Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WordPress Security

WordPress powers a large part of today's web and as such, is a popular target for exploits. Find out why you as an SEO should care and what you can do to ensure your Wordpress site's security and minimise the risks. Talk recap here: http://www.irishwonder.com/blog/2019/04/30/wordpress-security-my-pint-sized-marketing-talk-recap/

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

WordPress Security

  1. 1. Pint Sized Marketing, April 2019
  2. 2. @irishwonder IrishWonder’s SEO Consulting WHY SECURITY MATTERS?
  3. 3. @irishwonder IrishWonder’s SEO Consulting NOT JUST BECAUSE OF GDPR
  4. 4. @irishwonder IrishWonder’s SEO Consulting NOT JUST FOR INTERNET SECURITY PROFESSIONALS
  5. 5. @irishwonder IrishWonder’s SEO Consulting SEO NIGHTMARES
  6. 6. @irishwonder IrishWonder’s SEO Consulting HACKED SITES, NO WARNINGS
  7. 7. @irishwonder IrishWonder’s SEO Consulting BY THE TIME YOU SEE A WARNING HERE, IT MIGHT BE TOO LATE
  8. 8. @irishwonder IrishWonder’s SEO Consulting
  9. 9. @irishwonder IrishWonder’s SEO Consulting
  10. 10. @irishwonder IrishWonder’s SEO Consulting GOOGLE WEBMASTER GUIDELINES:
  11. 11. @irishwonder IrishWonder’s SEO Consulting YOU ARE THE ONLY PERSON RESPONSIBLE FOR YOUR SITE’S SECURITY
  12. 12. @irishwonder IrishWonder’s SEO Consulting
  13. 13. @irishwonder IrishWonder’s SEO Consulting
  14. 14. @irishwonder IrishWonder’s SEO Consulting Vulnerabilities by Type and Year
  15. 15. @irishwonder IrishWonder’s SEO Consulting Who’s Attempting to Hack Your Site?
  16. 16. @irishwonder IrishWonder’s SEO Consulting
  17. 17. @irishwonder IrishWonder’s SEO Consulting
  18. 18. @irishwonder IrishWonder’s SEO Consulting BUILD YOUR SITE…
  19. 19. @irishwonder IrishWonder’s SEO Consulting …OR CHOOSE YOUR POISON
  20. 20. @irishwonder IrishWonder’s SEO Consulting The larger the system, the greater the probability of unexpected failure - One of the systemantics laws
  21. 21. @irishwonder IrishWonder’s SEO Consulting
  22. 22. @irishwonder IrishWonder’s SEO Consulting
  23. 23. @irishwonder IrishWonder’s SEO Consulting
  24. 24. @irishwonder IrishWonder’s SEO Consulting https://medium.com/@Gadgetoid/analyzing-the-pipdig-wordpress -plugin-ddos-code-and-their-explanation-for-why-it-exists- 87f12edf5f9f Additional Reading:
  25. 25. @irishwonder IrishWonder’s SEO Consulting https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to- massive-wordpress-soaksoak-compromise.html Additional Reading:
  26. 26. @irishwonder IrishWonder’s SEO Consulting  Once approved for Plugins Directory inclusion, they are not checked any more
  27. 27. @irishwonder IrishWonder’s SEO Consulting  Updates are not checked
  28. 28. @irishwonder IrishWonder’s SEO Consulting  Developers are not required to maintain and update them
  29. 29. @irishwonder IrishWonder’s SEO Consulting  Nobody bears responsibility for what they do to your site
  30. 30. @irishwonder IrishWonder’s SEO Consulting  While you can update standalone plugins, you cannot update plugins included into themes
  31. 31. @irishwonder IrishWonder’s SEO Consulting  Only use plugins you ABSOLUTELY NEED
  32. 32. @irishwonder IrishWonder’s SEO Consulting  If you have to search to know if you are using a certain plugin, you’ve got a problem
  33. 33. @irishwonder IrishWonder’s SEO Consulting REMOVE UNUSED PLUGINS
  34. 34. @irishwonder IrishWonder’s SEO Consulting Only use themes from reliable sources
  35. 35. @irishwonder IrishWonder’s SEO Consulting Know what plugins a theme uses
  36. 36. @irishwonder IrishWonder’s SEO Consulting Demand updates
  37. 37. @irishwonder IrishWonder’s SEO Consulting Keep a clean backup of your theme somewhere secure
  38. 38. @irishwonder IrishWonder’s SEO Consulting REVOKE UNNEEDED ACCESS
  39. 39. @irishwonder IrishWonder’s SEO Consulting
  40. 40. @irishwonder IrishWonder’s SEO Consulting
  41. 41. @irishwonder IrishWonder’s SEO Consulting
  42. 42. @irishwonder IrishWonder’s SEO Consulting UPDATE wp_users SET ID= '111' WHERE ID= 1; UPDATE wp_usermeta SET user_id = '111' WHERE user_id = 1; UPDATE wp_posts SET post_author='111’ WHERE post_author=1 *Keep in mind your actual database name, your desired ID and your SQL version syntax
  43. 43. @irishwonder IrishWonder’s SEO Consulting CHECK IF EVERYTHING IS LATEST VERSION (AND IF THE LATEST VERSION IS SECURE)
  44. 44. @irishwonder IrishWonder’s SEO Consulting CHECK FOR KNOWN VULNERABILITIES
  45. 45. @irishwonder IrishWonder’s SEO Consulting
  46. 46. @irishwonder IrishWonder’s SEO Consulting
  47. 47. @irishwonder IrishWonder’s SEO Consulting A WORD OF WARNING ABOUT SUCURI: IT’S AN EXCELLENT FIREWALL BUT CAN ONLY SEE SO MUCH FROM THE OUTSIDE
  48. 48. @irishwonder IrishWonder’s SEO Consulting MYTH: SSL = SECURE SITE
  49. 49. @irishwonder IrishWonder’s SEO Consulting “buy tramadol” SERPs: All 3 hacked sites are HTTPS
  50. 50. @irishwonder IrishWonder’s SEO Consulting One site has SSL implemented incorrectly
  51. 51. @irishwonder IrishWonder’s SEO Consulting CHECK YOUR SSL CERTIFICATE
  52. 52. @irishwonder IrishWonder’s SEO Consulting YOUR SSL IMPLEMENTATION IS ONLY SECURE IF YOU CONSISTENTLY LINK TO SECURE RESOURCES
  53. 53. @irishwonder IrishWonder’s SEO Consulting HAVE A CLEAN BACKUP
  54. 54. @irishwonder IrishWonder’s SEO Consulting FIRE ALARM SCENARIO: WHEN YOU ARE HACKED/ SUSPECT A HACK
  55. 55. @irishwonder IrishWonder’s SEO Consulting  Check your server logs to see any unusual URLs being requested  Check Majestic for your indexed/linked to pages  Check Google Search Console for unusual queries, URLs and crawl errors
  56. 56. @irishwonder IrishWonder’s SEO Consulting • info@irishwonder.com • Twitter: @irishwonder • Slideshare (for this and other decks): http://www.slideshare.net/irishwonder/ • LinkedIn: linkedin.com/in/irishwonder • Blogs: http://www.irishwonder.com/blog/ - general SEO http://www.irishwonder.syndk8.co.uk/ - darker areas

×