Star SecretsDan Gardeen
 
Big budget Link Building: Advanced Analysis
Big budget Link Building: Advanced AnalysisBig budget Link Building: Advanced Analysis
Big budget Link Building: Advanced AnalysisRand Fishkin
 
The inbounder London - 2. May 2017 Tom Anthony
The inbounder London - 2. May 2017 Tom Anthony The inbounder London - 2. May 2017 Tom Anthony
The inbounder London - 2. May 2017 Tom Anthony We Are Marketing
 
Google presentation to Hacks/Hackers London
Google presentation to Hacks/Hackers LondonGoogle presentation to Hacks/Hackers London
Google presentation to Hacks/Hackers Londonjoannageary
 
ReadingSEO - 14th of November - Master Deck
ReadingSEO - 14th of November - Master DeckReadingSEO - 14th of November - Master Deck
ReadingSEO - 14th of November - Master DeckMatt Williamson
 
Modern Day Link Building by Jon Cooper
Modern Day Link Building by Jon CooperModern Day Link Building by Jon Cooper
Modern Day Link Building by Jon CooperGlen Dimaandal
 
Building your outreach machine
Building your outreach machineBuilding your outreach machine
Building your outreach machineMichael King
 
How To Tackle Enterprise Sites - Rachel Costello, Technical SEO, DeepCrawl
How To Tackle Enterprise Sites - Rachel Costello, Technical SEO, DeepCrawlHow To Tackle Enterprise Sites - Rachel Costello, Technical SEO, DeepCrawl
How To Tackle Enterprise Sites - Rachel Costello, Technical SEO, DeepCrawlDeepCrawl
 
The Incredible World Of Voice Search In Less Than 15 Minutes
The Incredible World Of Voice Search In Less Than 15 MinutesThe Incredible World Of Voice Search In Less Than 15 Minutes
The Incredible World Of Voice Search In Less Than 15 MinutesJohn Lincoln
 
Links for SEO in 2018 - Christoph C. Cemper at London Affiliate Conference 2018
Links for SEO in 2018 - Christoph C. Cemper at London Affiliate Conference 2018Links for SEO in 2018 - Christoph C. Cemper at London Affiliate Conference 2018
Links for SEO in 2018 - Christoph C. Cemper at London Affiliate Conference 2018Christoph C. Cemper
 

La actualidad más candente (20)

Getting Buy-In for Content Marketing (MozCon Remix)
Getting Buy-In for Content Marketing (MozCon Remix)Getting Buy-In for Content Marketing (MozCon Remix)
Getting Buy-In for Content Marketing (MozCon Remix)
 
HOW TO INCREASE YOUR TRAFFIC 5X WITH THIS ONE SEO METHOD
HOW TO INCREASE YOUR TRAFFIC 5X WITH THIS ONE SEO METHODHOW TO INCREASE YOUR TRAFFIC 5X WITH THIS ONE SEO METHOD
HOW TO INCREASE YOUR TRAFFIC 5X WITH THIS ONE SEO METHOD
 
Pubcon Las Vegas Technical SEO
Pubcon Las Vegas Technical SEOPubcon Las Vegas Technical SEO
Pubcon Las Vegas Technical SEO
 
Technical SEO for a Mobile First World
Technical SEO for a Mobile First WorldTechnical SEO for a Mobile First World
Technical SEO for a Mobile First World
 
Conflicting Website Signals & Confused Search Engines - Rachel Costello, Tech...
Conflicting Website Signals & Confused Search Engines - Rachel Costello, Tech...Conflicting Website Signals & Confused Search Engines - Rachel Costello, Tech...
Conflicting Website Signals & Confused Search Engines - Rachel Costello, Tech...
 
Omi sido-beyond-the-basics-of-website-migration.pptx
Omi sido-beyond-the-basics-of-website-migration.pptxOmi sido-beyond-the-basics-of-website-migration.pptx
Omi sido-beyond-the-basics-of-website-migration.pptx
 
Google Tag Manager Crash Course | MnSummit
Google Tag Manager Crash Course | MnSummitGoogle Tag Manager Crash Course | MnSummit
Google Tag Manager Crash Course | MnSummit
 
Using Your Blog to Build Links Through Interviews
Using Your Blog to Build Links Through InterviewsUsing Your Blog to Build Links Through Interviews
Using Your Blog to Build Links Through Interviews
 
Searchlove London 2016 - The Changing Landscape of Mobile Search - Bridget Ra...
Searchlove London 2016 - The Changing Landscape of Mobile Search - Bridget Ra...Searchlove London 2016 - The Changing Landscape of Mobile Search - Bridget Ra...
Searchlove London 2016 - The Changing Landscape of Mobile Search - Bridget Ra...
 
SMC Presentations: 5 Star Secrets
SMC Presentations: 5 Star SecretsSMC Presentations: 5 Star Secrets
SMC Presentations: 5 Star Secrets
 
Big budget Link Building: Advanced Analysis
Big budget Link Building: Advanced AnalysisBig budget Link Building: Advanced Analysis
Big budget Link Building: Advanced Analysis
 
The inbounder London - 2. May 2017 Tom Anthony
The inbounder London - 2. May 2017 Tom Anthony The inbounder London - 2. May 2017 Tom Anthony
The inbounder London - 2. May 2017 Tom Anthony
 
Google presentation to Hacks/Hackers London
Google presentation to Hacks/Hackers LondonGoogle presentation to Hacks/Hackers London
Google presentation to Hacks/Hackers London
 
ReadingSEO - 14th of November - Master Deck
ReadingSEO - 14th of November - Master DeckReadingSEO - 14th of November - Master Deck
ReadingSEO - 14th of November - Master Deck
 
Modern Day Link Building by Jon Cooper
Modern Day Link Building by Jon CooperModern Day Link Building by Jon Cooper
Modern Day Link Building by Jon Cooper
 
Building your outreach machine
Building your outreach machineBuilding your outreach machine
Building your outreach machine
 
Google News & How To Make It Work For You
Google News & How To Make It Work For YouGoogle News & How To Make It Work For You
Google News & How To Make It Work For You
 
How To Tackle Enterprise Sites - Rachel Costello, Technical SEO, DeepCrawl
How To Tackle Enterprise Sites - Rachel Costello, Technical SEO, DeepCrawlHow To Tackle Enterprise Sites - Rachel Costello, Technical SEO, DeepCrawl
How To Tackle Enterprise Sites - Rachel Costello, Technical SEO, DeepCrawl
 
The Incredible World Of Voice Search In Less Than 15 Minutes
The Incredible World Of Voice Search In Less Than 15 MinutesThe Incredible World Of Voice Search In Less Than 15 Minutes
The Incredible World Of Voice Search In Less Than 15 Minutes
 
Links for SEO in 2018 - Christoph C. Cemper at London Affiliate Conference 2018
Links for SEO in 2018 - Christoph C. Cemper at London Affiliate Conference 2018Links for SEO in 2018 - Christoph C. Cemper at London Affiliate Conference 2018
Links for SEO in 2018 - Christoph C. Cemper at London Affiliate Conference 2018
 

Destacado

Local Targeting for Global Reach - Pubcon 2016
Local Targeting for Global Reach - Pubcon 2016Local Targeting for Global Reach - Pubcon 2016
Local Targeting for Global Reach - Pubcon 2016Bryant Goodall
 
How small businesses can compete with Bigger Brands
How small businesses can compete with Bigger BrandsHow small businesses can compete with Bigger Brands
How small businesses can compete with Bigger BrandsDamon Gochneaur
 
How We Create Epic Stories in Marketing
How We Create Epic Stories in MarketingHow We Create Epic Stories in Marketing
How We Create Epic Stories in MarketingCasey Markee, MBA
 
How to Build Kickass Ads That Convert Like Crazy
How to Build Kickass Ads That Convert Like CrazyHow to Build Kickass Ads That Convert Like Crazy
How to Build Kickass Ads That Convert Like CrazyErin Sagin
 
Pubcon - Localized Geotargeting with AdWords
Pubcon - Localized Geotargeting with AdWordsPubcon - Localized Geotargeting with AdWords
Pubcon - Localized Geotargeting with AdWordsSusan Wenograd
 
Advanced Facebook Advertising Techniques
Advanced Facebook Advertising TechniquesAdvanced Facebook Advertising Techniques
Advanced Facebook Advertising TechniquesAshley Segura
 
How to Prepare & Succeed in Social Media Customer Service
How to Prepare & Succeed in Social Media Customer ServiceHow to Prepare & Succeed in Social Media Customer Service
How to Prepare & Succeed in Social Media Customer ServiceVictoria Edwards
 
The International Content Success Kit #PubCon
The International Content Success Kit #PubConThe International Content Success Kit #PubCon
The International Content Success Kit #PubConAleyda Solís
 
Social Customer Service: Pubcon Las Vegas 2016 by Melissa Fach
Social Customer Service: Pubcon Las Vegas 2016 by Melissa FachSocial Customer Service: Pubcon Las Vegas 2016 by Melissa Fach
Social Customer Service: Pubcon Las Vegas 2016 by Melissa FachMelissaFach
 
Sloth's Superman Tips for Local SEO
Sloth's Superman Tips for Local SEOSloth's Superman Tips for Local SEO
Sloth's Superman Tips for Local SEOGreg Gifford
 
Why A Press Release Is Not A Blog Post - And Why It Matters
Why A Press Release Is Not A Blog Post - And Why It MattersWhy A Press Release Is Not A Blog Post - And Why It Matters
Why A Press Release Is Not A Blog Post - And Why It MattersSha Menz
 
The 2016 - 2017 Guide to Visual Content Marketing
The 2016 - 2017 Guide to Visual Content MarketingThe 2016 - 2017 Guide to Visual Content Marketing
The 2016 - 2017 Guide to Visual Content MarketingMatt Siltala
 
Pubcon Las Vegas 2016 - The intersection of SEO & CRO
Pubcon Las Vegas 2016 - The intersection of SEO & CROPubcon Las Vegas 2016 - The intersection of SEO & CRO
Pubcon Las Vegas 2016 - The intersection of SEO & CROAnt Robinson
 
Pubcon Las Vegas 2016: Content, Search and Social Interplay
Pubcon Las Vegas 2016: Content, Search and Social InterplayPubcon Las Vegas 2016: Content, Search and Social Interplay
Pubcon Las Vegas 2016: Content, Search and Social InterplayMaggie Malek
 
Beyond SEO: Proximity Marketing With Bluetooth Beacons
Beyond SEO: Proximity Marketing With Bluetooth BeaconsBeyond SEO: Proximity Marketing With Bluetooth Beacons
Beyond SEO: Proximity Marketing With Bluetooth BeaconsGreg Gifford
 
The Art of Storytelling | Pubcon 2016
The Art of Storytelling | Pubcon 2016The Art of Storytelling | Pubcon 2016
The Art of Storytelling | Pubcon 2016Katy Katz
 
Pubcon - Targeting on the Google Display Network
Pubcon - Targeting on the Google Display NetworkPubcon - Targeting on the Google Display Network
Pubcon - Targeting on the Google Display NetworkSusan Wenograd
 
Omni-Channel Digital Marketing at Pubcon Las Vegas 2016
Omni-Channel Digital Marketing at Pubcon Las Vegas 2016Omni-Channel Digital Marketing at Pubcon Las Vegas 2016
Omni-Channel Digital Marketing at Pubcon Las Vegas 2016Rhea Drysdale
 
Social Virtual Reality - Pubcon 2016
Social Virtual Reality - Pubcon 2016Social Virtual Reality - Pubcon 2016
Social Virtual Reality - Pubcon 2016Digital Strategist
 
Pubcon 2016 - How SEO's can Use PPC to hit their goals
Pubcon 2016 - How SEO's can Use PPC to hit their goalsPubcon 2016 - How SEO's can Use PPC to hit their goals
Pubcon 2016 - How SEO's can Use PPC to hit their goalsWil Reynolds
 

Destacado (20)

Local Targeting for Global Reach - Pubcon 2016
Local Targeting for Global Reach - Pubcon 2016Local Targeting for Global Reach - Pubcon 2016
Local Targeting for Global Reach - Pubcon 2016
 
How small businesses can compete with Bigger Brands
How small businesses can compete with Bigger BrandsHow small businesses can compete with Bigger Brands
How small businesses can compete with Bigger Brands
 
How We Create Epic Stories in Marketing
How We Create Epic Stories in MarketingHow We Create Epic Stories in Marketing
How We Create Epic Stories in Marketing
 
How to Build Kickass Ads That Convert Like Crazy
How to Build Kickass Ads That Convert Like CrazyHow to Build Kickass Ads That Convert Like Crazy
How to Build Kickass Ads That Convert Like Crazy
 
Pubcon - Localized Geotargeting with AdWords
Pubcon - Localized Geotargeting with AdWordsPubcon - Localized Geotargeting with AdWords
Pubcon - Localized Geotargeting with AdWords
 
Advanced Facebook Advertising Techniques
Advanced Facebook Advertising TechniquesAdvanced Facebook Advertising Techniques
Advanced Facebook Advertising Techniques
 
How to Prepare & Succeed in Social Media Customer Service
How to Prepare & Succeed in Social Media Customer ServiceHow to Prepare & Succeed in Social Media Customer Service
How to Prepare & Succeed in Social Media Customer Service
 
The International Content Success Kit #PubCon
The International Content Success Kit #PubConThe International Content Success Kit #PubCon
The International Content Success Kit #PubCon
 
Social Customer Service: Pubcon Las Vegas 2016 by Melissa Fach
Social Customer Service: Pubcon Las Vegas 2016 by Melissa FachSocial Customer Service: Pubcon Las Vegas 2016 by Melissa Fach
Social Customer Service: Pubcon Las Vegas 2016 by Melissa Fach
 
Sloth's Superman Tips for Local SEO
Sloth's Superman Tips for Local SEOSloth's Superman Tips for Local SEO
Sloth's Superman Tips for Local SEO
 
Why A Press Release Is Not A Blog Post - And Why It Matters
Why A Press Release Is Not A Blog Post - And Why It MattersWhy A Press Release Is Not A Blog Post - And Why It Matters
Why A Press Release Is Not A Blog Post - And Why It Matters
 
The 2016 - 2017 Guide to Visual Content Marketing
The 2016 - 2017 Guide to Visual Content MarketingThe 2016 - 2017 Guide to Visual Content Marketing
The 2016 - 2017 Guide to Visual Content Marketing
 
Pubcon Las Vegas 2016 - The intersection of SEO & CRO
Pubcon Las Vegas 2016 - The intersection of SEO & CROPubcon Las Vegas 2016 - The intersection of SEO & CRO
Pubcon Las Vegas 2016 - The intersection of SEO & CRO
 
Pubcon Las Vegas 2016: Content, Search and Social Interplay
Pubcon Las Vegas 2016: Content, Search and Social InterplayPubcon Las Vegas 2016: Content, Search and Social Interplay
Pubcon Las Vegas 2016: Content, Search and Social Interplay
 
Beyond SEO: Proximity Marketing With Bluetooth Beacons
Beyond SEO: Proximity Marketing With Bluetooth BeaconsBeyond SEO: Proximity Marketing With Bluetooth Beacons
Beyond SEO: Proximity Marketing With Bluetooth Beacons
 
The Art of Storytelling | Pubcon 2016
The Art of Storytelling | Pubcon 2016The Art of Storytelling | Pubcon 2016
The Art of Storytelling | Pubcon 2016
 
Pubcon - Targeting on the Google Display Network
Pubcon - Targeting on the Google Display NetworkPubcon - Targeting on the Google Display Network
Pubcon - Targeting on the Google Display Network
 
Omni-Channel Digital Marketing at Pubcon Las Vegas 2016
Omni-Channel Digital Marketing at Pubcon Las Vegas 2016Omni-Channel Digital Marketing at Pubcon Las Vegas 2016
Omni-Channel Digital Marketing at Pubcon Las Vegas 2016
 
Social Virtual Reality - Pubcon 2016
Social Virtual Reality - Pubcon 2016Social Virtual Reality - Pubcon 2016
Social Virtual Reality - Pubcon 2016
 
Pubcon 2016 - How SEO's can Use PPC to hit their goals
Pubcon 2016 - How SEO's can Use PPC to hit their goalsPubcon 2016 - How SEO's can Use PPC to hit their goals
Pubcon 2016 - How SEO's can Use PPC to hit their goals
 

Similar a Word Press Security Audits

Steps to Keep Your Site Clean
Steps to Keep Your Site CleanSteps to Keep Your Site Clean
Steps to Keep Your Site CleanSucuri
 
2018 Hacked Website Trends
2018 Hacked Website Trends2018 Hacked Website Trends
2018 Hacked Website TrendsSucuri
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteImperva Incapsula
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupOyster Bay Marauders LLC
 
Sucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital MarketersSucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital MarketersSucuri
 
Security Presentation for Boulder WordPress Meetup
Security Presentation for Boulder WordPress MeetupSecurity Presentation for Boulder WordPress Meetup
Security Presentation for Boulder WordPress MeetupAngela Bowman
 
Your WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you checkYour WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you checkAngela Bowman
 
Hack miami emiliocasbas
Hack miami emiliocasbasHack miami emiliocasbas
Hack miami emiliocasbasEmilio Casbas
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportChris Taylor
 
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docxLab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docxLaticiaGrissomzz
 
Top 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanTop 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanAkash Mahajan
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From HacksTony Perez
 
MR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPressMR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPressFFRI, Inc.
 
My Top WordPress Plugins
My Top WordPress PluginsMy Top WordPress Plugins
My Top WordPress PluginsJoe Casabona
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
 
New social media tools to check out
New social media tools to check out New social media tools to check out
New social media tools to check out Brian Pichman
 
Types of Security Threats WordPress Websites Face - Part 2
Types of Security Threats WordPress Websites Face - Part 2Types of Security Threats WordPress Websites Face - Part 2
Types of Security Threats WordPress Websites Face - Part 2WPWhiteBoard
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 

Similar a Word Press Security Audits (20)

Steps to Keep Your Site Clean
Steps to Keep Your Site CleanSteps to Keep Your Site Clean
Steps to Keep Your Site Clean
 
2018 Hacked Website Trends
2018 Hacked Website Trends2018 Hacked Website Trends
2018 Hacked Website Trends
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP Meetup
 
HackAvert
HackAvertHackAvert
HackAvert
 
Sucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital MarketersSucuri Webinar: Website Security Primer for Digital Marketers
Sucuri Webinar: Website Security Primer for Digital Marketers
 
Security Presentation for Boulder WordPress Meetup
Security Presentation for Boulder WordPress MeetupSecurity Presentation for Boulder WordPress Meetup
Security Presentation for Boulder WordPress Meetup
 
Your WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you checkYour WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you check
 
Hack miami emiliocasbas
Hack miami emiliocasbasHack miami emiliocasbas
Hack miami emiliocasbas
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_Report
 
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docxLab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
 
Top 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajanTop 10 web application security risks akash mahajan
Top 10 web application security risks akash mahajan
 
WordPress security
WordPress securityWordPress security
WordPress security
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From Hacks
 
MR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPressMR201504 Web Defacing Attacks Targeting WordPress
MR201504 Web Defacing Attacks Targeting WordPress
 
My Top WordPress Plugins
My Top WordPress PluginsMy Top WordPress Plugins
My Top WordPress Plugins
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
 
New social media tools to check out
New social media tools to check out New social media tools to check out
New social media tools to check out
 
Types of Security Threats WordPress Websites Face - Part 2
Types of Security Threats WordPress Websites Face - Part 2Types of Security Threats WordPress Websites Face - Part 2
Types of Security Threats WordPress Websites Face - Part 2
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
 

Más de Kristine Schachinger SEO and Online Marketing

Más de Kristine Schachinger SEO and Online Marketing (20)

Google, Updates, AI, Algorithms, and You.
Google, Updates, AI, Algorithms, and You.Google, Updates, AI, Algorithms, and You.
Google, Updates, AI, Algorithms, and You.
 
Technical SEO: How Anomalies Are Your New Best Friend."
Technical SEO: How Anomalies Are Your New Best Friend." Technical SEO: How Anomalies Are Your New Best Friend."
Technical SEO: How Anomalies Are Your New Best Friend."
 
Google, Machine Learning, Algorithms, and You.
Google, Machine Learning, Algorithms, and You.Google, Machine Learning, Algorithms, and You.
Google, Machine Learning, Algorithms, and You.
 
Core Updates: What are they? How do you recover from one?
Core Updates: What are they? How do you recover from one?Core Updates: What are they? How do you recover from one?
Core Updates: What are they? How do you recover from one?
 
Google Machine Learning Algorithms and SEO
Google Machine Learning Algorithms and SEOGoogle Machine Learning Algorithms and SEO
Google Machine Learning Algorithms and SEO
 
ChatGPT Training Session
ChatGPT Training SessionChatGPT Training Session
ChatGPT Training Session
 
ChatGPT: The Hype vs Reality
ChatGPT: The Hype vs Reality ChatGPT: The Hype vs Reality
ChatGPT: The Hype vs Reality
 
Unlocking the Power of ChatGPT
Unlocking the Power of ChatGPTUnlocking the Power of ChatGPT
Unlocking the Power of ChatGPT
 
Social Media in the Age of Disinformation
Social Media in the Age of Disinformation Social Media in the Age of Disinformation
Social Media in the Age of Disinformation
 
Core Updates: Google's New Spam and How to Recover Your Traffic.
Core Updates: Google's New Spam and How to Recover Your Traffic.Core Updates: Google's New Spam and How to Recover Your Traffic.
Core Updates: Google's New Spam and How to Recover Your Traffic.
 
How Did We Get to Sesame Street? Google's Search for NLP.
How Did We Get to Sesame Street? Google's Search for NLP. How Did We Get to Sesame Street? Google's Search for NLP.
How Did We Get to Sesame Street? Google's Search for NLP.
 
The Death of the Keyword: In Search of NLP -- Presented at Ungagged London Ap...
The Death of the Keyword: In Search of NLP -- Presented at Ungagged London Ap...The Death of the Keyword: In Search of NLP -- Presented at Ungagged London Ap...
The Death of the Keyword: In Search of NLP -- Presented at Ungagged London Ap...
 
In Search of Natural Language Processing: Rank Brain, Google, SEO, and You.
In Search of Natural Language Processing: Rank Brain, Google, SEO, and You.In Search of Natural Language Processing: Rank Brain, Google, SEO, and You.
In Search of Natural Language Processing: Rank Brain, Google, SEO, and You.
 
Ungagged UK Talk - Google in a Post Update and Mobile First World.
Ungagged UK Talk - Google in a Post Update and Mobile First World.Ungagged UK Talk - Google in a Post Update and Mobile First World.
Ungagged UK Talk - Google in a Post Update and Mobile First World.
 
Search Leeds Talk - Entities, Search, and Rank Brain: How it works and why it...
Search Leeds Talk - Entities, Search, and Rank Brain: How it works and why it...Search Leeds Talk - Entities, Search, and Rank Brain: How it works and why it...
Search Leeds Talk - Entities, Search, and Rank Brain: How it works and why it...
 
Links: Where We Are. Where We Are Going. A Look at Google Algorithms, SEO, an...
Links: Where We Are. Where We Are Going. A Look at Google Algorithms, SEO, an...Links: Where We Are. Where We Are Going. A Look at Google Algorithms, SEO, an...
Links: Where We Are. Where We Are Going. A Look at Google Algorithms, SEO, an...
 
Ungagged - Busting Google's Blackbox 2017
Ungagged - Busting Google's Blackbox 2017Ungagged - Busting Google's Blackbox 2017
Ungagged - Busting Google's Blackbox 2017
 
Intro to Google, SEO, and You in 2017
Intro to Google, SEO, and You in 2017Intro to Google, SEO, and You in 2017
Intro to Google, SEO, and You in 2017
 
Solving Complex SEO Problems When Standard Fixes Do Not Appl
Solving Complex SEO Problems When Standard Fixes Do Not ApplSolving Complex SEO Problems When Standard Fixes Do Not Appl
Solving Complex SEO Problems When Standard Fixes Do Not Appl
 
Technical Site Audits
Technical Site AuditsTechnical Site Audits
Technical Site Audits
 

Último

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 

Último (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

Word Press Security Audits

  • 1. #pubcon @schachin Word Press Security Audits Kristine Schachinger @schachin kristine@siteswithoutwalls.com
  • 2. #pubcon @schachin Word Press is used by between 25-30% of sites.
  • 4. #pubcon @schachin State of Security • As of March 2016, Google reports that over 50 million website users have been greeted with some form of warning that websites visited were either trying to steal information or install malicious software. In March 2015, that number was 17 million. Google currently blacklists close to ~20,000 websites a week for malware and another ~50,000 a week for phishing. PhishTank alone flags over 2,000 websites a week for phishing. https://sucuri.net/website-security/Reports/Sucuri-Website-Hacked-Report-2016Q1.pdf
  • 5. #pubcon @schachin Word Press is used by between 25-30% of sites (or 10 million if Gary Ilyes is correct – either or it is a lot! )
  • 6. #pubcon @schachin “Over a third of the websites online are powered by four key platforms: WordPress, Joomla!, Drupal, and Magento. WordPress is leading the CMS market with over 60% market share. This explosion and dominance by WordPress is facilitated by global-user adoption, a highly extensible platform and focus on end users. Other platform technologies have experienced growth in more niche markets, like Magento in the online commerce domain with large and enterprise organizations, and Drupal in large, enterprise, and federal organizations.” https://sucuri.net/website-security/Reports/Sucuri-Website-Hacked-Report-2016Q1.pdf WordPress is King!
  • 12. #pubcon @schachin https://sucuri.net/website-security/Reports/Sucuri-Website-Hacked-Report-2016Q1.pdf Approximately 31% of all infection cases are misused for SEO Spam campaigns (either through PHP, Database injections or.htaccess redirections) where the site was infected with spam content or redirected visitors to spam-specific pages. The content used is often in the form of Pharmaceutical ad placements (i.e., erectile dysfunction, Viagra, Cialis, etc...) and includes others injections for industries like Fashion and Entertainment (i.e., Casino, Porn). #1 REASON for Getting Hacked on WordPress – SEO SPAM!
  • 16. #pubcon @schachin WordPress Has A Lot Of Low Hanging Fruit
  • 17. #pubcon @schachin • SEO - multiple uses here including DDOS • SPAM – site used to send SPAM emails • MALWARE – hides the origin of the malware • THEFT – Passwords, credit card information, banking information, etc. • ATTACKING OTHER SITES – Sometimes a hacker’s objective is to make a website unavailable to users. Why Would Anyone Want to Hack Your Word Press Website?
  • 19. #pubcon @schachin http://www.wptemplate.com/wp-content/uploads/2013/07/Safety-and-Security-of-Word Press-Blog-Infographic.jpg • 41% by hosting platform vulnerabilities • 29% by means of an insecure theme • 22% via a vulnerable plugin • 8% because of weak passwords How Do WordPress Sites Get Hacked?
  • 20. #pubcon @schachin Low Hanging Fruit – Gets Picked
  • 21. #pubcon @schachin Don’t Be Low Hanging Fruit
  • 23. #pubcon @schachin Analysis = Audit Need to review •Access •Security (Walls) •Hosting •Logins •Plugins
  • 24. #pubcon @schachin • Secure WPConfig. Makes accessing specific parts or your Word Press installation more difficult. Secure your wp- config.php file by moving it one directory above your Word Press installation. • File Editor. Disable the File Editor in the Word Press Admin panel which means a hacker will require FTP access to access core and theme files. • Limit Roles. Limiting access also includes the use of appropriate user roles. Don’t assign an administrator role unless a person actually requires admin functionality. Access – Has it been limited?
  • 25. #pubcon @schachin State of Security “… out of the 11,000 + infected websites analyzed, 75% of them were on the WordPress platform and over 50% of those websites were out of date. Compare that to other similar platforms that placed less emphasis on backwards compatability, like Joomla! and Drupal, the percentage of out-of-date software was above 80%.” ~ Sucuri https://sucuri.net/website-security/Reports/Sucuri-Website-Hacked-Report-2016Q1.pdf
  • 26. #pubcon @schachin Update. Update. Update. Typical biggest hole in a WordPress site. Update not only only WordPress, but … - Inactive themes and plugins (better to delete) - Plugins - Check that all plugins have updates - If a plugin has not been updated in some time take it off the site. Good example is W3Cache Security
  • 27. #pubcon @schachin Two Most Popular Security Tools • WordFence. – one of the most popular security plug-ins. • Sucuri – step above just a security plug-in with their paid service you get 24/7 server side monitoring including databases and file changes • Here are list of other Malware tools for Word Press. Security Plug-Ins
  • 28. #pubcon @schachin BE VERY CAREFUL TO NEVER use the ONLY WHITE LIST IPs setting in any security plug-in. You can block unknown IPs for search engine crawlers Security Plug-Ins
  • 30. #pubcon @schachin Hosting is one of the most important ways to prevent hacking attempts. What should I look for in a good host? • Database Support. Besides supporting the latest versions of PHP and MySQL. • Security & Malware Scanning. They should perform regular scans for malware • Backups. Company should give perform daily backups. • Site Support. Helpful to have support to chat with if your site does get hacked • WordPress Hosting Specific. WordPress has a unique set of issues not only with security, but with how it loads. WordPress providers have specialized in addressing these issues. Review of hosting providers. https://fancythemes.com/best-wordpress-hosting-providers/ Hosting
  • 32. #pubcon @schachin • SSL (HTTPS) is an added layer of security on your site and provides a slight ranking boost in Google. • Don’t get FREE Certificates. Go to a reputable hosting company and purchase one. • SEO Caveat. There are many SEO issues related to moving from http to https, so make sure you have checked off those. – Aleyda Solis has created an excellent checklist. https://docs.google.com/spreadsheets/d/1XB26X_wFoBBlQEqecj7HB79hQ7DTLIPo97SS5irwsK8/edit#gid=1975121463 Hosting + SSL
  • 34. #pubcon @schachin Securing your Logins. • Frequently change your passwords • Avoid using the admin username • Create a strong password • Force users to use strong passwords with Force Strong Passwords • Store passwords in a secure place like LastPass You can take it one step further and … • Limit login attempts. Plugins like Wordfence, Sucuri, Login LockDown and Login Security Solution enable you to constrain the number of login attempts from a single IP address within a certain amount of time. Perfect for keeping brute force attacks at bay. • Employ two-step authentication. Adds a second layer of security that can only be passed by means of your cell phone, social network account or else. Options include Duo Two-Factor Authentication, OpenID, and Clef. • Hide your login page. Moving wp-admin and wp-login to non-standard addresses makes it harder for hackers to attack them. You can do so via Rename wp-login.php, HideLogin+ or Lockdown WP Admin. http://torquemag.io/2016/03/wordpress-sites-hacked/ Logins
  • 36. #pubcon @schachin Plugins These were the top three out of date, vulnerable, plugins at the point in which a website engaged Sucuri for incident response services https://sucuri.net/website-security/Reports/Sucuri-Website-Hacked-Report-2016Q1.pdf
  • 37. #pubcon @schachin Hosting is one of the most important ways to prevent hacking attempts. There is … • Get it from a known source like Yoast, Scuri, Wordfence – Hackers, SEO, Affiliate Marketers, others create legitimate plugins to get backdoor access to your site • Check last update by developer – If it has not been updated recently, it is likely vulnerable. • Check reviews sometimes good plugins go bad • Check number of installations Plugins
  • 39. #pubcon @schachin Add SALTs To wp-config.php • Word Press security keys were introduced in Word Press 2.6. • SALTs encrypt user cookies and make it more difficult to access this data The keys go into your wp-config.php file here http://torquemag.io/2016/03/wordpress-sites-hacked/ Advanced
  • 40. #pubcon @schachin Add SALTs To wp-config.php cont. Replace them with code from the Word Press SALT generator and you get something like this .. http://torquemag.io/2016/03/wordpress-sites-hacked/ Advanced
  • 41. #pubcon @schachin Hide Your WP Version Number • Word Press adds a meta tag to your site’s head section that shows off which version of the CMS you are running. Knowing what version you are using helps hackers know what vulnerabilities are in your site. Below is a useful piece of code that stops Word Press from doing so: – remove_action('wp_head', 'wp_generator'); Just add it to your functions.php file and you are done with it. http://torquemag.io/2016/03/wordpress-sites-hacked/ Advanced
  • 42. #pubcon @schachin Word Press Security Audits Kristine Schachinger @schachin kristine@siteswithoutwalls.com