breaking wordpress
Post on 13-Sep-2014
738 views
DESCRIPTION
A Brief overview of WordPress and common security issues. Talks about hosting, commen WordPress infection types and features resources to help keep WordPress secure.TRANSCRIPT
Breaking WordPress
#WHOISDAVIDYARDE
•AKA Batman
•Co-founder @ Sevenality
•Twitter: @dsmy
The Web is HUGE!!!There are over 1.8 Billion active websites on the
web.
• 43% of the top 1 million websites are hosted in USA itself.
• 48% of the top 100 blogs/websites run on WordPress.
• 672 Exabytes - 672,000,000,000 Gigabytes (GB) of accessible data.
Today’s Challenges
•Administration
•Credentials
•End-users aka wildcards
•Education
•Core
•Themes*
•Plugins*
•End-users*
Today’s Problem*
Implications of a Hacked Site
•SEO rankings wrecked
•Loss of customer trust
•Visitors exposed to malware
•Hours of time wasted assessing & repairing damage
•Loss of sales/money
Types of Attacks
OpportunisticOpportunistic TargetedTargeted
•Web Trolls•Ability for mass exposure•Timthumb
•Big Enterprises•Wordpress.com•Woothemes•Usually worth the time and
energy invested to compromise•Done for bigger returns
Top 5 WordPress Infections•Backdoors
•Difficult to detect via http
•Good time to start crying
•Pharma Attacks
•Owners usually detect
•Now shamefully selling viagra or some other drug
• Injections
•Think fake Anti-virus downloads
•Defacements
•You’re now supporting a rebel army
•Malicious Redirects
Know Your Environment
•What kind of security does your host use?
•What will they do if your site gets hacked?
•Will they fix it?
•Will they shut it down?
If server management isn’t your thing, use a managed solution.
• WP Engine - http://wpengine.com/
• Flywheel - http://getflywheel.com/
• MediaTemple - http://mediatemple.net/
• GoDaddy - http://www.godaddy.com/
Managed WP Hosting Providers
HELP!! Everything is broken and I’ve been blacklisted!!!
•Don’t panic.
•Detect
•Remove
•Protect
•Submit
Recommended Resources• WP Security Checklist - http://wpsecuritychecklist.com
• Clef - https://getclef.com
• iThemes Security(Better WP Security) - http://ithemes.com/security
• WP Security Lock - http://wpsecuritylock.com
• VaultPress - https://vaultpress.com
• ManageWP - https://managewp.com
“An ounce of prevention is worth a pound of cure.”- Benjamin Franklin