Intro to Security (Beginner's Edition) WordCamp St. Louis 2015

Michele Butcher-Jones
Michele Butcher-JonesLead Web Support Technical Specialist at Thrive Agency
INTROTO SECURITY (BEGINNERS EDITION) Michele Butcher CantSpeakGeek.com WPSecurityLock.com @Michele_Butcher Slides can be found at http://mlb.pw/wcstl2015
MICHELE BUTCHER • WordPress Specialist, Site Cleaner, andTrainer for 
 WP Security Lock • WordPress Specialist for Megabytes Inc • One Woman Wonder at 
 Can’t Speak Geek @michele_butcher
WHY IS SECURITY IMPORTANT? @michele_butcher
EVERY DAY HACKERSTRYTO FIND WAYSTO GETYOUR INFORMATION. @michele_butcher
WHY DO HACKERS HACK? • Make bank • Build a zombie site army • Share their nasty malware with the world • Get your information • They are bored • They want to see if they can do it @michele_butcher
WHY ARETHESE PEOPLE ATTACKING ME? Anymore, it is not people but bots attacking your site. Hackers have programs that do the work for them. Rarely is it people doing the hacking unless it is targeted. Strong opinion sites are a good example. @michele_butcher
HOW DOTHEY GET IN? • Guess your login. If you know it so can someone else. (Brute force attack or man in the middle) • Denial of Service attack (DDoS) flood your site with more traffic than it can handle • Through a theme, file or plugin • Through your FTP or CPanel. (Files set to read, write,execute. Brute force, anonymous login, shared hosting infection) @michele_butcher
AND NOW FORTHE ONLY THING SCARYTHAT I AM GOINGTO SAY. @michele_butcher
YOU ARE NEVER 100% SECURE @michele_butcher
EVEN ATEST SITE OR A KNITTING SITE WITH ONLY 2 VISITORS CAN BE HACKED. IT CAN HAPPENTOYOUR SITE. @michele_butcher It has happened to me, it can happen to you.
DON’T LET SECURITY MAKE YOU LIKETHIS GUY. @michele_butcher
NEVER FEAR… THERE ARE WAYSTO KEEPTHE HACKER ATTACKERS OUT! @michele_butcher I promise it is not all that painful!
WORDPRESS SECURITY BASICS @michele_butcher
NEVER EVER EVER USE ADMIN AS USER NAME OR PASSWORD AS PASSWORD. NEVER! @michele_butcher Got it?
ALWAYS CHANGEYOUR PREFIX NAME FROM WP_ LET IT BE ANYTHING OTHERTHAN WP_ FDHSFJKHS_ IS ALWAYS GOOD I typically do not even look at what I am typing anymore when I make the WP prefix.The random the better. @michele_butcher
WHAT TO DO WHEN YOU HAVETEMPORARY PEOPLE INYOUR DASHBOARD @michele_butcher
ALWAYS USE SFTP Regular FTP is not secure. Do not use it unless the server is only set up for FTP.
Only give them access to what they NEED not what they want. Just because they want to be an admin does not automatically make them one. Guest bloggers should not be anymore than a contributor.
If it is only a temporary login, delete their login when they have completed their job. If they have posts on your site, you can knock them down to subscribers so they can not change anything on your site. If they are only doing work, delete them when their job is done.
Set up a file change detection notification to know what they are changing in your site. iThemes Security and other security plugins give you the option to see what all users are doing when logged into the dashboard.
WHAT ABOUT SECURITY PLUGINS? @michele_butcher
ITHEMES SECURITY PRO Great all encompassing best practices WordPress security plugin. Two versions a free and a premium. http://ithemes.com/security @michele_butcher
BRUTE PROTECT If you are mainly worried about DDoS attacks, Brute Protect has you covered. http://bruteprotect.com @michele_butcher
WHO CAN SCAN MY SITE FOR MALWARE? Google Webmaster Tools http://google.com/webmaster VirusTotal https://virustotal.com iThemes Security Pro htttp://ithemes.com/security @michele_butcher
NEED AN EXTRA EYE ON YOUR SITE? CloudFlare has a free and premium version. http://cloudflare.com @michele_butcher
THINGSYOU CAN DOTO 
 PROTECTYOUR WEBSITE
UPDATE! UPDATE! UPDATE! Update core, update plugins, update themes, update content, update everything and update often! The biggest source of nearly all hacks as once something is patched, it is trivial to get into the old stuff. @michele_butcher
IFYOU USETHEMES OR PLUGINS AT ANY OFTHE ENVATO (THEMEFOREST, CODE CANYON) ALWAYS CHECKTHE BOXTO BE NOTIFIED OF UPDATES.THEY WILL NOTTELLYOU OTHERWISE This is why the RevSlider SoakSoak infection was so widespread. Many didn't know the plugin was built within the theme.
HAVE A MINIMALIST APPROACH TO PLUGINS ANDTHEMES. • Only have the plugins you are using at that time on your site.You can always upload them again later. • Only have your theme you are using on your site. • If something is not active, delete it. @michele_butcher
BACK UPYOUR SITE! SOMEWHERE,ANYWHERE, JUST HAVE A BACKUP COPY. BackupBuddy from iThemes is a great choice. iThemes Security will do a database backup for you. http://ithemes.com/backupbuddy @michele_butcher
ALWAYS BACK UPTO SOMEPLACE OTHERTHANYOUR SERVER. IFTHE SERVER GETS HACKED, SO DOESYOUR BACKUP. EVEN BACKING A COPYTO DROPBOX ORYOUR COMPUTER IS A BETTER OPTION. @michele_butcher
DON’T LETYOUR SITE GET LONELY. Lonely sites can turn into zombie sites and nobody wants a zombie @michele_butcher
IFYOUR WEBSITE GET HACKED IT IS NOTTHE END OFTHE WORLD. IT CAN AND WILL BE FIXED. @michele_butcher
WHO CLEANS HACKED WEBSITES? Well I do over at WP Security Lock ~Smile~ http://wpsecuritylock.com I apologize… had to do one shameful plug. @michele_butcher
WHAT ARE OTHER WAYS I CAN BE MORE SECURE? @michele_butcher
ALWAYS USE COMPLEX PASSWORDS.ALWAYS! FOR EVERYTHING! “PASSWORD” IS NEVER A GOOD PASSWORD! @michele_butcher
NEVER EMAIL PASSWORDSTO ANYONE. INCLUDING YOURSELF. @michele_butcher
USE A DIFFERENT PASSWORD FOR EACH AND EVERYTHING YOU LOG INTO.
USE SOMETHING LIKE LASTPASS OR ONE PASSWORDTO SAVEYOUR PASSWORDS ANDTO SHARE PASSWORDS WITH OTHERS.
IFTHE LOGIN HAS A TWO-FACTOR AUTHENTICATION, USE IT! @michele_butcher
ANTI-VIRUS PROTECTYOUR UNIT! Yes I even have an anti-virus on my Mac! AVG and Avast have free versions as well as paid. Kaspersky is great with Windows and Macs. @michele_butcher
BE CONSCIOUS WHEN USING PUBLIC WIFI. @michele_butcher
USE AVPN WHEN CONNECTING OUT INTHE WILD. torguard.com @michele_butcher
UPDATE! UPDATE! UPDATE! Let me say this again
BACK UP EVERYTHING AND BACK IT UP OFTEN. IFYOU FEARYOU MIGHT LOSE INFORMATION, SAVE IT IN MORETHAN ONE SPOT. BITCASA, CARBONITE,AND EXTERNAL HARD DRIVES ARE GREAT OPTIONS OF BACKING UP DATA. @michele_butcher
QUESTIONS? @michele_butcher
THANKYOU FOR ATTENDING! Slides can be found at http://mlb.pw/wcstl2015 Michele Butcher @michele_butcher http://wpsecuritylock.com http://cantspeakgeek.com
1 of 47

Intro to Security (Beginner's Edition) WordCamp St. Louis 2015

Download to read offline
Internet

An intro to WordPress website security

Michele Butcher-Jones
Michele Butcher-JonesLead Web Support Technical Specialist at Thrive Agency

Recommended

Security Isn't Scary and It's Not Rocket Science either. by
Security Isn't Scary and It's Not Rocket Science either.Security Isn't Scary and It's Not Rocket Science either.
Security Isn't Scary and It's Not Rocket Science either.Michele Butcher-Jones
1.1K views39 slides
Passwords, Attacks, and Security oh my! by
Passwords, Attacks, and Security oh my!Passwords, Attacks, and Security oh my!
Passwords, Attacks, and Security oh my!Michele Butcher-Jones
508 views42 slides
Passwords, Attacks, and Security oh My! by
Passwords, Attacks, and Security oh My!Passwords, Attacks, and Security oh My!
Passwords, Attacks, and Security oh My!Michele Butcher-Jones
164 views42 slides
Are You Safe From Hackers by
Are You Safe From HackersAre You Safe From Hackers
Are You Safe From HackersMichele Butcher-Jones
402 views46 slides
Passwords, Attakcks, and Security, oh my! by
Passwords, Attakcks, and Security, oh my!Passwords, Attakcks, and Security, oh my!
Passwords, Attakcks, and Security, oh my!Michele Butcher
3.7K views42 slides
Sucuri Webinar: Understand and Fix Google Blacklist Warnings by
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri
1.4K views44 slides

More Related Content

What's hot

Sucuri Webinar: Oh No! My Website Has Been Hacked. by
Sucuri Webinar: Oh No! My Website Has Been Hacked.Sucuri Webinar: Oh No! My Website Has Been Hacked.
Sucuri Webinar: Oh No! My Website Has Been Hacked.Sucuri
1.2K views42 slides
Tips And Zips Part 1 by
Tips And Zips Part 1Tips And Zips Part 1
Tips And Zips Part 1ql.things
488 views26 slides
WordPress media library - Going Outside the Instructionsmedia library by
WordPress media library - Going Outside the Instructionsmedia libraryWordPress media library - Going Outside the Instructionsmedia library
WordPress media library - Going Outside the Instructionsmedia libraryEasily Amused, Inc. & The WP Valet
630 views54 slides
The Power of Mobile & Cloud: Building a Homesecurity-System with Microsoft Az... by
The Power of Mobile & Cloud: Building a Homesecurity-System with Microsoft Az...The Power of Mobile & Cloud: Building a Homesecurity-System with Microsoft Az...
The Power of Mobile & Cloud: Building a Homesecurity-System with Microsoft Az...Swiss Data Forum Swiss Data Forum
351 views22 slides
Sucuri Webinar: How to Optimize Your Website for Best Performance by
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri
1.5K views21 slides
Your Site vs. The World (WordCamp LA 2014) by
Your Site vs. The World (WordCamp LA 2014)Your Site vs. The World (WordCamp LA 2014)
Your Site vs. The World (WordCamp LA 2014)Jason Cosper
309 views105 slides

What's hot(20)

Sucuri Webinar: Oh No! My Website Has Been Hacked. by Sucuri
Sucuri Webinar: Oh No! My Website Has Been Hacked.Sucuri Webinar: Oh No! My Website Has Been Hacked.
Sucuri Webinar: Oh No! My Website Has Been Hacked.
Sucuri 1.2K views
Tips And Zips Part 1 by ql.things
Tips And Zips Part 1Tips And Zips Part 1
Tips And Zips Part 1
ql.things488 views
WordPress media library - Going Outside the Instructionsmedia library by Easily Amused, Inc. & The WP Valet
WordPress media library - Going Outside the Instructionsmedia libraryWordPress media library - Going Outside the Instructionsmedia library
WordPress media library - Going Outside the Instructionsmedia library
Easily Amused, Inc. & The WP Valet630 views
The Power of Mobile & Cloud: Building a Homesecurity-System with Microsoft Az... by Swiss Data Forum Swiss Data Forum
The Power of Mobile & Cloud: Building a Homesecurity-System with Microsoft Az...The Power of Mobile & Cloud: Building a Homesecurity-System with Microsoft Az...
The Power of Mobile & Cloud: Building a Homesecurity-System with Microsoft Az...
Swiss Data Forum Swiss Data Forum351 views
Sucuri Webinar: How to Optimize Your Website for Best Performance by Sucuri
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri 1.5K views
Your Site vs. The World (WordCamp LA 2014) by Jason Cosper
Your Site vs. The World (WordCamp LA 2014)Your Site vs. The World (WordCamp LA 2014)
Your Site vs. The World (WordCamp LA 2014)
Jason Cosper309 views
Alicia Lyttle & Lorette Lyttle of Monetized Marketing - WordPress Wednesdays ... by justcess
Alicia Lyttle & Lorette Lyttle of Monetized Marketing - WordPress Wednesdays ...Alicia Lyttle & Lorette Lyttle of Monetized Marketing - WordPress Wednesdays ...
Alicia Lyttle & Lorette Lyttle of Monetized Marketing - WordPress Wednesdays ...
justcess121 views
Pubcon Las Vegas 2016 - Penguin 4.0 by paul_macnamara
Pubcon Las Vegas 2016 - Penguin 4.0Pubcon Las Vegas 2016 - Penguin 4.0
Pubcon Las Vegas 2016 - Penguin 4.0
paul_macnamara113 views
For The Love of Jetpack by Michele Butcher-Jones
For The Love of JetpackFor The Love of Jetpack
For The Love of Jetpack
Michele Butcher-Jones575 views
That's crazy! how to build single page web apps by Chris Love
That's crazy! how to build single page web appsThat's crazy! how to build single page web apps
That's crazy! how to build single page web apps
Chris Love581 views
Develop and Deploy your Mobile API with Rails, Nginx, Unicorn and Capistrano by Errazudin Ishak
Develop and Deploy your Mobile API with Rails, Nginx, Unicorn and CapistranoDevelop and Deploy your Mobile API with Rails, Nginx, Unicorn and Capistrano
Develop and Deploy your Mobile API with Rails, Nginx, Unicorn and Capistrano
Errazudin Ishak1.7K views
Twitter Talk by Andre Nosalsky
Twitter TalkTwitter Talk
Twitter Talk
Andre Nosalsky185 views
Sucuri Webinar: How Caching Options Can Impact Your Website Speed by Sucuri
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri Webinar: How Caching Options Can Impact Your Website Speed
Sucuri 476 views
10 things Not To Do With WordPress by Ricky Blacker
10 things Not To Do With WordPress10 things Not To Do With WordPress
10 things Not To Do With WordPress
Ricky Blacker139 views
Sucuri Webinar: Hacked Website Trend Report Q1/2016 by Sucuri
Sucuri Webinar: Hacked Website Trend Report Q1/2016Sucuri Webinar: Hacked Website Trend Report Q1/2016
Sucuri Webinar: Hacked Website Trend Report Q1/2016
Sucuri 1.1K views
5 Quick JavaScript Performance Improvement Tips by Troy Miles
5 Quick JavaScript Performance Improvement Tips5 Quick JavaScript Performance Improvement Tips
5 Quick JavaScript Performance Improvement Tips
Troy Miles4.1K views
Flutter For Web: An Intro by Fahad Murtaza
Flutter For Web: An IntroFlutter For Web: An Intro
Flutter For Web: An Intro
Fahad Murtaza161 views
The ES6 Conundrum - All Things Open 2015 by Christian Heilmann
The ES6 Conundrum - All Things Open 2015The ES6 Conundrum - All Things Open 2015
The ES6 Conundrum - All Things Open 2015
Christian Heilmann5.7K views
Progressive Web Apps - Techdays Finland by Christian Heilmann
Progressive Web Apps - Techdays FinlandProgressive Web Apps - Techdays Finland
Progressive Web Apps - Techdays Finland
Christian Heilmann1.4K views
My Site Was Hacked! by Didit Marketing
My Site Was Hacked!My Site Was Hacked!
My Site Was Hacked!
Didit Marketing 5.1K views

Viewers also liked

WordCamp Belo Horizonte 2015 | Hackers vs WordPress – A Rebelião das Máquinas by
WordCamp Belo Horizonte 2015 | Hackers vs WordPress – A Rebelião das MáquinasWordCamp Belo Horizonte 2015 | Hackers vs WordPress – A Rebelião das Máquinas
WordCamp Belo Horizonte 2015 | Hackers vs WordPress – A Rebelião das MáquinasThiago Dieb
1.1K views26 slides
САМБО для WordPress by
САМБО для WordPressСАМБО для WordPress
САМБО для WordPressOleksandr Strikha
1.3K views60 slides
Word benchfukuoka by
Word benchfukuokaWord benchfukuoka
Word benchfukuokaJunji Manno
3.7K views38 slides
Výkon WordPress by
Výkon WordPressVýkon WordPress
Výkon WordPressVladimír Smitka
8.2K views57 slides
Cash blog system- Make Money Online With Simple Blogs by
Cash blog system- Make Money Online With Simple BlogsCash blog system- Make Money Online With Simple Blogs
Cash blog system- Make Money Online With Simple Blogsadfw ltd
19.9K views82 slides
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI by
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TIMenggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TIIsmail Fahmi
19.8K views49 slides

Viewers also liked(9)

WordCamp Belo Horizonte 2015 | Hackers vs WordPress – A Rebelião das Máquinas by Thiago Dieb
WordCamp Belo Horizonte 2015 | Hackers vs WordPress – A Rebelião das MáquinasWordCamp Belo Horizonte 2015 | Hackers vs WordPress – A Rebelião das Máquinas
WordCamp Belo Horizonte 2015 | Hackers vs WordPress – A Rebelião das Máquinas
Thiago Dieb1.1K views
САМБО для WordPress by Oleksandr Strikha
САМБО для WordPressСАМБО для WordPress
САМБО для WordPress
Oleksandr Strikha1.3K views
Word benchfukuoka by Junji Manno
Word benchfukuokaWord benchfukuoka
Word benchfukuoka
Junji Manno3.7K views
Výkon WordPress by Vladimír Smitka
Výkon WordPressVýkon WordPress
Výkon WordPress
Vladimír Smitka8.2K views
Cash blog system- Make Money Online With Simple Blogs by adfw ltd
Cash blog system- Make Money Online With Simple BlogsCash blog system- Make Money Online With Simple Blogs
Cash blog system- Make Money Online With Simple Blogs
adfw ltd19.9K views
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI by Ismail Fahmi
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TIMenggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI
Ismail Fahmi19.8K views
WEB ve MOBİL SIZMA TESTLERİ by BGA Cyber Security
WEB ve MOBİL SIZMA TESTLERİ WEB ve MOBİL SIZMA TESTLERİ
WEB ve MOBİL SIZMA TESTLERİ
BGA Cyber Security8K views
23k guestbooks mix by Waleed Ahmad
23k guestbooks mix23k guestbooks mix
23k guestbooks mix
Waleed Ahmad1.5M views
Web 2016 (13/13) Securitatea aplicațiilor Web by Sabin Buraga
Web 2016 (13/13) Securitatea aplicațiilor WebWeb 2016 (13/13) Securitatea aplicațiilor Web
Web 2016 (13/13) Securitatea aplicațiilor Web
Sabin Buraga3.1K views

Similar to Intro to Security (Beginner's Edition) WordCamp St. Louis 2015

So i have a website now what? by
So i have a website now what?So i have a website now what?
So i have a website now what?Michele Butcher-Jones
1.2K views44 slides
Keep Your SIte Secure by
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte SecureMichele Butcher-Jones
579 views42 slides
Your Site Has Been Hacked, Now What? by
Your Site Has Been Hacked, Now What?Your Site Has Been Hacked, Now What?
Your Site Has Been Hacked, Now What?Michele Butcher-Jones
1.9K views34 slides
I Have My WordPress Site Now What? by
I Have My WordPress Site Now What?I Have My WordPress Site Now What?
I Have My WordPress Site Now What?Michele Butcher-Jones
595 views44 slides
From Zero To WordPress by
From Zero To WordPressFrom Zero To WordPress
From Zero To WordPressMichele Butcher-Jones
842 views29 slides
WordPress Security Essentials WordCamp Denver 2012 by
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
2.6K views34 slides

Similar to Intro to Security (Beginner's Edition) WordCamp St. Louis 2015(20)

So i have a website now what? by Michele Butcher-Jones
So i have a website now what?So i have a website now what?
So i have a website now what?
Michele Butcher-Jones1.2K views
Keep Your SIte Secure by Michele Butcher-Jones
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte Secure
Michele Butcher-Jones579 views
Your Site Has Been Hacked, Now What? by Michele Butcher-Jones
Your Site Has Been Hacked, Now What?Your Site Has Been Hacked, Now What?
Your Site Has Been Hacked, Now What?
Michele Butcher-Jones1.9K views
I Have My WordPress Site Now What? by Michele Butcher-Jones
I Have My WordPress Site Now What?I Have My WordPress Site Now What?
I Have My WordPress Site Now What?
Michele Butcher-Jones595 views
From Zero To WordPress by Michele Butcher-Jones
From Zero To WordPressFrom Zero To WordPress
From Zero To WordPress
Michele Butcher-Jones842 views
WordPress Security Essentials WordCamp Denver 2012 by Angela Bowman
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
Angela Bowman2.6K views
Zero To WordPress Plubish by Michele Butcher-Jones
Zero To WordPress PlubishZero To WordPress Plubish
Zero To WordPress Plubish
Michele Butcher-Jones553 views
How to Secure your WordPress Website - WordCamp UK 2014 by Primary Image Ltd
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
Primary Image Ltd2.9K views
Sucuri Webinar: How to identify and clean a hacked Joomla! website by Sucuri
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri 2.6K views
Project Spread-01-19.pdf by sandipanpaul16
Project Spread-01-19.pdfProject Spread-01-19.pdf
Project Spread-01-19.pdf
sandipanpaul162 views
WordCamp Minnepolis 2015: From Zero To WordPress Publish by Michele Butcher-Jones
WordCamp Minnepolis 2015: From Zero To WordPress PublishWordCamp Minnepolis 2015: From Zero To WordPress Publish
WordCamp Minnepolis 2015: From Zero To WordPress Publish
Michele Butcher-Jones1.2K views
Word camp pune 2013 security by Gaurav Singh
Word camp pune 2013 securityWord camp pune 2013 security
Word camp pune 2013 security
Gaurav Singh7K views
I Want These * Bugs Off My * Internet by Dan Kaminsky
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * Internet
Dan Kaminsky197.3K views
Bridging the Gap: From WordPress beginner to WordPress Wizard by Matthew Vaccaro
Bridging the Gap: From WordPress beginner to WordPress WizardBridging the Gap: From WordPress beginner to WordPress Wizard
Bridging the Gap: From WordPress beginner to WordPress Wizard
Matthew Vaccaro1.3K views
Strategies for securing your banks & enterprises (from someone who robs bank... by ITCamp
Strategies for securing your banks & enterprises (from someone who robs bank... Strategies for securing your banks & enterprises (from someone who robs bank...
Strategies for securing your banks & enterprises (from someone who robs bank...
ITCamp1.2K views
WordPress Security Essentials by Angela Bowman
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
Angela Bowman947 views
Faster Secure Software Development with Continuous Deployment - PH Days 2013 by Nick Galbreath
Faster Secure Software Development with Continuous Deployment - PH Days 2013Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Nick Galbreath1.5K views
Anatomy of a_bum by Flora Runyenje
Anatomy of a_bumAnatomy of a_bum
Anatomy of a_bum
Flora Runyenje72 views
Dont Break Live lightning talk by Jamie Schmid
Dont Break Live lightning talkDont Break Live lightning talk
Dont Break Live lightning talk
Jamie Schmid1.3K views
WordCamp Ottawa 2016: Updates by the___miked
WordCamp Ottawa 2016: UpdatesWordCamp Ottawa 2016: Updates
WordCamp Ottawa 2016: Updates
the___miked174 views

More from Michele Butcher-Jones

Onboarding Clients Does Not have to take a Miracle to get all the things! - W... by
Onboarding Clients Does Not have to take a Miracle to get all the things! - W...Onboarding Clients Does Not have to take a Miracle to get all the things! - W...
Onboarding Clients Does Not have to take a Miracle to get all the things! - W...Michele Butcher-Jones
77 views26 slides
Elevating Customer Experiences by
Elevating Customer ExperiencesElevating Customer Experiences
Elevating Customer ExperiencesMichele Butcher-Jones
108 views31 slides
You Don't Have to be Crazy to Work Here! A Mental Health Check by
You Don't Have to be Crazy to Work Here! A Mental Health CheckYou Don't Have to be Crazy to Work Here! A Mental Health Check
You Don't Have to be Crazy to Work Here! A Mental Health CheckMichele Butcher-Jones
112 views30 slides
WordPress London: Creating a 5 Star Customer Experience by
WordPress London: Creating a 5 Star Customer ExperienceWordPress London: Creating a 5 Star Customer Experience
WordPress London: Creating a 5 Star Customer ExperienceMichele Butcher-Jones
215 views31 slides
Demons in the Closet - Handling your mental health while working remotely and... by
Demons in the Closet - Handling your mental health while working remotely and...Demons in the Closet - Handling your mental health while working remotely and...
Demons in the Closet - Handling your mental health while working remotely and...Michele Butcher-Jones
169 views30 slides
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill... by
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...Michele Butcher-Jones
222 views16 slides

More from Michele Butcher-Jones(20)

Onboarding Clients Does Not have to take a Miracle to get all the things! - W... by Michele Butcher-Jones
Onboarding Clients Does Not have to take a Miracle to get all the things! - W...Onboarding Clients Does Not have to take a Miracle to get all the things! - W...
Onboarding Clients Does Not have to take a Miracle to get all the things! - W...
Michele Butcher-Jones77 views
Elevating Customer Experiences by Michele Butcher-Jones
Elevating Customer ExperiencesElevating Customer Experiences
Elevating Customer Experiences
Michele Butcher-Jones108 views
You Don't Have to be Crazy to Work Here! A Mental Health Check by Michele Butcher-Jones
You Don't Have to be Crazy to Work Here! A Mental Health CheckYou Don't Have to be Crazy to Work Here! A Mental Health Check
You Don't Have to be Crazy to Work Here! A Mental Health Check
Michele Butcher-Jones112 views
WordPress London: Creating a 5 Star Customer Experience by Michele Butcher-Jones
WordPress London: Creating a 5 Star Customer ExperienceWordPress London: Creating a 5 Star Customer Experience
WordPress London: Creating a 5 Star Customer Experience
Michele Butcher-Jones215 views
Demons in the Closet - Handling your mental health while working remotely and... by Michele Butcher-Jones
Demons in the Closet - Handling your mental health while working remotely and...Demons in the Closet - Handling your mental health while working remotely and...
Demons in the Closet - Handling your mental health while working remotely and...
Michele Butcher-Jones169 views
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill... by Michele Butcher-Jones
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...
Successful Teams are Created when Everyone Leads - Shift-Enter Charlottesvill...
Michele Butcher-Jones222 views
What To Do Post-Launch: How To Care For Your Brand New WordPress Site by Michele Butcher-Jones
What To Do Post-Launch: How To Care For Your Brand New WordPress SiteWhat To Do Post-Launch: How To Care For Your Brand New WordPress Site
What To Do Post-Launch: How To Care For Your Brand New WordPress Site
Michele Butcher-Jones119 views
The Five Star Customer Experience by Michele Butcher-Jones
The Five Star Customer ExperienceThe Five Star Customer Experience
The Five Star Customer Experience
Michele Butcher-Jones114 views
Taming the Demons in the Closet by Michele Butcher-Jones
Taming the Demons in the ClosetTaming the Demons in the Closet
Taming the Demons in the Closet
Michele Butcher-Jones108 views
My website is live now what? by Michele Butcher-Jones
My website is live now what?My website is live now what?
My website is live now what?
Michele Butcher-Jones635 views
WordCamp St Louis 2018 Contributing Without Coding by Michele Butcher-Jones
WordCamp St Louis 2018 Contributing Without CodingWordCamp St Louis 2018 Contributing Without Coding
WordCamp St Louis 2018 Contributing Without Coding
Michele Butcher-Jones205 views
Contributing to WordPress without Coding by Michele Butcher-Jones
Contributing to WordPress without CodingContributing to WordPress without Coding
Contributing to WordPress without Coding
Michele Butcher-Jones36 views
The Five Star Customer Service Experience by Michele Butcher-Jones
The Five Star Customer Service ExperienceThe Five Star Customer Service Experience
The Five Star Customer Service Experience
Michele Butcher-Jones1.9K views
Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St... by Michele Butcher-Jones
Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...
Demons In The Closet - A look at Mental Health with Remote Wokers WordCamp St...
Michele Butcher-Jones140 views
Demons in the Closet WordCamp Montreal 2016 by Michele Butcher-Jones
Demons in the Closet WordCamp Montreal 2016Demons in the Closet WordCamp Montreal 2016
Demons in the Closet WordCamp Montreal 2016
Michele Butcher-Jones474 views
Jetpack All The Things by Michele Butcher-Jones
Jetpack All The ThingsJetpack All The Things
Jetpack All The Things
Michele Butcher-Jones530 views
WordPress for beginners lesson 4 fall2015 JALC by Michele Butcher-Jones
WordPress for beginners lesson 4 fall2015 JALCWordPress for beginners lesson 4 fall2015 JALC
WordPress for beginners lesson 4 fall2015 JALC
Michele Butcher-Jones323 views
Word press for beginners lesson 3 jalc fall 2015 by Michele Butcher-Jones
Word press for beginners lesson 3 jalc fall 2015Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015
Michele Butcher-Jones400 views
Beginners WordPress JALC Lesson 2 by Michele Butcher-Jones
Beginners WordPress JALC Lesson 2Beginners WordPress JALC Lesson 2
Beginners WordPress JALC Lesson 2
Michele Butcher-Jones533 views
WordPress For Beginners Lesson 1 JALC Fall 2015 by Michele Butcher-Jones
WordPress For Beginners Lesson 1 JALC Fall 2015WordPress For Beginners Lesson 1 JALC Fall 2015
WordPress For Beginners Lesson 1 JALC Fall 2015
Michele Butcher-Jones297 views

Recently uploaded

IETF 118: Starlink Protocol Performance by
IETF 118: Starlink Protocol PerformanceIETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol PerformanceAPNIC
414 views22 slides
The Dark Web : Hidden Services by
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden ServicesAnshu Singh
14 views24 slides
How to think like a threat actor for Kubernetes.pptx by
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptxLibbySchulze1
5 views33 slides
Building trust in our information ecosystem: who do we trust in an emergency by
Building trust in our information ecosystem: who do we trust in an emergencyBuilding trust in our information ecosystem: who do we trust in an emergency
Building trust in our information ecosystem: who do we trust in an emergencyTina Purnat
110 views18 slides
ATPMOUSE_융합2조.pptx by
ATPMOUSE_융합2조.pptxATPMOUSE_융합2조.pptx
ATPMOUSE_융합2조.pptxkts120898
35 views70 slides
Affiliate Marketing by
Affiliate MarketingAffiliate Marketing
Affiliate MarketingNavin Dhanuka
17 views30 slides

Recently uploaded(9)

IETF 118: Starlink Protocol Performance by APNIC
IETF 118: Starlink Protocol PerformanceIETF 118: Starlink Protocol Performance
IETF 118: Starlink Protocol Performance
APNIC414 views
The Dark Web : Hidden Services by Anshu Singh
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
Anshu Singh14 views
How to think like a threat actor for Kubernetes.pptx by LibbySchulze1
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptx
LibbySchulze15 views
Building trust in our information ecosystem: who do we trust in an emergency by Tina Purnat
Building trust in our information ecosystem: who do we trust in an emergencyBuilding trust in our information ecosystem: who do we trust in an emergency
Building trust in our information ecosystem: who do we trust in an emergency
Tina Purnat110 views
ATPMOUSE_융합2조.pptx by kts120898
ATPMOUSE_융합2조.pptxATPMOUSE_융합2조.pptx
ATPMOUSE_융합2조.pptx
kts12089835 views
Affiliate Marketing by Navin Dhanuka
Affiliate MarketingAffiliate Marketing
Affiliate Marketing
Navin Dhanuka17 views
hamro digital logics.pptx by tupeshghimire
hamro digital logics.pptxhamro digital logics.pptx
hamro digital logics.pptx
tupeshghimire10 views
information by khelgishekhar
informationinformation
information
khelgishekhar10 views
Marketing and Community Building in Web3 by Federico Ast
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3
Federico Ast14 views

Intro to Security (Beginner's Edition) WordCamp St. Louis 2015

  • 1. INTROTO SECURITY (BEGINNERS EDITION) Michele Butcher CantSpeakGeek.com WPSecurityLock.com @Michele_Butcher Slides can be found at http://mlb.pw/wcstl2015
  • 2. MICHELE BUTCHER • WordPress Specialist, Site Cleaner, andTrainer for 
 WP Security Lock • WordPress Specialist for Megabytes Inc • One Woman Wonder at 
 Can’t Speak Geek @michele_butcher
  • 4. EVERY DAY HACKERSTRYTO FIND WAYSTO GETYOUR INFORMATION. @michele_butcher
  • 5. WHY DO HACKERS HACK? • Make bank • Build a zombie site army • Share their nasty malware with the world • Get your information • They are bored • They want to see if they can do it @michele_butcher
  • 6. WHY ARETHESE PEOPLE ATTACKING ME? Anymore, it is not people but bots attacking your site. Hackers have programs that do the work for them. Rarely is it people doing the hacking unless it is targeted. Strong opinion sites are a good example. @michele_butcher
  • 7. HOW DOTHEY GET IN? • Guess your login. If you know it so can someone else. (Brute force attack or man in the middle) • Denial of Service attack (DDoS) flood your site with more traffic than it can handle • Through a theme, file or plugin • Through your FTP or CPanel. (Files set to read, write,execute. Brute force, anonymous login, shared hosting infection) @michele_butcher
  • 8. AND NOW FORTHE ONLY THING SCARYTHAT I AM GOINGTO SAY. @michele_butcher
  • 9. YOU ARE NEVER 100% SECURE @michele_butcher
  • 10. EVEN ATEST SITE OR A KNITTING SITE WITH ONLY 2 VISITORS CAN BE HACKED. IT CAN HAPPENTOYOUR SITE. @michele_butcher It has happened to me, it can happen to you.
  • 11. DON’T LET SECURITY MAKE YOU LIKETHIS GUY. @michele_butcher
  • 12. NEVER FEAR… THERE ARE WAYSTO KEEPTHE HACKER ATTACKERS OUT! @michele_butcher I promise it is not all that painful!
  • 14. NEVER EVER EVER USE ADMIN AS USER NAME OR PASSWORD AS PASSWORD. NEVER! @michele_butcher Got it?
  • 15. ALWAYS CHANGEYOUR PREFIX NAME FROM WP_ LET IT BE ANYTHING OTHERTHAN WP_ FDHSFJKHS_ IS ALWAYS GOOD I typically do not even look at what I am typing anymore when I make the WP prefix.The random the better. @michele_butcher
  • 16. WHAT TO DO WHEN YOU HAVETEMPORARY PEOPLE INYOUR DASHBOARD @michele_butcher
  • 17. ALWAYS USE SFTP Regular FTP is not secure. Do not use it unless the server is only set up for FTP.
  • 18. Only give them access to what they NEED not what they want. Just because they want to be an admin does not automatically make them one. Guest bloggers should not be anymore than a contributor.
  • 19. If it is only a temporary login, delete their login when they have completed their job. If they have posts on your site, you can knock them down to subscribers so they can not change anything on your site. If they are only doing work, delete them when their job is done.
  • 20. Set up a file change detection notification to know what they are changing in your site. iThemes Security and other security plugins give you the option to see what all users are doing when logged into the dashboard.
  • 22. ITHEMES SECURITY PRO Great all encompassing best practices WordPress security plugin. Two versions a free and a premium. http://ithemes.com/security @michele_butcher
  • 23. BRUTE PROTECT If you are mainly worried about DDoS attacks, Brute Protect has you covered. http://bruteprotect.com @michele_butcher
  • 24. WHO CAN SCAN MY SITE FOR MALWARE? Google Webmaster Tools http://google.com/webmaster VirusTotal https://virustotal.com iThemes Security Pro htttp://ithemes.com/security @michele_butcher
  • 25. NEED AN EXTRA EYE ON YOUR SITE? CloudFlare has a free and premium version. http://cloudflare.com @michele_butcher
  • 26. THINGSYOU CAN DOTO 
 PROTECTYOUR WEBSITE
  • 27. UPDATE! UPDATE! UPDATE! Update core, update plugins, update themes, update content, update everything and update often! The biggest source of nearly all hacks as once something is patched, it is trivial to get into the old stuff. @michele_butcher
  • 28. IFYOU USETHEMES OR PLUGINS AT ANY OFTHE ENVATO (THEMEFOREST, CODE CANYON) ALWAYS CHECKTHE BOXTO BE NOTIFIED OF UPDATES.THEY WILL NOTTELLYOU OTHERWISE This is why the RevSlider SoakSoak infection was so widespread. Many didn't know the plugin was built within the theme.
  • 29. HAVE A MINIMALIST APPROACH TO PLUGINS ANDTHEMES. • Only have the plugins you are using at that time on your site.You can always upload them again later. • Only have your theme you are using on your site. • If something is not active, delete it. @michele_butcher
  • 30. BACK UPYOUR SITE! SOMEWHERE,ANYWHERE, JUST HAVE A BACKUP COPY. BackupBuddy from iThemes is a great choice. iThemes Security will do a database backup for you. http://ithemes.com/backupbuddy @michele_butcher
  • 31. ALWAYS BACK UPTO SOMEPLACE OTHERTHANYOUR SERVER. IFTHE SERVER GETS HACKED, SO DOESYOUR BACKUP. EVEN BACKING A COPYTO DROPBOX ORYOUR COMPUTER IS A BETTER OPTION. @michele_butcher
  • 32. DON’T LETYOUR SITE GET LONELY. Lonely sites can turn into zombie sites and nobody wants a zombie @michele_butcher
  • 33. IFYOUR WEBSITE GET HACKED IT IS NOTTHE END OFTHE WORLD. IT CAN AND WILL BE FIXED. @michele_butcher
  • 34. WHO CLEANS HACKED WEBSITES? Well I do over at WP Security Lock ~Smile~ http://wpsecuritylock.com I apologize… had to do one shameful plug. @michele_butcher
  • 35. WHAT ARE OTHER WAYS I CAN BE MORE SECURE? @michele_butcher
  • 36. ALWAYS USE COMPLEX PASSWORDS.ALWAYS! FOR EVERYTHING! “PASSWORD” IS NEVER A GOOD PASSWORD! @michele_butcher
  • 37. NEVER EMAIL PASSWORDSTO ANYONE. INCLUDING YOURSELF. @michele_butcher
  • 38. USE A DIFFERENT PASSWORD FOR EACH AND EVERYTHING YOU LOG INTO.
  • 39. USE SOMETHING LIKE LASTPASS OR ONE PASSWORDTO SAVEYOUR PASSWORDS ANDTO SHARE PASSWORDS WITH OTHERS.
  • 40. IFTHE LOGIN HAS A TWO-FACTOR AUTHENTICATION, USE IT! @michele_butcher
  • 41. ANTI-VIRUS PROTECTYOUR UNIT! Yes I even have an anti-virus on my Mac! AVG and Avast have free versions as well as paid. Kaspersky is great with Windows and Macs. @michele_butcher
  • 42. BE CONSCIOUS WHEN USING PUBLIC WIFI. @michele_butcher
  • 43. USE AVPN WHEN CONNECTING OUT INTHE WILD. torguard.com @michele_butcher
  • 45. BACK UP EVERYTHING AND BACK IT UP OFTEN. IFYOU FEARYOU MIGHT LOSE INFORMATION, SAVE IT IN MORETHAN ONE SPOT. BITCASA, CARBONITE,AND EXTERNAL HARD DRIVES ARE GREAT OPTIONS OF BACKING UP DATA. @michele_butcher
  • 47. THANKYOU FOR ATTENDING! Slides can be found at http://mlb.pw/wcstl2015 Michele Butcher @michele_butcher http://wpsecuritylock.com http://cantspeakgeek.com