webinar: how i can hack your wordpress website in 5 minutes featuring dre armeda of sucuri security

Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

Real Security for WordPress

Life, Liberty, and the Pursuit of Risk Reduction


Dre Armeda

CEO, Co-Founder of Sucuri Inc. – sucuri.net

Co-Host of The DradCast – dradcast.com

@dremeda | dre.im

I wear many hats, and love tacos

Harley enthusiast & Chargers fan

Infatuated with WordPress & web security.

I hope hope to make the internet a safer place!


The Internet Rocks

Over 2 billion internet users today

480% growth in the last 11 years (Internet World Stats)

100k+ domains gained weekly (Global Domain Registry)

2 billion sites in 2015 (Tony Schneider – CEO, Automattic)

With adoption and growth comes innovation!


It’s Not All Peachy

Malware – short for malicious software: A software designed to disrupt operations, gather information, or

gain unauthorized access.

Monitor your website browsing & internet usage

Forced Advertising

Redirect Affiliate Marketing Revenue

Innovative thinking sparks risk


How Bad is it?

2 million+ new malware strings monthly (McAfee)

Costs US consumers over $2bil yearly (Consumer Reports)

Google issues 3mil+ warnings daily. (Google)

Google blacklists 10k websites daily on avg. (Google)

Pretty bad, and getting worse.


How Does This Happen

A new type of webmaster!


Am I At Risk?

The percentage of risk will never be zero!

Ever See a Dodo Bird?


What Can We do?

Be smart. Be consistent. Cut out the noise!


Cut Out The Noise

Keep Software Updated

No Soup Kitchen Servers

Reduce Access

Password Management

Backup Schedule

K.I.S.S.


Keep Software Updated

Leading cause for infection along with passwords

Scared to upgrade because stuff breaks?

Major vs. Point Release

Run upgrade tests

Do your homework

Information Security is everyone’s responsibility


No Soup Kitchen Servers

WordPressers act like they forgot about DEV

Cross-contamination is a big deal

Segment by user and account

Not active. Not good enough

If it’s not in use, get rid of it

Production is not your archive server!


Reduce Access

Give people enough access to do their job, nothing more; remove access when they complete their job!

User Proper Roles

This goes for WordPress, FTP, & DB’s, etc.

Limit failed logins to thwart brute force

Practice two form auth & layered login

Least privilege to some, no privilege for most.


Password Management

Password still top 5 actively used password

Use unique passphrases

Use different passwords across accounts

Password Management Tools

Password is a password not to be used as your password, ever!


Backup Schedule

Create a schedule today!

Backup outside of your production environment

Multiple backups are awesome

Talk to your host to see what they offer

Various tools available

When they hack you, reduce downtime.


Tools & Services

Backups

Backup Buddy

VaultPress

Great tools and services to help you reduce risk.

Password ManagementLastPassKeyPass Password Safe1Password

Malware ScanningSucuri SiteCheckUnMask Parasites

Malware CleanupSucuri

Two Form AuthGoogle Authenticator

Limit Failed LoginsLimit Logon AttemptsSucuri (WP Plugin)


Thank You For Listening

No go, reduce risk. Go!

webinar: how i can hack your wordpress website in 5 minutes featuring dre armeda of sucuri security

Education

homeworkreal security

automatticreal security

googlereal security

wordpress web security

wordpress dre armeda

rid of itreal security

wordpressdre armeda

cofounder of sucuri