Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Wordpress security webinar by Incapsula

Wordpress security webinar by Incapsula

  • Login to see the comments

  • Be the first to like this

Wordpress security webinar by Incapsula

  1. 1. Security Step #1 - Regularly Update EVERYTHING All Software should be updated Regularly including. Create a regular schedule to update patches for: ° WordPress ' Plugins 0 Web servers ) lncapsula
  2. 2. Security Step #2 - Implement Password Security ° Avoid Default UN/ Passwords ° Implement Strong Passwords > Goal: Hard to Guess / Hard to brute Force attack > Include — Mixed CASe > Include - NuMB3rS : - Include — SP3C!4LCh@RS > Use a password phrase - BowTies 4r3 Cool! ° Use different passwords for different sites ° Change your password periodically > '”Ca. D_8.U, '.e
  3. 3. Security Step #3 - Implement Multi-factor Authentication Problem - Lost or stolen passwords allow hackers to bypass your security measure um I w you “cow” 0 USIIIJAHI l°'| 'IO'I-UVUD (cm 5°'“"°" . .,, ..°. ,, ‘assess - Secure Admin areas with D , .,, ,,, .,, .. — “W ‘ A’ multi-factor authentication Email ENTER VERIFICATION coo: V bufinuvoau-unnI%. euuv I SMS noun-venue-you-tuna: -at-ta » Google Authenticator "“"‘°°' ““" — - Other ? Cl fig > '“Ce. e:3vJe
  4. 4. Security Step #4 — Use a Web Application Firewall (WAF) 80“'96% of all websites have high risk vulnerabilities 13% of websites can be compromised automatically Most wide spread vulnerabilities are 0 Cross-site Scripting - SQL Injection - Information Leakage - HTTP Response Splitting in . no ova -cup-x -pu~. uu. ‘4uIsvan. Auua—i. vs~uQ. v$sn—n , lncapsula
  5. 5. Security Step #4 - Use a Web Application Firewall (WAF) 0 WAFs provide similar protection as traditional network layer firewall but for a web application - Using a WAF can protect website from application layer hacking attempts - WAFs should be used in conjunction with traditional firewalls Non HTl‘P"HH'f'SAt1xt Ijtun HTTPJMTYPS Mud Standard Firewall > lncapsule
  6. 6. Security Step #5 Implement a DDoS mitigation Strategy ° DDoS attacks make your website completely inaccessible C i 2 Your Intemet 1.7% I m C: — = . _: ) Connection I = —. - - VourI$P YourSlte DDoS Traffic Legitimate Traffic - lll ll 0 If website availability is important to you, then DDoS protection should be too 0 Any application without a DDoS mitigation strategy is at risk > '“Ce.0&w'e
  7. 7. Security Step #6 - Use a Secure Hosting Environment Hacked Website Your Website Problem - If any site on a server is hacked, there's a chance that any other site on that same server could be vulnerable. > '“Ce.0e we
  8. 8. Security Step #6 - Use a Secure Hosting Environment Pick a Secure Hosting Provider that offers - Segregated environment (physically or logically) ° Network layer firewalls ' Vulnerability scanning > Infrastructure : - Servers : - Databases 2 Applications ° Backup Services ° Security Certification 7' SAS 70 Type II r- SSAE 16 Type II > Incapsula

×