SlideShare una empresa de Scribd logo

Wc maine-slideshare

Joseph Herbrandson
Joseph Herbrandson

Website security is important to everyone who has a website, as well as everyone who uses a website. Whether it gets five visitors a day or five-thousand, hackers are looking to compromise, break, infect and virtually own every website that they can for monetary and social purposes. While the topic seems mysterious to most users, website security is actually a set of simple principles that everyone can adopt to keep their risk at the absolute lowest. Being a WordPress user is a great start, and the discussion will surround habits, practices and techniques to follow to keep a WordPress site secure from hackers and malware.

Tecnología
1 de 26
Descargar para leer sin conexión
WordPress securityfundamentals WORDCAMPMAINE
aboutme Something Joseph Herbrandson Web design and infosec Committed to WordPress and website security since 2008 sucuri security Technical Account Manager - Cleaning up malware and protecting websites from infection everyday - Cleaned, remediated and secured over 5,000 websites Website sucuri.net twitter.com/sucuri_security facebook.com/SucuriSec sucuri.net
sucuri.net Sucurisecurity • SCAN: 3 MILLION DOMANS / MONTH: sitecheck.sucuri.net • block: 33 million / month • CLEAN: 300-500 sites / DAY • Website security: SERVICING OVER 250 THOUSAND DOMAINS • platform agnostic (wordpress, joomla, drupal, etc…) • GLOBAL OPERATIONS 24/7/365 SUPPORT
The state of… theInternet sucuri.net 3 Billion Internet Users world wide 1 billion active sites internetlivestats.com ! 60% of all CMS sites and 22% of all websites are wordpress!
No 0% Threat Rule No such thing as perfect security. If someone REALLY wants in, they will find a way. 0- Day Attacks Brand new attacks using different methods make these impossible to plan for. 0-Day attacks are resolved once it has been studied, and fix has been published. Not just Wordpress! Security starts with everyday practices. All the wrong moves made off of your website, will still affect things on your website! sucuri.net securewp Notes On
Who Are They? Hackersidentities sucuri.net Who are these Guys? - It can be anyone good with computers. - Intelligent and Mischievous; Enterprising and Effective. Where are they from? Most attacks come from Turkey, Syria, Tunisia, Brazil, Russia, China, and even the United States. !
Brute Force sql injection ddos social engineering sucuri.net what’s going on here… commonattacktypes
Hacked? Whyyou It’s nothing Personal Most attacks are automated and done on many websites at a time You're on the list Once you’re a target, you stay a target. Increasing your security is the best way to ask them to LEAVE YOU ALONE sucuri.net
The $Billionspam ! Pharma and spam attacks Viagra, Cialis, and Levitra ads, make marketers over 2 BILLION dollars every year from blackhat methods of infecting websites, and redirecting users to websites selling prescription drugs. ! sucuri.net
Pillarsofsecurity Your Security Frontline Disaster Prevention backups Basic Website Maintenance Staying current Common Sense Policies Access control WordPress Preparation sucuri.net
securedbackups Disaster Prevention Have a backup plan Playing defensively from the back is your best first line defense. Stored Remotely Away from your live server, and the clutches of an intruder. …more than one if possible! The more layers of your backup plan, the less likely it is to fail. Scheduled and Automated Don’t rely on yourself. sucuri.net
backupSolutions Options for Vault Press Web hosting Sucuri Backups sucuri.net BACKUP BUDDY
A little bit about passwordsecurity The tactics Sophisticated Password Guessing easier to crack than you think… ! Password Crack Times: - 8 letters = 52 seconds - 8 nums/letters = 11 minutes - with caps/!@#$… = 3 hours - 12 letters/nums/caps/!@#$ = 2 Thousand years sucuri.net
mostusedpassWords The web’s No. Title Ranking Last Year 1 123456 2 2 password 1 3 12345678 3 4 qwerty 5 5 abc123 4 6 123456789 New 7 111111 9 sucuri.net The following are statistics showing the most used passwords in 2013, documented from lists stolen in major organization security breaches. (SplashData.com)
passwordmanagers Tools of the trade: Lastpass keePass DashLane sucuri.net 1Password
wordpressUpdates The Importance of Your version is your level of security ! Major versus Maintenance releases ! Worried About upgrading? fear not! downgrading is a simple task ! Have an upgrade path sucuri.net As of June 2014: http://w3techs.com/technologies/details/cm-wordpress/3/all 21% 14% 5% 8% 18% 34% 3.0-3.4 3.5 3.6 3.7 3.8 3.9
sucuri.net KnowyourPlugins recent vulnerability disclosures: Update!! All in one SEO Mailpoet custom contact forms wptouch no plugin is SAFE forever! developer vigilance is key keep track of update and change logs consider plugins secured by Sucuri, or other security authorities Plug and Play for hackers!
sucuri.net Server-Side Protection websiteantivirus Malware Scanning SITECHECK: http://sitecheck.sucuri.net VIRUSTOTAL: http://www.virustotal.com wordpress security plugins Sucuri Scanner iThemes Security (Formerly Better WP Security) GOTMLS WEB premium cleanup services Sucuri Website Antivirus Sitelock
Case study cleanup Ftp/sftp File Management Basic file cleanup with FileZilla WordPress Version Archives https://codex.wordpress.org/WordPress_Versions (Google “WordPress versions”) Theme Backups Always know where to find a clean copy of your theme
Infectedsite infection: blackhat seo spam injection Spam is displayed with Javascript turned off. Otherwise it’s hidden! Infection confirmed at the free Sucuri website scanner: http://sitecheck.sucuri.net Cleanup sucuri.net
Cleanup removeandreplace wp-admin and wp-includes These directories are replaceable for cleanup and downgrading versions Replace other core files The other core files outside of these two directories can be uploaded to directly replace their counterparts do not delete wp-config.php or wp-content! These are vital to the functionality of your blog, and cannot be replaced easily, or without a backup. sucuri.net
Cleanup removeandreplace pt.2 find your theme Your theme is replaceable if you
 haven’t made custom
 changes delete your old theme This is the most common place
 for infected WordPress files replace with clean copy Good as new! sucuri.net
Cleanup cleansite cleanup accomplished: Your WordPress site is now spam free! ! sucuri.net
User-Defined Footer Text Active Defense websitefirewall fight back! -security checkpoint that monitors all users - intelligent and decisive: detect attack patterns and stop them - software versus hardware Products: - Sucuri Website Firewall - CloudFlare - Sitelock
sucuri.net A healthy dose of… paranoia worry about the right things: - Integrating a protection plan - Passwords versus Usernames - Hosting: Shared, Managed, Dedicated - Plugin/Theme origin - Patching/Updating - Who your friends are
anyquestions?

Recomendados

Wild communications
Wild communicationsWild communications
Wild communicationsWC
 
Mobile generation technology
Mobile generation technologyMobile generation technology
Mobile generation technologyVishal Rajput
 
S3 Bidet Presentation
S3 Bidet PresentationS3 Bidet Presentation
S3 Bidet Presentationno suhaila
 
The lagoon house
The lagoon houseThe lagoon house
The lagoon houseMarcos A. Radonic
 
Lages – santa catarina
Lages – santa catarinaLages – santa catarina
Lages – santa catarinaDenis Fernandes
 
Urinal selection predictability
Urinal selection predictabilityUrinal selection predictability
Urinal selection predictabilitykylesaunders
 
The lagoon
The lagoonThe lagoon
The lagoonpuspendusir
 
Generation Mobile
Generation MobileGeneration Mobile
Generation MobileMihajlo Prerad
 

Recomendados

Wild communications
Wild communicationsWild communications
Wild communicationsWC
 
Mobile generation technology
Mobile generation technologyMobile generation technology
Mobile generation technologyVishal Rajput
 
S3 Bidet Presentation
S3 Bidet PresentationS3 Bidet Presentation
S3 Bidet Presentationno suhaila
 
The lagoon house
The lagoon houseThe lagoon house
The lagoon houseMarcos A. Radonic
 
Lages – santa catarina
Lages – santa catarinaLages – santa catarina
Lages – santa catarinaDenis Fernandes
 
Urinal selection predictability
Urinal selection predictabilityUrinal selection predictability
Urinal selection predictabilitykylesaunders
 
The lagoon
The lagoonThe lagoon
The lagoonpuspendusir
 
Generation Mobile
Generation MobileGeneration Mobile
Generation MobileMihajlo Prerad
 
Toilets
ToiletsToilets
Toiletsjosephdesilva
 
Lages - 5.04
Lages - 5.04Lages - 5.04
Lages - 5.04Adrinic
 
Aqualisa Quartz: Simply a Better Shower
Aqualisa Quartz: Simply a Better ShowerAqualisa Quartz: Simply a Better Shower
Aqualisa Quartz: Simply a Better ShowerAkshay Hiremath
 
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)Aqualisa Quartz - Simply A Better Shower (HBR Case Study)
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)Arjun Parekh
 
Sink Or Float
Sink Or FloatSink Or Float
Sink Or FloatGraciela Bilat
 
Spyware
SpywareSpyware
SpywareKardan university, kabul , Afghanistan
 
Floating and Sinking
Floating and SinkingFloating and Sinking
Floating and SinkingAmanda Will
 
CSF cisterns
CSF cisternsCSF cisterns
CSF cisternsHytham Nafady
 
Septic Tank
Septic TankSeptic Tank
Septic TankVikas Verma
 
Septic tank
Septic tankSeptic tank
Septic tankDr. shrikant jahagirdar
 
Wireless communication
Wireless communicationWireless communication
Wireless communicationDarshan Maru
 
Traps
TrapsTraps
TrapsInazarina Ady
 
Flue gas analysis
Flue gas analysisFlue gas analysis
Flue gas analysisNIT MEGHALAYA
 
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesPresentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesKaushal Kaith
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Más contenido relacionado

Destacado

Lages - 5.04
Lages - 5.04Lages - 5.04
Lages - 5.04Adrinic
 
Aqualisa Quartz: Simply a Better Shower
Aqualisa Quartz: Simply a Better ShowerAqualisa Quartz: Simply a Better Shower
Aqualisa Quartz: Simply a Better ShowerAkshay Hiremath
 
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)Aqualisa Quartz - Simply A Better Shower (HBR Case Study)
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)Arjun Parekh
 
Floating and Sinking
Floating and SinkingFloating and Sinking
Floating and SinkingAmanda Will
 
Wireless communication
Wireless communicationWireless communication
Wireless communicationDarshan Maru
 
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesPresentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesKaushal Kaith
 

Destacado (14)

Toilets
ToiletsToilets
Toilets
 
Lages - 5.04
Lages - 5.04Lages - 5.04
Lages - 5.04
 
Aqualisa Quartz: Simply a Better Shower
Aqualisa Quartz: Simply a Better ShowerAqualisa Quartz: Simply a Better Shower
Aqualisa Quartz: Simply a Better Shower
 
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)Aqualisa Quartz - Simply A Better Shower (HBR Case Study)
Aqualisa Quartz - Simply A Better Shower (HBR Case Study)
 
Sink Or Float
Sink Or FloatSink Or Float
Sink Or Float
 
Spyware
SpywareSpyware
Spyware
 
Floating and Sinking
Floating and SinkingFloating and Sinking
Floating and Sinking
 
CSF cisterns
CSF cisternsCSF cisterns
CSF cisterns
 
Septic Tank
Septic TankSeptic Tank
Septic Tank
 
Septic tank
Septic tankSeptic tank
Septic tank
 
Wireless communication
Wireless communicationWireless communication
Wireless communication
 
Traps
TrapsTraps
Traps
 
Flue gas analysis
Flue gas analysisFlue gas analysis
Flue gas analysis
 
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless TechnologiesPresentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
Presentation on 1G/2G/3G/4G/5G/Cellular & Wireless Technologies
 

Último

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 

Último (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Wc maine-slideshare

  • 2. aboutme Something Joseph Herbrandson Web design and infosec Committed to WordPress and website security since 2008 sucuri security Technical Account Manager - Cleaning up malware and protecting websites from infection everyday - Cleaned, remediated and secured over 5,000 websites Website sucuri.net twitter.com/sucuri_security facebook.com/SucuriSec sucuri.net
  • 3. sucuri.net Sucurisecurity • SCAN: 3 MILLION DOMANS / MONTH: sitecheck.sucuri.net • block: 33 million / month • CLEAN: 300-500 sites / DAY • Website security: SERVICING OVER 250 THOUSAND DOMAINS • platform agnostic (wordpress, joomla, drupal, etc…) • GLOBAL OPERATIONS 24/7/365 SUPPORT
  • 4. The state of… theInternet sucuri.net 3 Billion Internet Users world wide 1 billion active sites internetlivestats.com ! 60% of all CMS sites and 22% of all websites are wordpress!
  • 5. No 0% Threat Rule No such thing as perfect security. If someone REALLY wants in, they will find a way. 0- Day Attacks Brand new attacks using different methods make these impossible to plan for. 0-Day attacks are resolved once it has been studied, and fix has been published. Not just Wordpress! Security starts with everyday practices. All the wrong moves made off of your website, will still affect things on your website! sucuri.net securewp Notes On
  • 6. Who Are They? Hackersidentities sucuri.net Who are these Guys? - It can be anyone good with computers. - Intelligent and Mischievous; Enterprising and Effective. Where are they from? Most attacks come from Turkey, Syria, Tunisia, Brazil, Russia, China, and even the United States. !
  • 7. Brute Force sql injection ddos social engineering sucuri.net what’s going on here… commonattacktypes
  • 8. Hacked? Whyyou It’s nothing Personal Most attacks are automated and done on many websites at a time You're on the list Once you’re a target, you stay a target. Increasing your security is the best way to ask them to LEAVE YOU ALONE sucuri.net
  • 9. The $Billionspam ! Pharma and spam attacks Viagra, Cialis, and Levitra ads, make marketers over 2 BILLION dollars every year from blackhat methods of infecting websites, and redirecting users to websites selling prescription drugs. ! sucuri.net
  • 10. Pillarsofsecurity Your Security Frontline Disaster Prevention backups Basic Website Maintenance Staying current Common Sense Policies Access control WordPress Preparation sucuri.net
  • 11. securedbackups Disaster Prevention Have a backup plan Playing defensively from the back is your best first line defense. Stored Remotely Away from your live server, and the clutches of an intruder. …more than one if possible! The more layers of your backup plan, the less likely it is to fail. Scheduled and Automated Don’t rely on yourself. sucuri.net
  • 12. backupSolutions Options for Vault Press Web hosting Sucuri Backups sucuri.net BACKUP BUDDY
  • 13. A little bit about passwordsecurity The tactics Sophisticated Password Guessing easier to crack than you think… ! Password Crack Times: - 8 letters = 52 seconds - 8 nums/letters = 11 minutes - with caps/!@#$… = 3 hours - 12 letters/nums/caps/!@#$ = 2 Thousand years sucuri.net
  • 14. mostusedpassWords The web’s No. Title Ranking Last Year 1 123456 2 2 password 1 3 12345678 3 4 qwerty 5 5 abc123 4 6 123456789 New 7 111111 9 sucuri.net The following are statistics showing the most used passwords in 2013, documented from lists stolen in major organization security breaches. (SplashData.com)
  • 15. passwordmanagers Tools of the trade: Lastpass keePass DashLane sucuri.net 1Password
  • 16. wordpressUpdates The Importance of Your version is your level of security ! Major versus Maintenance releases ! Worried About upgrading? fear not! downgrading is a simple task ! Have an upgrade path sucuri.net As of June 2014: http://w3techs.com/technologies/details/cm-wordpress/3/all 21% 14% 5% 8% 18% 34% 3.0-3.4 3.5 3.6 3.7 3.8 3.9
  • 17. sucuri.net KnowyourPlugins recent vulnerability disclosures: Update!! All in one SEO Mailpoet custom contact forms wptouch no plugin is SAFE forever! developer vigilance is key keep track of update and change logs consider plugins secured by Sucuri, or other security authorities Plug and Play for hackers!
  • 18. sucuri.net Server-Side Protection websiteantivirus Malware Scanning SITECHECK: http://sitecheck.sucuri.net VIRUSTOTAL: http://www.virustotal.com wordpress security plugins Sucuri Scanner iThemes Security (Formerly Better WP Security) GOTMLS WEB premium cleanup services Sucuri Website Antivirus Sitelock
  • 19. Case study cleanup Ftp/sftp File Management Basic file cleanup with FileZilla WordPress Version Archives https://codex.wordpress.org/WordPress_Versions (Google “WordPress versions”) Theme Backups Always know where to find a clean copy of your theme
  • 20. Infectedsite infection: blackhat seo spam injection Spam is displayed with Javascript turned off. Otherwise it’s hidden! Infection confirmed at the free Sucuri website scanner: http://sitecheck.sucuri.net Cleanup sucuri.net
  • 21. Cleanup removeandreplace wp-admin and wp-includes These directories are replaceable for cleanup and downgrading versions Replace other core files The other core files outside of these two directories can be uploaded to directly replace their counterparts do not delete wp-config.php or wp-content! These are vital to the functionality of your blog, and cannot be replaced easily, or without a backup. sucuri.net
  • 22. Cleanup removeandreplace pt.2 find your theme Your theme is replaceable if you
 haven’t made custom
 changes delete your old theme This is the most common place
 for infected WordPress files replace with clean copy Good as new! sucuri.net
  • 23. Cleanup cleansite cleanup accomplished: Your WordPress site is now spam free! ! sucuri.net
  • 24. User-Defined Footer Text Active Defense websitefirewall fight back! -security checkpoint that monitors all users - intelligent and decisive: detect attack patterns and stop them - software versus hardware Products: - Sucuri Website Firewall - CloudFlare - Sitelock
  • 25. sucuri.net A healthy dose of… paranoia worry about the right things: - Integrating a protection plan - Passwords versus Usernames - Hosting: Shared, Managed, Dedicated - Plugin/Theme origin - Patching/Updating - Who your friends are