SlideShare una empresa de Scribd logo

Breaking WordPress

Descargar como PPT, PDF
David Yarde
David Yarde

A Brief overview of WordPress and common security issues. Talks about hosting, commen WordPress infection types and features resources to help keep WordPress secure.

Tecnología
1 de 15
Breaking WordPress
#WHOISDAVIDYARDE • AKA Batman • Co-founder @ Sevenality • Twitter: @dsmy
The Web is HUGE!!! There are over 1.8 Billion active websites on the web. • 43% of the top 1 million websites are hosted in USA itself. • 48% of the top 100 blogs/websites run on WordPress. • 672 Exabytes - 672,000,000,000 Gigabytes (GB) of accessible data.
Today’s Challenges • Administration • Credentials • End-users aka wildcards • Education
• Core • Themes* • Plugins* • End-users* Today’s Problem*
Implications of a Hacked Site • SEO rankings wrecked • Loss of customer trust • Visitors exposed to malware • Hours of time wasted assessing & repairing damage • Loss of sales/money
Types of Attacks Opportunistic Targeted • Web Trolls • Ability for mass exposure • Timthumb • Big Enterprises • Wordpress.com • Woothemes • Usually worth the time and energy invested to compromise • Done for bigger returns
Top 5 WordPress Infections • Backdoors • Difficult to detect via http • Good time to start crying • Pharma Attacks • Owners usually detect • Now shamefully selling viagra or some other drug • Injections • Think fake Anti-virus downloads • Defacements • You’re now supporting a rebel army • Malicious Redirects
Know Your Environment • What kind of security does your host use? • What will they do if your site gets hacked? • Will they fix it? • Will they shut it down?
If server management isn’t your thing, use a managed solution.
• WP Engine - http://wpengine.com/ • Flywheel - http://getflywheel.com/ • MediaTemple - http://mediatemple.net/ • GoDaddy - http://www.godaddy.com/ Managed WP Hosting Providers
HELP!! Everything is broken and I’ve been blacklisted!!! • Don’t panic. • Detect • Remove • Protect • Submit
Recommended Resources• WP Security Checklist - http://wpsecuritychecklist.com • Clef - https://getclef.com • iThemes Security(Better WP Security) - http://ithemes.com/security • WP Security Lock - http://wpsecuritylock.com • VaultPress - https://vaultpress.com • ManageWP - https://managewp.com
“An ounce of prevention is worth a pound of cure.” - Benjamin Franklin
Thank You • David Yarde • Co-founder @ Sevenality • Twitter: @dsmy • Email: david@sevenality.com

Recomendados

Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteChris Burgess
 
10 Ways to Secure WordPress
10 Ways to Secure WordPress10 Ways to Secure WordPress
10 Ways to Secure WordPressJeremy Green
 
10 Ways to Speed Up and Secure your WP Site
10 Ways to Speed Up and Secure your WP Site10 Ways to Speed Up and Secure your WP Site
10 Ways to Speed Up and Secure your WP SiteFLBlogCon
 
Why it's not your host's fault
Why it's not your host's faultWhy it's not your host's fault
Why it's not your host's faultchadmow03
 
Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte SecureMichele Butcher-Jones
 
VaultPress: A Plugin for your Backup needs
VaultPress: A Plugin for your Backup needsVaultPress: A Plugin for your Backup needs
VaultPress: A Plugin for your Backup needsJacklyn Stachurski
 
WP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress MeetupWP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress MeetupSuzette Franck
 
Stephen Cronin - WordPress and Government
Stephen Cronin - WordPress and GovernmentStephen Cronin - WordPress and Government
Stephen Cronin - WordPress and Governmentsjcronin99
 

Recomendados

Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteChris Burgess
 
10 Ways to Secure WordPress
10 Ways to Secure WordPress10 Ways to Secure WordPress
10 Ways to Secure WordPressJeremy Green
 
10 Ways to Speed Up and Secure your WP Site
10 Ways to Speed Up and Secure your WP Site10 Ways to Speed Up and Secure your WP Site
10 Ways to Speed Up and Secure your WP SiteFLBlogCon
 
Why it's not your host's fault
Why it's not your host's faultWhy it's not your host's fault
Why it's not your host's faultchadmow03
 
Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte SecureMichele Butcher-Jones
 
VaultPress: A Plugin for your Backup needs
VaultPress: A Plugin for your Backup needsVaultPress: A Plugin for your Backup needs
VaultPress: A Plugin for your Backup needsJacklyn Stachurski
 
WP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress MeetupWP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress MeetupSuzette Franck
 
Stephen Cronin - WordPress and Government
Stephen Cronin - WordPress and GovernmentStephen Cronin - WordPress and Government
Stephen Cronin - WordPress and Governmentsjcronin99
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress SecurityChris Burgess
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012Cyren, Inc
 
Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityStopTheHacker
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress TroubleshootingTiffany Bridge
 
MWUG wp-myths
MWUG wp-mythsMWUG wp-myths
MWUG wp-mythsMike Little
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best PracticesRobert Vidal
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014Michael Carnell
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security EssentialsAngela Bowman
 
HackAvert
HackAvertHackAvert
HackAvertfepinette
 
Multisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard WayMultisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard Waysusanwrotethis
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityIvan Storck
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server SecurityPeter Baylies
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security IntroCash Williams
 
Changemaking Through Design Thinking
Changemaking Through Design ThinkingChangemaking Through Design Thinking
Changemaking Through Design ThinkingDavid Yarde
 
The Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionThe Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionDavid Yarde
 

Más contenido relacionado

Similar a Breaking WordPress

Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress SecurityChris Burgess
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012Cyren, Inc
 
Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityStopTheHacker
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress TroubleshootingTiffany Bridge
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best PracticesRobert Vidal
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014Michael Carnell
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security EssentialsAngela Bowman
 
Multisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard WayMultisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard Waysusanwrotethis
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressJohn Gamboa
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityIvan Storck
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server SecurityPeter Baylies
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security IntroCash Williams
 

Similar a Breaking WordPress (20)

Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress Security
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012
 
Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website Security
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress Troubleshooting
 
MWUG wp-myths
MWUG wp-mythsMWUG wp-myths
MWUG wp-myths
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
 
HackAvert
HackAvertHackAvert
HackAvert
 
Multisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard WayMultisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard Way
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security Intro
 

Más de David Yarde

Changemaking Through Design Thinking
Changemaking Through Design ThinkingChangemaking Through Design Thinking
Changemaking Through Design ThinkingDavid Yarde
 
The Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionThe Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionDavid Yarde
 
The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...David Yarde
 
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and ThriveBranding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and ThriveDavid Yarde
 
Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.David Yarde
 
Managing Project Expectations and Roadblocks
Managing Project Expectations and RoadblocksManaging Project Expectations and Roadblocks
Managing Project Expectations and RoadblocksDavid Yarde
 
Designing for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand StoryDesigning for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand StoryDavid Yarde
 
Timeless Branding
Timeless BrandingTimeless Branding
Timeless BrandingDavid Yarde
 
Branded Content Strategies
Branded Content StrategiesBranded Content Strategies
Branded Content StrategiesDavid Yarde
 
Minimum Lovable Brands
Minimum Lovable BrandsMinimum Lovable Brands
Minimum Lovable BrandsDavid Yarde
 
Branding for Success
Branding for SuccessBranding for Success
Branding for SuccessDavid Yarde
 

Más de David Yarde (11)

Changemaking Through Design Thinking
Changemaking Through Design ThinkingChangemaking Through Design Thinking
Changemaking Through Design Thinking
 
The Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionThe Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World Edition
 
The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...
 
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and ThriveBranding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
 
Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.
 
Managing Project Expectations and Roadblocks
Managing Project Expectations and RoadblocksManaging Project Expectations and Roadblocks
Managing Project Expectations and Roadblocks
 
Designing for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand StoryDesigning for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand Story
 
Timeless Branding
Timeless BrandingTimeless Branding
Timeless Branding
 
Branded Content Strategies
Branded Content StrategiesBranded Content Strategies
Branded Content Strategies
 
Minimum Lovable Brands
Minimum Lovable BrandsMinimum Lovable Brands
Minimum Lovable Brands
 
Branding for Success
Branding for SuccessBranding for Success
Branding for Success
 

Último

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Último (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Breaking WordPress

  • 2. #WHOISDAVIDYARDE • AKA Batman • Co-founder @ Sevenality • Twitter: @dsmy
  • 3. The Web is HUGE!!! There are over 1.8 Billion active websites on the web. • 43% of the top 1 million websites are hosted in USA itself. • 48% of the top 100 blogs/websites run on WordPress. • 672 Exabytes - 672,000,000,000 Gigabytes (GB) of accessible data.
  • 4. Today’s Challenges • Administration • Credentials • End-users aka wildcards • Education
  • 5. • Core • Themes* • Plugins* • End-users* Today’s Problem*
  • 6. Implications of a Hacked Site • SEO rankings wrecked • Loss of customer trust • Visitors exposed to malware • Hours of time wasted assessing & repairing damage • Loss of sales/money
  • 7. Types of Attacks Opportunistic Targeted • Web Trolls • Ability for mass exposure • Timthumb • Big Enterprises • Wordpress.com • Woothemes • Usually worth the time and energy invested to compromise • Done for bigger returns
  • 8. Top 5 WordPress Infections • Backdoors • Difficult to detect via http • Good time to start crying • Pharma Attacks • Owners usually detect • Now shamefully selling viagra or some other drug • Injections • Think fake Anti-virus downloads • Defacements • You’re now supporting a rebel army • Malicious Redirects
  • 9. Know Your Environment • What kind of security does your host use? • What will they do if your site gets hacked? • Will they fix it? • Will they shut it down?
  • 10. If server management isn’t your thing, use a managed solution.
  • 11. • WP Engine - http://wpengine.com/ • Flywheel - http://getflywheel.com/ • MediaTemple - http://mediatemple.net/ • GoDaddy - http://www.godaddy.com/ Managed WP Hosting Providers
  • 12. HELP!! Everything is broken and I’ve been blacklisted!!! • Don’t panic. • Detect • Remove • Protect • Submit
  • 13. Recommended Resources• WP Security Checklist - http://wpsecuritychecklist.com • Clef - https://getclef.com • iThemes Security(Better WP Security) - http://ithemes.com/security • WP Security Lock - http://wpsecuritylock.com • VaultPress - https://vaultpress.com • ManageWP - https://managewp.com
  • 14. “An ounce of prevention is worth a pound of cure.” - Benjamin Franklin
  • 15. Thank You • David Yarde • Co-founder @ Sevenality • Twitter: @dsmy • Email: david@sevenality.com