Real Security for WordPress


Published on

Real Security for WordPress - Cut through the noise and the false sense of security. Dre Armeda presents a no nonsense approach to reducing risk with WordPress.

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Real Security for WordPress

  1. 1. Real Security for WordPress Life, Liberty, and the Pursuit of Risk ReductionReal Security for WordPress Dre Armeda @dremeda @sucuri_security
  2. 2. Dre Armeda CEO, Co-Founder of Sucuri Inc. – Co-Host of The DradCast – @dremeda | I wear many hats, and love tacos Harley enthusiast & Chargers fan Infatuated with WordPress & web security. I hope hope to make the internet a safer place!Real Security for WordPress Dre Armeda @dremeda @sucuri_security
  3. 3. The Internet Rocks With adoption and growth comes innovation! !   Over 2 billion internet users today !   480% growth in the last 11 years (Internet World Stats) !   100k+ domains gained weekly (Global Domain Registry) !   2 billion sites in 2015 (Tony Schneider – CEO, Automattic)Real Security for WordPress Dre Armeda @dremeda @sucuri_security
  4. 4. It’s Not All Peachy Innovative thinking sparks risk Malware – short for malicious software: A softwaredesigned to disrupt operations, gather information, or gain unauthorized access. !   Monitor your website browsing & internet usage !   Forced Advertising !   Redirect Affiliate Marketing RevenueReal Security for WordPress Dre Armeda @dremeda @sucuri_security
  5. 5. How Bad is it? Pretty bad, and getting worse. !   2 million+ new malware strings monthly (McAfee) !   Costs US consumers over $2bil yearly (Consumer Reports) !   Google issues 3mil+ warnings daily. (Google) !   Google blacklists 10k websites daily on avg. (Google)Real Security for WordPress Dre Armeda @dremeda @sucuri_security
  6. 6. How Does This Happen A new type of webmaster!Real Security for WordPress Dre Armeda @dremeda @sucuri_security
  7. 7. Am I At Risk? Ever See a Dodo Bird? The percentage of risk will never be zero!Real Security for WordPress Dre Armeda @dremeda @sucuri_security
  8. 8. What Can We do? Be smart. Be consistent. Cut out the noise!Real Security for WordPress Dre Armeda @dremeda @sucuri_security
  9. 9. Cut Out The Noise K.I.S.S. !   Keep Software Updated !   No Soup Kitchen Servers !   Reduce Access !   Password Management !   Backup ScheduleReal Security for WordPress Dre Armeda @dremeda @sucuri_security
  10. 10. Keep Software Updated Information Security is everyone’s responsibility !   Leading cause for infection along with passwords !   Scared to upgrade because stuff breaks? !   Major vs. Point Release !   Run upgrade tests !   Do your homeworkReal Security for WordPress Dre Armeda @dremeda @sucuri_security
  11. 11. No Soup Kitchen Servers Production is not your archive server! ! WordPressers act like they forgot about DEV !   Cross-contamination is a big deal !   Segment by user and account !   Not active. Not good enough If it’s not in use, get rid of itReal Security for WordPress Dre Armeda @dremeda @sucuri_security
  12. 12. Reduce Access Least privilege to some, no privilege for most. Give people enough access to do their job, nothing more; remove access when they complete their job! !   User Proper Roles !   This goes for WordPress, FTP, & DB’s, etc. !   Limit failed logins to thwart brute force !   Practice two form auth & layered loginReal Security for WordPress Dre Armeda @dremeda @sucuri_security
  13. 13. Lets Hack a Website All you need is a couple minutes.Real Security for WordPress Dre Armeda @dremeda @sucuri_security
  14. 14. Password Management Password is a password not to be used as your password, ever! !   Password still top 5 actively used password !   Use unique passphrases !   Use different passwords across accounts !   Password Management ToolsReal Security for WordPress Dre Armeda @dremeda @sucuri_security
  15. 15. Backup Schedule When they hack you, reduce downtime. !   Create a schedule today! !   Backup outside of your production environment !   Multiple backups are awesome !   Talk to your host to see what they offer !   Various tools availableReal Security for WordPress Dre Armeda @dremeda @sucuri_security
  16. 16. Tools & Services Great tools and services to help you reduce risk.Backups Password Management Malware Scanning!   Backup Buddy ! LastPass !   Sucuri SiteCheck! VaultPress ! KeyPass Password ! UnMask Parasites Safe !   1PasswordMalware Cleanup Two Form Auth Limit Failed Logins!   Sucuri !   Google !   Limit Logon Authenticator Attempts !   Sucuri (WP Plugin)Real Security for WordPress Dre Armeda @dremeda @sucuri_security
  17. 17. Thank You For Listening No go, reduce risk. Go!Real Security for WordPress Dre Armeda @dremeda @sucuri_security