Real Security for WordPress

  • 5,430 views
Uploaded on

Real Security for WordPress - Cut through the noise and the false sense of security. Dre Armeda presents a no nonsense approach to reducing risk with WordPress.

Real Security for WordPress - Cut through the noise and the false sense of security. Dre Armeda presents a no nonsense approach to reducing risk with WordPress.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
5,430
On Slideshare
0
From Embeds
0
Number of Embeds
31

Actions

Shares
Downloads
22
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Real Security for WordPress Life, Liberty, and the Pursuit of Risk ReductionReal Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 2. Dre Armeda CEO, Co-Founder of Sucuri Inc. – sucuri.net Co-Host of The DradCast – dradcast.com @dremeda | dre.im I wear many hats, and love tacos Harley enthusiast & Chargers fan Infatuated with WordPress & web security. I hope hope to make the internet a safer place!Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 3. The Internet Rocks With adoption and growth comes innovation! !   Over 2 billion internet users today !   480% growth in the last 11 years (Internet World Stats) !   100k+ domains gained weekly (Global Domain Registry) !   2 billion sites in 2015 (Tony Schneider – CEO, Automattic)Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 4. It’s Not All Peachy Innovative thinking sparks risk Malware – short for malicious software: A softwaredesigned to disrupt operations, gather information, or gain unauthorized access. !   Monitor your website browsing & internet usage !   Forced Advertising !   Redirect Affiliate Marketing RevenueReal Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 5. How Bad is it? Pretty bad, and getting worse. !   2 million+ new malware strings monthly (McAfee) !   Costs US consumers over $2bil yearly (Consumer Reports) !   Google issues 3mil+ warnings daily. (Google) !   Google blacklists 10k websites daily on avg. (Google)Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 6. How Does This Happen A new type of webmaster!Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 7. Am I At Risk? Ever See a Dodo Bird? The percentage of risk will never be zero!Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 8. What Can We do? Be smart. Be consistent. Cut out the noise!Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 9. Cut Out The Noise K.I.S.S. !   Keep Software Updated !   No Soup Kitchen Servers !   Reduce Access !   Password Management !   Backup ScheduleReal Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 10. Keep Software Updated Information Security is everyone’s responsibility !   Leading cause for infection along with passwords !   Scared to upgrade because stuff breaks? !   Major vs. Point Release !   Run upgrade tests !   Do your homeworkReal Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 11. No Soup Kitchen Servers Production is not your archive server! ! WordPressers act like they forgot about DEV !   Cross-contamination is a big deal !   Segment by user and account !   Not active. Not good enough If it’s not in use, get rid of itReal Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 12. Reduce Access Least privilege to some, no privilege for most. Give people enough access to do their job, nothing more; remove access when they complete their job! !   User Proper Roles !   This goes for WordPress, FTP, & DB’s, etc. !   Limit failed logins to thwart brute force !   Practice two form auth & layered loginReal Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 13. Lets Hack a Website All you need is a couple minutes.Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 14. Password Management Password is a password not to be used as your password, ever! !   Password still top 5 actively used password !   Use unique passphrases !   Use different passwords across accounts !   Password Management ToolsReal Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 15. Backup Schedule When they hack you, reduce downtime. !   Create a schedule today! !   Backup outside of your production environment !   Multiple backups are awesome !   Talk to your host to see what they offer !   Various tools availableReal Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 16. Tools & Services Great tools and services to help you reduce risk.Backups Password Management Malware Scanning!   Backup Buddy ! LastPass !   Sucuri SiteCheck! VaultPress ! KeyPass Password ! UnMask Parasites Safe !   1PasswordMalware Cleanup Two Form Auth Limit Failed Logins!   Sucuri !   Google !   Limit Logon Authenticator Attempts !   Sucuri (WP Plugin)Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 17. Thank You For Listening No go, reduce risk. Go!Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security