SlideShare una empresa de Scribd logo

Wordcampcolumbus 2009

Brian Lockrey
Brian Lockrey

WordCamp Columbus Presentation: Internet Security for Bloggers and Podcasters May 16, 2009 Brian Lockrey http://assistcoach.com

Tecnología
1 de 20
Descargar para leer sin conexión
Internet Security for Bloggers and Podcasters Brian Lockrey http://AssistCoach.com
Overview Blog Security WordPress Social Networking Micro-Blogging Podcasts Advertising Best Practices
Blog Security: WordPress WordPress Security: Google 11,800,000 Very Popular Platform Prime Target for Hackers SEO: Search Engine Optimization Traffic Redirection Links to Pharmacy / Adult sites Graphics Replacement Ad / Affiliate Redirection Many others…
Blog Security: WordPress You are on their hit list! Game… Like you play Guitar Hero… Always run the latest versions Backdoor entry points Passwords for users are downloaded Open Source Software Backups are essential Frequent updates are essential Many others…
Blog Security: WordPress Monitor log files Block probers if you can Delete meta tag that displays WP version “Powered by WordPress” Private site or hosted? WordPress.com What is your Time worth? What is your Blog worth?
Blog Security: WordPress Turn off Open Registration WP 2.5+ has better password encryption Use a Strong admin password! Limit Search on your server Protect Directories from public browsing Drop the version string in Meta Tags
Blog Security: WordPress Limitwp-admin access by IP address Protect using .htaccess Protect your MySQL database Use SSH/Shell access, not FTP Use SFTP uploads if you can Use VPN if you can Never use Telnet!
Hosting Platform? Use Linux / Apache if you can Do NOT use Microsoft Windows Automattic PollDaddy migration PollDaddy .NET / SQL to PHP/MySQL Automattic has 1,200 servers in use Per Matt’s Blog - Stable and Scalable
WordPress: Internals PHP MySQL Known Database Schema Known Class and Function Names Known File Names Known Folder Names
WordPress: Internals PHP – Must be kept updated MySQL – Must be kept updated OpenSource Software more secure Security Through Transparency Millions of people looking at it Often fixed quickly
WordPress: Look For? The Obvious PlugIns that you did not install header.php changes Search Engine redirection (hard to detect) Spammers may hide text View HTML Source Code Google records your “bad” content
WordPress: Look For More? New Directories Your RSS feeds Search Engines Google = link:twittgroups.com Digg, StumbleUpon Many others…
If You Get Hacked? Justa matter of time Change ALL passwords Backup databases Update software quickly Shut down site. Maybe… Email to security@wordpress.com
WordPress: Plugins / Widgets Only use what you can trust Watch for suspicious activity WP Security Scan File Permissions Database Security XSS vulnerabilities Many others…
Comment Boxes / Widgets Comment Spam Login Required reCHAPTCHA codes Google Friend Connect OpenID Twitter OAuth Many others…
Advertising On Your Blog Google AdWords / AdSense Others ??? Affiliate Programs Be Careful… WordPress Plugins $5000 per Week? Slim Chance Should you $$$ to Advertise?
Podcasts Reliable Hosting Service Your XML feeds Search Engines Password Protect the Content Folders Will keep out the Google Spiders
Best Practices Software Up To Date! Backup Databases Directory Protection Codes File Protection Codes Remove Install Files Remove Version # Layered Software Do NOT use Microsoft Windows!
Summary Overwhelmed? StartSimple Best Practices Stay Updated Follow the Experts Network with others Collaborate with others
Questions? @AssistCoach

Recomendados

Library Program Technology in Ukraine & Romania
Library Program Technology in Ukraine & RomaniaLibrary Program Technology in Ukraine & Romania
Library Program Technology in Ukraine & RomaniaMark Belinsky
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-securityDigamber Pradhan
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayHeroku
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionPratik Jagdishwala
 
Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]HaMiD Fadaei
 
Website security
Website securityWebsite security
Website securityAkhilesh Kant
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 

Más contenido relacionado

La actualidad más candente

WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017Otto Kekäläinen
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanJeff Hoffman
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITEAcodez IT Solutions
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingOtto Kekäläinen
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPressDre Armeda
 
Use Xdebug to profile PHP
Use Xdebug to profile PHPUse Xdebug to profile PHP
Use Xdebug to profile PHPSeravo
 
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)Bastian Grimm
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home OwnershipDenise (Dee) Teal
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersSeravo
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013Brad Williams
 

La actualidad más candente (20)

WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
 
Security 101
Security 101Security 101
Security 101
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff Hoffman
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP Profiling
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basics
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPress
 
Use Xdebug to profile PHP
Use Xdebug to profile PHPUse Xdebug to profile PHP
Use Xdebug to profile PHP
 
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home Ownership
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
Don't Get Stung
Don't Get StungDon't Get Stung
Don't Get Stung
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developers
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
 

Destacado

Innovation, Education, and Technology
Innovation, Education, and TechnologyInnovation, Education, and Technology
Innovation, Education, and TechnologyDave Shortreed
 
Innovation In Education Using Social Media
Innovation In Education Using Social MediaInnovation In Education Using Social Media
Innovation In Education Using Social MediaBrian Lockrey
 
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...Mónica Edwards Schachter
 
Innovating in Education, Educating for Innovation
Innovating in Education, Educating for InnovationInnovating in Education, Educating for Innovation
Innovating in Education, Educating for InnovationAntonio Dias de Figueiredo
 
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your BusinessBarry Feldman
 

Destacado (6)

PodCamp Ohio 2009
PodCamp Ohio 2009PodCamp Ohio 2009
PodCamp Ohio 2009
 
Innovation, Education, and Technology
Innovation, Education, and TechnologyInnovation, Education, and Technology
Innovation, Education, and Technology
 
Innovation In Education Using Social Media
Innovation In Education Using Social MediaInnovation In Education Using Social Media
Innovation In Education Using Social Media
 
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
 
Innovating in Education, Educating for Innovation
Innovating in Education, Educating for InnovationInnovating in Education, Educating for Innovation
Innovating in Education, Educating for Innovation
 
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
 

Similar a Wordcampcolumbus 2009

Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRFBe Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRFMark Stanton
 
Gmr Highload Presentation Revised
Gmr Highload Presentation RevisedGmr Highload Presentation Revised
Gmr Highload Presentation RevisedOntico
 
Gmr Highload Presentation
Gmr Highload PresentationGmr Highload Presentation
Gmr Highload PresentationOntico
 
Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09heikowebers
 
Whats New In Silverlight 3
Whats New In Silverlight 3Whats New In Silverlight 3
Whats New In Silverlight 3Bruce Johnson
 
Glasgow Reversing Club
Glasgow Reversing ClubGlasgow Reversing Club
Glasgow Reversing Clubepokh
 
Performance, Games, and Distributed Testing in JavaScript
Performance, Games, and Distributed Testing in JavaScriptPerformance, Games, and Distributed Testing in JavaScript
Performance, Games, and Distributed Testing in JavaScriptjeresig
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon praguehernanibf
 
How to set up a Wordpress Blog
How to set up a Wordpress BlogHow to set up a Wordpress Blog
How to set up a Wordpress Blogkichu
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAtlassian
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAtlassian
 
Turbogears Presentation
Turbogears PresentationTurbogears Presentation
Turbogears Presentationdidip
 
The Yahoo Open Stack
The Yahoo Open StackThe Yahoo Open Stack
The Yahoo Open StackMegan Eskey
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Jeff Jones
 
LSG Webinar - 13 Nov 08
LSG Webinar - 13 Nov 08LSG Webinar - 13 Nov 08
LSG Webinar - 13 Nov 08Barry Sampson
 

Similar a Wordcampcolumbus 2009 (20)

Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRFBe Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
 
Gmr Highload Presentation Revised
Gmr Highload Presentation RevisedGmr Highload Presentation Revised
Gmr Highload Presentation Revised
 
Gmr Highload Presentation
Gmr Highload PresentationGmr Highload Presentation
Gmr Highload Presentation
 
Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09
 
PHP & MVC
PHP & MVCPHP & MVC
PHP & MVC
 
Whats New In Silverlight 3
Whats New In Silverlight 3Whats New In Silverlight 3
Whats New In Silverlight 3
 
Glasgow Reversing Club
Glasgow Reversing ClubGlasgow Reversing Club
Glasgow Reversing Club
 
Drupal
DrupalDrupal
Drupal
 
Performance, Games, and Distributed Testing in JavaScript
Performance, Games, and Distributed Testing in JavaScriptPerformance, Games, and Distributed Testing in JavaScript
Performance, Games, and Distributed Testing in JavaScript
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
 
How to set up a Wordpress Blog
How to set up a Wordpress BlogHow to set up a Wordpress Blog
How to set up a Wordpress Blog
 
Mojomojo Talk
Mojomojo TalkMojomojo Talk
Mojomojo Talk
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA Hum
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA Hum
 
SEASR Installation
SEASR InstallationSEASR Installation
SEASR Installation
 
Turbogears Presentation
Turbogears PresentationTurbogears Presentation
Turbogears Presentation
 
The Yahoo Open Stack
The Yahoo Open StackThe Yahoo Open Stack
The Yahoo Open Stack
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!
 
LSG Webinar - 13 Nov 08
LSG Webinar - 13 Nov 08LSG Webinar - 13 Nov 08
LSG Webinar - 13 Nov 08
 
Getting Started: The Installation
Getting Started: The InstallationGetting Started: The Installation
Getting Started: The Installation
 

Último

Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 

Último (20)

Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 

Wordcampcolumbus 2009

  • 1. Internet Security for Bloggers and Podcasters Brian Lockrey http://AssistCoach.com
  • 3. Blog Security: WordPress WordPress Security: Google 11,800,000 Very Popular Platform Prime Target for Hackers SEO: Search Engine Optimization Traffic Redirection Links to Pharmacy / Adult sites Graphics Replacement Ad / Affiliate Redirection Many others…
  • 4. Blog Security: WordPress You are on their hit list! Game… Like you play Guitar Hero… Always run the latest versions Backdoor entry points Passwords for users are downloaded Open Source Software Backups are essential Frequent updates are essential Many others…
  • 5. Blog Security: WordPress Monitor log files Block probers if you can Delete meta tag that displays WP version “Powered by WordPress” Private site or hosted? WordPress.com What is your Time worth? What is your Blog worth?
  • 6. Blog Security: WordPress Turn off Open Registration WP 2.5+ has better password encryption Use a Strong admin password! Limit Search on your server Protect Directories from public browsing Drop the version string in Meta Tags
  • 7. Blog Security: WordPress Limitwp-admin access by IP address Protect using .htaccess Protect your MySQL database Use SSH/Shell access, not FTP Use SFTP uploads if you can Use VPN if you can Never use Telnet!
  • 8. Hosting Platform? Use Linux / Apache if you can Do NOT use Microsoft Windows Automattic PollDaddy migration PollDaddy .NET / SQL to PHP/MySQL Automattic has 1,200 servers in use Per Matt’s Blog - Stable and Scalable
  • 9. WordPress: Internals PHP MySQL Known Database Schema Known Class and Function Names Known File Names Known Folder Names
  • 10. WordPress: Internals PHP – Must be kept updated MySQL – Must be kept updated OpenSource Software more secure Security Through Transparency Millions of people looking at it Often fixed quickly
  • 11. WordPress: Look For? The Obvious PlugIns that you did not install header.php changes Search Engine redirection (hard to detect) Spammers may hide text View HTML Source Code Google records your “bad” content
  • 12. WordPress: Look For More? New Directories Your RSS feeds Search Engines Google = link:twittgroups.com Digg, StumbleUpon Many others…
  • 13. If You Get Hacked? Justa matter of time Change ALL passwords Backup databases Update software quickly Shut down site. Maybe… Email to security@wordpress.com
  • 14. WordPress: Plugins / Widgets Only use what you can trust Watch for suspicious activity WP Security Scan File Permissions Database Security XSS vulnerabilities Many others…
  • 15. Comment Boxes / Widgets Comment Spam Login Required reCHAPTCHA codes Google Friend Connect OpenID Twitter OAuth Many others…
  • 16. Advertising On Your Blog Google AdWords / AdSense Others ??? Affiliate Programs Be Careful… WordPress Plugins $5000 per Week? Slim Chance Should you $$$ to Advertise?
  • 17. Podcasts Reliable Hosting Service Your XML feeds Search Engines Password Protect the Content Folders Will keep out the Google Spiders
  • 18. Best Practices Software Up To Date! Backup Databases Directory Protection Codes File Protection Codes Remove Install Files Remove Version # Layered Software Do NOT use Microsoft Windows!
  • 19. Summary Overwhelmed? StartSimple Best Practices Stay Updated Follow the Experts Network with others Collaborate with others