wordpress security
play

WordPress Security Dont Be a Mark (with apologies to anyone named - PowerPoint PPT Presentation

Feb 16, 2023 •192 likes •376 views

WordPress Security Dont Be a Mark (with apologies to anyone named Mark) Will Chatham @willc www.willchatham.com Asheville Area WordPress Group, August 17, 2016 Overview Security Threats: Why & Who How WordPress Gets Hacked

  1. WordPress Security Don’t Be a Mark (with apologies to anyone named Mark) Will Chatham @willc www.willchatham.com Asheville Area WordPress Group, August 17, 2016

  2. Overview ● Security Threats: Why & Who ● How WordPress Gets Hacked ● Don’t Be a Mark (Target) ● Disaster Recovery: Get Well Soon! ● Q&A Discussion (but feel free to ask at any time!)

  3. Will Chatham BA, Certified Ethical Hacker, Certified Penetration Tester, Security+, A+ ● Asheville Resident since 1992, graduate WWC ‘96 ● Longtime WordPress user, developer, fan ● Lover of secrets ○ Magician -> Locksmith -> Web Dev -> SEO -> Ethical Hacker ● Currently Cyber Security Analyst at the National Centers for Environmental Information (NOAA) in Asheville

  4. What? You are up against: Spam injection/Black Hat SEO Resource theft - spammers Botnets Data Theft / Deletion Ransomware Drive By Downloads The easiest way to defeat security is to go around it. Defacement/Bragging Rights

  5. WordPress Security Threats: Who Are They? It is usually automated scripts run by: ● Script Kiddies (aka Skiddies) ● Blackhat SEOs ● Malware/Adware It is rarely: ● Guys in hoodies in dark rooms ● Competitors ● Spies ● Governments

  6. Hacking WordPress: Common Attacks Finding Vulnerabilities to: ● Gain Access ● Escalate Privileges ● Upload Files ● Malicious Code Injection

  7. Don’t Be a Target Security is not about eliminating threats, it is about reducing them.

  8. Basic WordPress Security If you walk away tonight and do nothing else, at least do this: ● Update everything weekly or more (WordPress, plugins, themes) ● Unique, strong password ● Unique, uncommon usernames

  9. Plugins: The Biggest Threat Plugins are why most WordPress hacks occur. Some best practices: ● Only use well-known, active, updated plugins, preferably from the WP Plugin Directory ● Do not use abandoned plugins ● Do your research ● Keep them up to date! This plugin keeps your plugins updated automatically, and it’s free: Update Control Or you can do it on your own in wp-config.php

  10. More Stuff to Update Update WordPress Core ● WordPress itself has an excellent track record in security ● Quick to patch, auto-updates enabled by default now (is yours?) Update your Themes ● Theme frameworks bring risk ● Included functionality in themes (sliders, forms, etc)

  11. Your Web Host Matters Shared Hosting: You are the company you keep Virtual Private Server (VPS): Taller fences Dedicated Hosting: Have an IT staff? Managed WordPress Hosting: Best option for many businesses With web hosting, you really do get what you pay for!

  12. Using Defense-In-Depth (sort-of) The “admin” username Disable file editing Password security Limit login attempts Add Two-Factor Authentication Be selective with XML-RPC Employ Least Privileged principles (Free) plugins & themes Hide the admin area SSL Use WordPress security keys for authentication Update, update, update

  13. WordPress Security Plugins Two of the better freemium WP plugins: iThemes Security (formerly Better WP Security) WordFence Quick demo?

  14. SSL Encrypts your website’s traffic ● Gain visitor trust, especially for ecommerce sites ● Protect your login, cookies, sessions ● Preferential treatment from Google It is now free, so there is no reason not to get a SSL certificate for your website https://letsencrypt.org/

  15. Disaster Recovery Backups make recovery a breeze BackupBuddy ($6.66/mo) Ask your web host If they provide backups! Updraft (Free) VaultPress ($5/mo) Remote Backup Storage: Amazon S3, Google Drive, DropBox, etc etc etc

  16. Getting Help The WordPress Codex Guide - help for when you have been hacked Repair Services: Sucuri Ask your web host If they restore backups! WordFence

  17. References and More Info https://yoast.com/wordpress-security/ https://wordpress.org/plugins/google-authenticator/ https://blog.sucuri.net/2015/02/why-websites-get-hacked.html https://www.wordfence.com/blog/2016/03/attackers-gain-access-wordpress-sites/ https://codex.wordpress.org/Configuring_Automatic_Background_Updates https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project http://www.wpbeginner.com/beginners-guide/what-why-and-hows-of-wordpress-security-keys/

  18. Contact Me Will Chatham will@willchatham.com @willc These slides will be available at: www.willchatham.com ciao!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Wordpress Security GIMPA, November 2018 By: @niiankrah What is Wordpress? WordPress is a

Wordpress Security GIMPA, November 2018 By: @niiankrah What is Wordpress? WordPress is a

Wordpress Security GIMPA, November 2018 By: @niiankrah What is Wordpress? WordPress is a free and open-source content management system based on PHP and MySQL. It uses a plugin architecture and a template system. It is most

367 views • 17 slides
Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot

Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot

Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot gray inc. @dotgray Sunday, March 15, 15 Resources Codex.WordPress.org / Hardening_WordPress Blog.Sucuri.net / WordPress Security WPSecure.net /

608 views • 32 slides
WORDPRESS Lesson 01.01 Introduction to WordPress Welcome Welcome to WordPress! Over the next

WORDPRESS Lesson 01.01 Introduction to WordPress Welcome Welcome to WordPress! Over the next

WORDPRESS Lesson 01.01 Introduction to WordPress Welcome Welcome to WordPress! Over the next set of sessions we're going to cover a lot of different topics, techniques, and technologies, all of which are going to help you better manage and

410 views • 13 slides
WORDPRESS Lesson 02.02 WordPress Editor WordPress Editor WordPress uses a simple HTML editor

WORDPRESS Lesson 02.02 WordPress Editor WordPress Editor WordPress uses a simple HTML editor

WORDPRESS Lesson 02.02 WordPress Editor WordPress Editor WordPress uses a simple HTML editor that allows users to create and update content for blog posts, pages, comments, and other content types that require a rich editing environment.

766 views • 17 slides
BEGINNER AND ADVANCED STEPS FOR WP SECURITY GEORGETOWN WORDPRESS MEETUP 03 APR 2019 @ GEORGETOWN

BEGINNER AND ADVANCED STEPS FOR WP SECURITY GEORGETOWN WORDPRESS MEETUP 03 APR 2019 @ GEORGETOWN

BEGINNER AND ADVANCED STEPS FOR WP SECURITY GEORGETOWN WORDPRESS MEETUP 03 APR 2019 @ GEORGETOWN LIBRARY www.BEACON.agency SCHEDULE AGENDA Why WordPress Security is Important 6:00p NETWORKING The Role of Web Hosting The Role of

448 views • 29 slides
BEGINNER AND ADVANCED STEPS FOR WP SECURITY RHODE ISLAND WORDPRESS MEETUP 11 Sept. 2018 @

BEGINNER AND ADVANCED STEPS FOR WP SECURITY RHODE ISLAND WORDPRESS MEETUP 11 Sept. 2018 @

BEGINNER AND ADVANCED STEPS FOR WP SECURITY RHODE ISLAND WORDPRESS MEETUP 11 Sept. 2018 @ Stillwater Books www.BEACON.agency SCHEDULE AGENDA Why WordPress Security is Important 6:00p NETWORKING The Role of Web Hosting The Role

509 views • 29 slides
Contributing to WordPress Sam Sidler @samuelsidler samuelsidler.com sam@wordpress.org Why

Contributing to WordPress Sam Sidler @samuelsidler samuelsidler.com sam@wordpress.org Why

Contributing to WordPress Sam Sidler @samuelsidler samuelsidler.com sam@wordpress.org Why Contribute to WordPress? Learn from the best developers Gain experience in the codebase Influence the direction of the project Make valuable

265 views • 25 slides
A Month of WordPress Plugins 2007 Ask and You May

A Month of WordPress Plugins 2007 Ask and You May

WordPress Plugins Lorelle VanFossen File Gallery WordPress Plugin A Month of WordPress Plugins 2007 Ask and You May Change WordPress Open Camp

542 views • 32 slides
WordPress Day 8 - Underscores 1 What is underscores? _s, or underscores , is a WordPress

WordPress Day 8 - Underscores 1 What is underscores? _s, or underscores , is a WordPress

TWD 25 WordPress Day 8 - Underscores 1 What is underscores? _s, or underscores , is a WordPress starter theme. It is a code base for building custom themes. 2 Why use underscores? Maintained by Automattic developers. This is the

821 views • 47 slides
HOW YOU CAN GET INVOLVED WITH THE WORDPRESS COMMUNITY WHO WE ARE JOHN HAWKINS - WordPress

HOW YOU CAN GET INVOLVED WITH THE WORDPRESS COMMUNITY WHO WE ARE JOHN HAWKINS - WordPress

HOW YOU CAN GET INVOLVED WITH THE WORDPRESS COMMUNITY WHO WE ARE JOHN HAWKINS - WordPress developer - WordPress user for 15+ years - Owned a WP Agency for 5+ years - Organized first WordCamp in Vegas (2009) - Founded the WP Vegas

684 views • 35 slides
wordpress masterclass how to set up your own wordpress website I'm a web designer whos

wordpress masterclass how to set up your own wordpress website I'm a web designer whos

wordpress masterclass how to set up your own wordpress website I'm a web designer whos passionate about helping small businesses create a professional online brand personality that stands out from the crowd and generates an income that gives

786 views • 37 slides
WordPress Day 1 1 About Me Jonathon Leathers - WordPress Developer TWD 4 Student (2013)

WordPress Day 1 1 About Me Jonathon Leathers - WordPress Developer TWD 4 Student (2013)

TWD 25 WordPress Day 1 1 About Me Jonathon Leathers - WordPress Developer TWD 4 Student (2013) weCreate Design (2014 - now) Vancouver WordPress Meetup Organizer (2017 - now) WordCamp Vancouver Lead Organizer (2018 & 2019) TWD

1.52k views • 119 slides
WordPress I Day 7 1 Tuesday, June 18, 13 Moving Your WordPress Site (within the same domain)

WordPress I Day 7 1 Tuesday, June 18, 13 Moving Your WordPress Site (within the same domain)

WordPress I Day 7 1 Tuesday, June 18, 13 Moving Your WordPress Site (within the same domain) How do I move files from a \wordpress sub- directory to the site root? A common request. Unlike a basic HTML site, we can't simply move the

593 views • 25 slides
Simple WordPress Security Barry Gould, BlogSec.net Barry@blogsec.net Why should we worry?

Simple WordPress Security Barry Gould, BlogSec.net Barry@blogsec.net Why should we worry?

Simple WordPress Security Barry Gould, BlogSec.net Barry@blogsec.net Why should we worry? Hacked site = Loss of business / reputation from loss of customer trust. Cleanup costs. Even small sites are at risk; bots dont discriminate!

326 views • 20 slides
WORDPRESS O L I V I A B I S S E T l e m o n a d e c o d e . c o m lemonadecode.online A B O U T

WORDPRESS O L I V I A B I S S E T l e m o n a d e c o d e . c o m lemonadecode.online A B O U T

H OW Y OUNG P EOPLE C AN B UILD BIG IDEAS W ITH WORDPRESS O L I V I A B I S S E T l e m o n a d e c o d e . c o m lemonadecode.online A B O U T M E Home-Schooled & Traditional Schooling WordPress User For 4 Years, Started When I

581 views • 37 slides
Project 1 Robert Windisch Automated security check for WordPress plugins Static Code Analysis

Project 1 Robert Windisch Automated security check for WordPress plugins Static Code Analysis

Project 1 Robert Windisch Automated security check for WordPress plugins Static Code Analysis Powered by RIPS Technologies High-tech company based in Bochum, Germany Supports the full feature stack of the PHP language Detects

1.06k views • 47 slides
Cyber 101 Aaron Yates Chief Executive, Berea A crash course on cyber security, data protection

Cyber 101 Aaron Yates Chief Executive, Berea A crash course on cyber security, data protection

www.berea-group.co m Cyber 101 Aaron Yates Chief Executive, Berea A crash course on cyber security, data protection and cyber insurance. Chelmsford CII Wednesday, 13th February 2019 Berea Focused on high scale cyber support for SMEs.

532 views • 34 slides
Risk Management Information Security Dr Hans Georg Schaathun Hgskolen i lesund Autumn 2011

Risk Management Information Security Dr Hans Georg Schaathun Hgskolen i lesund Autumn 2011

Risk Management Information Security Dr Hans Georg Schaathun Hgskolen i lesund Autumn 2011 Week 5 Dr Hans Georg Schaathun Risk Management Autumn 2011 Week 5 1 / 1 Learning Outcomes After this week, students should be able to

727 views • 72 slides
CSc 337 LECTURE 26: REGULAR EXPRESSIONS AND SECURITY Regular expressions in JavaScript var str =

CSc 337 LECTURE 26: REGULAR EXPRESSIONS AND SECURITY Regular expressions in JavaScript var str =

CSc 337 LECTURE 26: REGULAR EXPRESSIONS AND SECURITY Regular expressions in JavaScript var str = "The rain in SPAIN stays mainly in the plain"; var res = str.match(/ain/g); - The match function takes a regular expression as a

408 views • 19 slides
Security Note: These slides are created using information from. Network Security Essentials by

Security Note: These slides are created using information from. Network Security Essentials by

Security Note: These slides are created using information from. Network Security Essentials by William Stallings Computer Networking, A top-down approach by James F.Kurose and Keith W.Ross Maximum Security by Anonymous Lectures and Notes from

489 views • 38 slides
Background Body background Subtle patterns background textures List marker (see

Background Body background Subtle patterns background textures List marker (see

Background Body background Subtle patterns background textures List marker (see snippets) Default: window size Advantage: grows and shrinks easily Disadvantage: harder to design Making body fixed width Advantage:

277 views • 4 slides
Section 9 MATERIAL PULLED FROM LAST SECTION AND LAST YEARS SLIDES Todays Agenda

Section 9 MATERIAL PULLED FROM LAST SECTION AND LAST YEARS SLIDES Todays Agenda

Section 9 MATERIAL PULLED FROM LAST SECTION AND LAST YEARS SLIDES Todays Agenda Administrivia Review Design Patterns Design Pattern Worksheet Course Review Administrivia HW9 due tonight at 10PM Friday Final Exam In regular

314 views • 16 slides
GUI programming in Java Using Swing JUnit Testing exercise is due now. Turn in your written

GUI programming in Java Using Swing JUnit Testing exercise is due now. Turn in your written

GUI programming in Java Using Swing JUnit Testing exercise is due now. Turn in your written problems from Assignment 6. Everything for BigRational is due tomorrow at 8:05. "Not answering mail at night" does not mean

290 views • 13 slides
Thinking about the Heuristics 1 Simple and natural dialogue Conform to the users conceptual

Thinking about the Heuristics 1 Simple and natural dialogue Conform to the users conceptual

Thinking about the Heuristics 1 Simple and natural dialogue Conform to the users conceptual model. Match the users task in as natural a way as possible maximize mapping between interface and task semantics Good? Bad? This has

348 views • 21 slides

More recommend