SlideShare a Scribd company logo
1 of 18
Download to read offline
WordPress Malware
Owen Cutajar
(@OwenC)
Your lovely WordPress site …
looking not-so-lovely …
According to the FBI
“There are only two types of
companies: those that have been
hacked, and those that will be.”
Robert Mueller, FBI Director, 2012
Why?
Profit or Propaganda
Wordpress is an attractive target
Outdated version of WordPress
Large surface of attack across plugins/themes
Classes of attacks
Targeted attacks
Password cracking (brute force / dictionary attacks)
DDOS
Malware
Some terminology
Virus
Worm
Trojan Horse
Botnet
Malnet
Types of attacks
Defacing
Spam
Drive-by Downloads
Backdoors
Malicious redirects and embeds
Defacing
Spam
Drive-By Downloads
Backdoors
Malicious Redirects and
Embeds
How?
Exploits and vulnerabilities
Outdated software
Insecure credentials
Compromised host
Infection Demo
Local Samples
Tools:
Base64Decoder: https://www.base64decode.org/
Execute PHP: https://eval.in/
Cleaning an infected site
Manually
Wordfence demo
Protecting your site
Automatic updates
Security plugins
External scanning
User education
Two factor authentication
Off-site Backups
SSL on login page
References
Wordpress Vulnerability Database: http://wpvulndb.com
Wordfence: https://wordpress.org/plugins/wordfence/
Securi: https://sucuri.net/wordpress-security/
Cloudflare: https://www.cloudflare.com/
Me: @OwenC on Twitter, owencutajar on Skype

More Related Content

What's hot

OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
Marco Morana
 
OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfiguration
Nikola Milosevic
 

What's hot (20)

تست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانی
تست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانیتست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانی
تست وب اپ ها با سلنیوم - علیرضا عظیم زاده میلانی
 
Secure Form Processing and Protection - Sunshine PHP 2015
Secure Form Processing and Protection - Sunshine PHP 2015Secure Form Processing and Protection - Sunshine PHP 2015
Secure Form Processing and Protection - Sunshine PHP 2015
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
Open Source CMS : How secure are they?
Open Source CMS : How secure are they?Open Source CMS : How secure are they?
Open Source CMS : How secure are they?
 
Become a Security Ninja
Become a Security NinjaBecome a Security Ninja
Become a Security Ninja
 
Help AG spot light - social engineering
Help AG spot light - social engineeringHelp AG spot light - social engineering
Help AG spot light - social engineering
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methods
 
A7 Missing Function Level Access Control
A7   Missing Function Level Access ControlA7   Missing Function Level Access Control
A7 Missing Function Level Access Control
 
What is the difference between malware and virus
What is the difference between malware and virusWhat is the difference between malware and virus
What is the difference between malware and virus
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
 
A10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and ForwardsA10 - Unvalidated Redirects and Forwards
A10 - Unvalidated Redirects and Forwards
 
Vulners: Google for hackers
Vulners: Google for hackersVulners: Google for hackers
Vulners: Google for hackers
 
2 . web app s canners
2 . web app s canners2 . web app s canners
2 . web app s canners
 
Security risks awareness
Security risks awarenessSecurity risks awareness
Security risks awareness
 
State of Web Security RailsConf 2016
State of Web Security RailsConf 2016State of Web Security RailsConf 2016
State of Web Security RailsConf 2016
 
ECrime presentation - A few bits about malware
ECrime presentation - A few bits about malwareECrime presentation - A few bits about malware
ECrime presentation - A few bits about malware
 
GoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinGoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from within
 
OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfiguration
 
Cyber Threats
Cyber ThreatsCyber Threats
Cyber Threats
 
A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013   A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013
 

Viewers also liked

How to protect business from malware
How to protect business from malware How to protect business from malware
How to protect business from malware
Sanyog Chandra
 

Viewers also liked (20)

Isle of Man Grand Challenge - Singularity University Knowledge Transfer
Isle of Man Grand Challenge - Singularity University Knowledge TransferIsle of Man Grand Challenge - Singularity University Knowledge Transfer
Isle of Man Grand Challenge - Singularity University Knowledge Transfer
 
sustainability developments environmental protection and control
sustainability developments environmental protection and controlsustainability developments environmental protection and control
sustainability developments environmental protection and control
 
10 Things You Didn’t Know About Mobile Email from Litmus & HubSpot
 10 Things You Didn’t Know About Mobile Email from Litmus & HubSpot 10 Things You Didn’t Know About Mobile Email from Litmus & HubSpot
10 Things You Didn’t Know About Mobile Email from Litmus & HubSpot
 
How to Earn the Attention of Today's Buyer
How to Earn the Attention of Today's BuyerHow to Earn the Attention of Today's Buyer
How to Earn the Attention of Today's Buyer
 
25 Discovery Call Questions
25 Discovery Call Questions25 Discovery Call Questions
25 Discovery Call Questions
 
Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...
Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...
Modern Prospecting Techniques for Connecting with Prospects (from Sales Hacke...
 
Class 1: Email Marketing Certification course: Email Marketing and Your Business
Class 1: Email Marketing Certification course: Email Marketing and Your BusinessClass 1: Email Marketing Certification course: Email Marketing and Your Business
Class 1: Email Marketing Certification course: Email Marketing and Your Business
 
Behind the Scenes: Launching HubSpot Tokyo
Behind the Scenes: Launching HubSpot TokyoBehind the Scenes: Launching HubSpot Tokyo
Behind the Scenes: Launching HubSpot Tokyo
 
HubSpot Diversity Data 2016
HubSpot Diversity Data 2016HubSpot Diversity Data 2016
HubSpot Diversity Data 2016
 
Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...
Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...
Why People Block Ads (And What It Means for Marketers and Advertisers) [New R...
 
3 Proven Sales Email Templates Used by Successful Companies
3 Proven Sales Email Templates Used by Successful Companies3 Proven Sales Email Templates Used by Successful Companies
3 Proven Sales Email Templates Used by Successful Companies
 
Add the Women Back: Wikipedia Edit-a-Thon
Add the Women Back: Wikipedia Edit-a-ThonAdd the Women Back: Wikipedia Edit-a-Thon
Add the Women Back: Wikipedia Edit-a-Thon
 
Wireless Sensor Networks: An Overview on Security Issues and Challenges
Wireless Sensor Networks: An Overview on Security Issues and ChallengesWireless Sensor Networks: An Overview on Security Issues and Challenges
Wireless Sensor Networks: An Overview on Security Issues and Challenges
 
Designing for Accessibility - Front End North - September 2016
Designing for Accessibility - Front End North - September 2016Designing for Accessibility - Front End North - September 2016
Designing for Accessibility - Front End North - September 2016
 
Cloud Computing - Challenges & Opportunities
Cloud Computing - Challenges & OpportunitiesCloud Computing - Challenges & Opportunities
Cloud Computing - Challenges & Opportunities
 
Tips to remove malwares
Tips to remove malwaresTips to remove malwares
Tips to remove malwares
 
Know Your Malware: Protect Yourself @ DPS Europe, 2/4/15
Know Your Malware: Protect Yourself @ DPS Europe, 2/4/15Know Your Malware: Protect Yourself @ DPS Europe, 2/4/15
Know Your Malware: Protect Yourself @ DPS Europe, 2/4/15
 
Malware
MalwareMalware
Malware
 
How to protect business from malware
How to protect business from malware How to protect business from malware
How to protect business from malware
 
How to protect pc against Malware
How to protect pc against MalwareHow to protect pc against Malware
How to protect pc against Malware
 

Similar to Wordpress malware - What is it and how to protect your website.

TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , Texas
Aditya K Sood
 
3 Hkcert Trend
3  Hkcert Trend3  Hkcert Trend
3 Hkcert Trend
SC Leung
 
Secure Form Processing and Protection - Devspace 2015
Secure Form Processing and Protection - Devspace 2015 Secure Form Processing and Protection - Devspace 2015
Secure Form Processing and Protection - Devspace 2015
Joe Ferguson
 

Similar to Wordpress malware - What is it and how to protect your website. (20)

Beefy WordPress Security Wordcamp 2012 by Tammy Lee
Beefy WordPress Security Wordcamp 2012 by Tammy LeeBeefy WordPress Security Wordcamp 2012 by Tammy Lee
Beefy WordPress Security Wordcamp 2012 by Tammy Lee
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , Texas
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
3 Hkcert Trend
3  Hkcert Trend3  Hkcert Trend
3 Hkcert Trend
 
Methods Hackers Use
Methods Hackers UseMethods Hackers Use
Methods Hackers Use
 
Analysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware KitsAnalysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware Kits
 
Secure Form Processing and Protection - Devspace 2015
Secure Form Processing and Protection - Devspace 2015 Secure Form Processing and Protection - Devspace 2015
Secure Form Processing and Protection - Devspace 2015
 
Introduction to Web Server Security
Introduction to Web Server SecurityIntroduction to Web Server Security
Introduction to Web Server Security
 
4.Xss
4.Xss4.Xss
4.Xss
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Recent cyber Attacks
Recent cyber AttacksRecent cyber Attacks
Recent cyber Attacks
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 Aitp
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
 
Hack using firefox
Hack using firefoxHack using firefox
Hack using firefox
 
Types of Security Threats WordPress Websites Face - Part 2
Types of Security Threats WordPress Websites Face - Part 2Types of Security Threats WordPress Websites Face - Part 2
Types of Security Threats WordPress Websites Face - Part 2
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
WordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdfWordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdf
 
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxSeceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
 
Common Malware Types Vulnerability Management
Common Malware Types Vulnerability ManagementCommon Malware Types Vulnerability Management
Common Malware Types Vulnerability Management
 

More from Owen Cutajar

Managing Sql Sprawl With Hp Poly Serve
Managing Sql Sprawl With Hp Poly ServeManaging Sql Sprawl With Hp Poly Serve
Managing Sql Sprawl With Hp Poly Serve
Owen Cutajar
 

More from Owen Cutajar (10)

A short history of Wordpress
A short history of WordpressA short history of Wordpress
A short history of Wordpress
 
Social media for business professionals. Why bother?
Social media for business professionals. Why bother?Social media for business professionals. Why bother?
Social media for business professionals. Why bother?
 
App Inventor Primer
App Inventor PrimerApp Inventor Primer
App Inventor Primer
 
JCC Property Outlook 2011
JCC Property Outlook 2011JCC Property Outlook 2011
JCC Property Outlook 2011
 
The Illusion of Recovery - Presenation to the JCC (IOM)
The Illusion of Recovery - Presenation to the JCC (IOM)The Illusion of Recovery - Presenation to the JCC (IOM)
The Illusion of Recovery - Presenation to the JCC (IOM)
 
JCC - Space Commerce in the Isle of Man
JCC - Space Commerce in the Isle of ManJCC - Space Commerce in the Isle of Man
JCC - Space Commerce in the Isle of Man
 
Social media and its impact on competitive advantage
Social media and its impact on competitive advantageSocial media and its impact on competitive advantage
Social media and its impact on competitive advantage
 
Destination Douglas
Destination DouglasDestination Douglas
Destination Douglas
 
BCS (Isle of Man): Implications for Project Management in an uncertain Island...
BCS (Isle of Man): Implications for Project Management in an uncertain Island...BCS (Isle of Man): Implications for Project Management in an uncertain Island...
BCS (Isle of Man): Implications for Project Management in an uncertain Island...
 
Managing Sql Sprawl With Hp Poly Serve
Managing Sql Sprawl With Hp Poly ServeManaging Sql Sprawl With Hp Poly Serve
Managing Sql Sprawl With Hp Poly Serve
 

Recently uploaded

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 

Recently uploaded (20)

State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 

Wordpress malware - What is it and how to protect your website.