This talk was originally delivered at the Melbourne WordPress Developer Meetup in July 2016. Rather than the common talks on hardening and prevention, this presentation covered how you can identify a WordPress website is compromised, and some of the early warning signs.
Even if we’re doing everything
possible to harden and maintain our
installations, we should still care
about security to monitor our high
Is Penetration Testing Worth it?
There are two reasons why you might want to conduct a
One, you want to know whether a certain vulnerability is
present because you're going to ﬁx it if it is. And two, you need
a big, scary report to persuade your boss to spend more
money. If neither is true, I'm going to save you a lot of money
by giving you this free penetration test: You're vulnerable.
Now, go do something useful about it.
-- Bruce Schneier
The following examples are
often the ﬁrst signs of a
Let’s ask another question. Is Linux
secure? Is Django secure? Is iOS
secure? Is MySQL secure? Is Drupal
secure? Is Node.JS secure? Is
<insert browser> secure? Is
Android secure? Is Rails secure? Is
Windows Server secure? Is Shopify
secure? You get the idea…
This can get subjective, since some have a
much better track record than others, and
some are designed with security as a priority.
So.. banks aside, what would
constitute as a high value
High traﬃc sites, anything with
Information (PII), software
vendors, service providers?
Credit card numbers aren’t the
only form of sensitive
It’s really easy to say
“something isn’t secure”.
It’s much harder to actually
build something that is secure
(knowing that there’s no such
thing as absolute security).
The best answer is that if
security is important, you need
“people” working on it.
The Internet is a hostile
environment. We need to have
a healthy respect for this fact.
Use a security plugin
(or manually harden)
Security issues typically occur because of
certain patterns. Cleaning, restoring or
rebuilding doesn’t address that.
Compromised sites are much more likely to
become compromised again. Get everyone
on board to take security seriously.