Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Steps to Keep Your Site Clean

During this presentation, we'll discuss the ins and outs of website security. Using good security practices as a website owner helps keep the entire web environment as clean and safe as possible.

Expect to learn about:

- What website security is and how to approach the subject when making your own plan.
- The various access points and attack surfaces of a website.
- Simple ways to increase security for all website owners.
- Intermediate ways to further secure websites.
- General online security practices and preparedness.

  • Sé el primero en comentar

Steps to Keep Your Site Clean

  1. 1. Steps to a Clean Safe Site Jen Fisher, Product Support Analyst S U C U R I W E B I N A R
  2. 2. Jen Fisher Product Support Analyst Tweet #AskSucuri to @SucuriSecurity W E B I N A R S P E A K E R
  3. 3. Tweet #AskSucuri to @SucuriSecurity In this webinar you will learn: • What website security is and how to approach the subject when making your own plan • The various access points that most websites have • Simple ways to approach website security security • Intermediate ways to approach security • A few ways to increase your general security online
  4. 4. Why is website security important? Accounted for 90% of all websites cleaned by Sucuri in 2018. Authorities detected only 11% of infected sites in 2018, a 6% drop from 2017. Increased by 14% to 51.3%, from 37% in Q3 2016. Increased to 56.4%, from 47% in 2017. WordPress Blacklist SEO Spam General Malware Ecommerce Outdated software continues to be the greatest vulnerability to these targets.
  5. 5. What is website security? • Applied: to content via restrictions • Environmental: linked to security of hardware and work environments • Tangential: related to all accounts and individuals who may interact with content • Flexible: a compromise between existing risks and the level of time and interaction that you want to have • Active: Security is also a practice!
  6. 6. Tweet #AskSucuri to @SucuriSecurity Can’t I just buy a service? Tweet #AskSucuri to @SucuriSecurity
  7. 7. Tweet #AskSucuri to @SucuriSecurity Direct Points of Access What do we need to secure? Clients with hacked sites frequently ask "how did the intruder get in?“ Most sites can be accessed: • Via the hosting account • Via the control panel • Via an FTP, SFTP, or SSH connection • Via your CMS management panel, such as WP Admin • Via the database • Via the internet, publicly
  8. 8. Tweet #AskSucuri to @SucuriSecurity Direct Points of Access How they do they get in? Tangentially, we also need to consider the ways that these elements can be accessed: • Email, for password recovery purposes • Your computer or device and the security there • The browser used on your computer or device • The way your data is being sent (HTTPS) • The security of the server on which your content is stored
  9. 9. Tweet #AskSucuri to @SucuriSecurity Update, Update, Update Preventing the #1 cause of hacks As we mentioned earlier, outdated site elements are the number one cause of website infections. Updating your CMS isn’t the only thing you can do to avoid risks, however! Updates can be applied to: • Content Management Systems • Plugins • Themes • Extensions • Server-side platforms and security
  10. 10. Tweet #AskSucuri to @SucuriSecurity Protecting Your Website Applying updates is helpful, but a fully updated site may still be at risk. Consider: • Avoiding pirated plugins & themes • Removing content that isn't in use • Limiting, monitoring, and auditing access regularly • Using 2FA wherever possible • Using strong random passwords (password managers) • Using only one security plugin • Using non-standard usernames • Applying an SSL
  11. 11. Tweet #AskSucuri to @SucuriSecurity Have a “Plan B” Website security plan If your site is compromised, how can you most effectively react to mitigate the issue? Consider in advance of a compromise: • Points of access • Individuals with access • How you will update all passwords • How updated access can be sent securely • Will a backup save the day? • Assistance resources available to you
  12. 12. Tweet #AskSucuri to @SucuriSecurity Intermediate options • Disallow PHP execution via .htaccess • Disallow file editing in wp-config.php via .htaccess (Sucuri plugin is a good free option) • IP-based limitations to WP-Admin pages • Limited access to wp_includes, images, and uploads folders • Restrict upload capabilities • Avoid renaming file extensions (ie: wp_config.php.bak), voiding restrictions
  13. 13. Tweet #AskSucuri to @SucuriSecurity Fun security for fun internet users! • Use a script blocker • Antivirus programs with active protection • 2-factor authentication • Password managers • Be aware of social engineering & phishing risks • Discuss security requirements • Send sensitive info securely If you’re ever unsure, ask! Most online service providers will have documentation related to security, and the best of those will help formulate a security plan.
  14. 14. Submit your questions to us at any time by tweeting us @SucuriSecurity using the hashtag #AskSucuri