Breaking WordPress

1,798 views

Published on

A Brief overview of WordPress and common security issues. Talks about hosting, commen WordPress infection types and features resources to help keep WordPress secure.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,798
On SlideShare
0
From Embeds
0
Number of Embeds
1,218
Actions
Shares
0
Downloads
3
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Breaking WordPress

  1. 1. Breaking WordPress
  2. 2. #WHOISDAVIDYARDE • AKA Batman • Co-founder @ Sevenality • Twitter: @dsmy
  3. 3. The Web is HUGE!!! There are over 1.8 Billion active websites on the web. • 43% of the top 1 million websites are hosted in USA itself. • 48% of the top 100 blogs/websites run on WordPress. • 672 Exabytes - 672,000,000,000 Gigabytes (GB) of accessible data.
  4. 4. Today’s Challenges • Administration • Credentials • End-users aka wildcards • Education
  5. 5. • Core • Themes* • Plugins* • End-users* Today’s Problem*
  6. 6. Implications of a Hacked Site • SEO rankings wrecked • Loss of customer trust • Visitors exposed to malware • Hours of time wasted assessing & repairing damage • Loss of sales/money
  7. 7. Types of Attacks Opportunistic Targeted • Web Trolls • Ability for mass exposure • Timthumb • Big Enterprises • Wordpress.com • Woothemes • Usually worth the time and energy invested to compromise • Done for bigger returns
  8. 8. Top 5 WordPress Infections • Backdoors • Difficult to detect via http • Good time to start crying • Pharma Attacks • Owners usually detect • Now shamefully selling viagra or some other drug • Injections • Think fake Anti-virus downloads • Defacements • You’re now supporting a rebel army • Malicious Redirects
  9. 9. Know Your Environment • What kind of security does your host use? • What will they do if your site gets hacked? • Will they fix it? • Will they shut it down?
  10. 10. If server management isn’t your thing, use a managed solution.
  11. 11. • WP Engine - http://wpengine.com/ • Flywheel - http://getflywheel.com/ • MediaTemple - http://mediatemple.net/ • GoDaddy - http://www.godaddy.com/ Managed WP Hosting Providers
  12. 12. HELP!! Everything is broken and I’ve been blacklisted!!! • Don’t panic. • Detect • Remove • Protect • Submit
  13. 13. Recommended Resources• WP Security Checklist - http://wpsecuritychecklist.com • Clef - https://getclef.com • iThemes Security(Better WP Security) - http://ithemes.com/security • WP Security Lock - http://wpsecuritylock.com • VaultPress - https://vaultpress.com • ManageWP - https://managewp.com
  14. 14. “An ounce of prevention is worth a pound of cure.” - Benjamin Franklin
  15. 15. Thank You • David Yarde • Co-founder @ Sevenality • Twitter: @dsmy • Email: david@sevenality.com

×