SlideShare a Scribd company logo

Breaking WordPress

Download as PPT, PDF
David Yarde
David Yarde

A Brief overview of WordPress and common security issues. Talks about hosting, commen WordPress infection types and features resources to help keep WordPress secure.

1 of 15
Breaking WordPress
#WHOISDAVIDYARDE • AKA Batman • Co-founder @ Sevenality • Twitter: @dsmy
The Web is HUGE!!! There are over 1.8 Billion active websites on the web. • 43% of the top 1 million websites are hosted in USA itself. • 48% of the top 100 blogs/websites run on WordPress. • 672 Exabytes - 672,000,000,000 Gigabytes (GB) of accessible data.
Today’s Challenges • Administration • Credentials • End-users aka wildcards • Education
• Core • Themes* • Plugins* • End-users* Today’s Problem*
Implications of a Hacked Site • SEO rankings wrecked • Loss of customer trust • Visitors exposed to malware • Hours of time wasted assessing & repairing damage • Loss of sales/money
Types of Attacks Opportunistic Targeted • Web Trolls • Ability for mass exposure • Timthumb • Big Enterprises • Wordpress.com • Woothemes • Usually worth the time and energy invested to compromise • Done for bigger returns
Top 5 WordPress Infections • Backdoors • Difficult to detect via http • Good time to start crying • Pharma Attacks • Owners usually detect • Now shamefully selling viagra or some other drug • Injections • Think fake Anti-virus downloads • Defacements • You’re now supporting a rebel army • Malicious Redirects
Know Your Environment • What kind of security does your host use? • What will they do if your site gets hacked? • Will they fix it? • Will they shut it down?
If server management isn’t your thing, use a managed solution.
• WP Engine - http://wpengine.com/ • Flywheel - http://getflywheel.com/ • MediaTemple - http://mediatemple.net/ • GoDaddy - http://www.godaddy.com/ Managed WP Hosting Providers
HELP!! Everything is broken and I’ve been blacklisted!!! • Don’t panic. • Detect • Remove • Protect • Submit
Recommended Resources• WP Security Checklist - http://wpsecuritychecklist.com • Clef - https://getclef.com • iThemes Security(Better WP Security) - http://ithemes.com/security • WP Security Lock - http://wpsecuritylock.com • VaultPress - https://vaultpress.com • ManageWP - https://managewp.com
“An ounce of prevention is worth a pound of cure.” - Benjamin Franklin
Thank You • David Yarde • Co-founder @ Sevenality • Twitter: @dsmy • Email: david@sevenality.com

Recommended

Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress Site
Chris Burgess
 
10 Ways to Secure WordPress
10 Ways to Secure WordPress10 Ways to Secure WordPress
10 Ways to Secure WordPress
Jeremy Green
 
10 Ways to Speed Up and Secure your WP Site
10 Ways to Speed Up and Secure your WP Site10 Ways to Speed Up and Secure your WP Site
10 Ways to Speed Up and Secure your WP Site
FLBlogCon
 
Why it's not your host's fault
Why it's not your host's faultWhy it's not your host's fault
Why it's not your host's fault
chadmow03
 
Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte Secure
Michele Butcher-Jones
 
VaultPress: A Plugin for your Backup needs
VaultPress: A Plugin for your Backup needsVaultPress: A Plugin for your Backup needs
VaultPress: A Plugin for your Backup needs
Jacklyn Stachurski
 
WP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress MeetupWP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress Meetup
Suzette Franck
 
Stephen Cronin - WordPress and Government
Stephen Cronin - WordPress and GovernmentStephen Cronin - WordPress and Government
Stephen Cronin - WordPress and Government
sjcronin99
 

Recommended

Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress Site
Chris Burgess
 
10 Ways to Secure WordPress
10 Ways to Secure WordPress10 Ways to Secure WordPress
10 Ways to Secure WordPress
Jeremy Green
 
10 Ways to Speed Up and Secure your WP Site
10 Ways to Speed Up and Secure your WP Site10 Ways to Speed Up and Secure your WP Site
10 Ways to Speed Up and Secure your WP Site
FLBlogCon
 
Why it's not your host's fault
Why it's not your host's faultWhy it's not your host's fault
Why it's not your host's fault
chadmow03
 
Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte Secure
Michele Butcher-Jones
 
VaultPress: A Plugin for your Backup needs
VaultPress: A Plugin for your Backup needsVaultPress: A Plugin for your Backup needs
VaultPress: A Plugin for your Backup needs
Jacklyn Stachurski
 
WP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress MeetupWP Super Cache - Topanga WordPress Meetup
WP Super Cache - Topanga WordPress Meetup
Suzette Franck
 
Stephen Cronin - WordPress and Government
Stephen Cronin - WordPress and GovernmentStephen Cronin - WordPress and Government
Stephen Cronin - WordPress and Government
sjcronin99
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
Brian Layman
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress Security
Chris Burgess
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012
Cyren, Inc
 
Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website Security
StopTheHacker
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress Troubleshooting
Tiffany Bridge
 
MWUG wp-myths
MWUG wp-mythsMWUG wp-myths
MWUG wp-myths
Mike Little
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
Robert Vidal
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
John Gamboa
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
John Gamboa
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
inf8nity
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014
Michael Carnell
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
Angela Bowman
 
HackAvert
HackAvertHackAvert
HackAvert
fepinette
 
Multisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard WayMultisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard Way
susanwrotethis
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
John Gamboa
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
Catch Themes
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
Ivan Storck
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
Peter Baylies
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security Intro
Cash Williams
 
Lovable Influence and Innovation
Lovable Influence and InnovationLovable Influence and Innovation
Lovable Influence and Innovation
David Yarde
 
Changemaking Through Design Thinking
Changemaking Through Design ThinkingChangemaking Through Design Thinking
Changemaking Through Design Thinking
David Yarde
 

More Related Content

Similar to Breaking WordPress

Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
Brian Layman
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress Security
Chris Burgess
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012
Cyren, Inc
 
Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website Security
StopTheHacker
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress Troubleshooting
Tiffany Bridge
 
MWUG wp-myths
MWUG wp-mythsMWUG wp-myths
MWUG wp-myths
Mike Little
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
Robert Vidal
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
John Gamboa
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
John Gamboa
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
inf8nity
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014
Michael Carnell
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
Angela Bowman
 
HackAvert
HackAvertHackAvert
HackAvert
fepinette
 
Multisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard WayMultisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard Way
susanwrotethis
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
John Gamboa
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
Catch Themes
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
Ivan Storck
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
Peter Baylies
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security Intro
Cash Williams
 

Similar to Breaking WordPress (20)

Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress Security
 
Compromised Website Report 2012
Compromised Website Report 2012Compromised Website Report 2012
Compromised Website Report 2012
 
Webinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website SecurityWebinar - Tips and Tricks on Website Security
Webinar - Tips and Tricks on Website Security
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress Troubleshooting
 
MWUG wp-myths
MWUG wp-mythsMWUG wp-myths
MWUG wp-myths
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014WordPress Setup and Security - WordCamp, Charleston 2014
WordPress Setup and Security - WordCamp, Charleston 2014
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
 
HackAvert
HackAvertHackAvert
HackAvert
 
Multisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard WayMultisite: Lessons I Learned the Hard Way
Multisite: Lessons I Learned the Hard Way
 
Understanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPressUnderstanding & Combating Global Censorship with WordPress
Understanding & Combating Global Censorship with WordPress
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server Security
 
Drupal Security Intro
Drupal Security IntroDrupal Security Intro
Drupal Security Intro
 

More from David Yarde

Lovable Influence and Innovation
Lovable Influence and InnovationLovable Influence and Innovation
Lovable Influence and Innovation
David Yarde
 
Changemaking Through Design Thinking
Changemaking Through Design ThinkingChangemaking Through Design Thinking
Changemaking Through Design Thinking
David Yarde
 
The Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionThe Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World Edition
David Yarde
 
The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...
David Yarde
 
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and ThriveBranding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
David Yarde
 
Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.
David Yarde
 
Managing Project Expectations and Roadblocks
Managing Project Expectations and RoadblocksManaging Project Expectations and Roadblocks
Managing Project Expectations and Roadblocks
David Yarde
 
Designing for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand StoryDesigning for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand Story
David Yarde
 
Timeless Branding
Timeless BrandingTimeless Branding
Timeless Branding
David Yarde
 
Branded Content Strategies
Branded Content StrategiesBranded Content Strategies
Branded Content Strategies
David Yarde
 
Minimum Lovable Brands
Minimum Lovable BrandsMinimum Lovable Brands
Minimum Lovable Brands
David Yarde
 
Branding for Success
Branding for SuccessBranding for Success
Branding for Success
David Yarde
 

More from David Yarde (12)

Lovable Influence and Innovation
Lovable Influence and InnovationLovable Influence and Innovation
Lovable Influence and Innovation
 
Changemaking Through Design Thinking
Changemaking Through Design ThinkingChangemaking Through Design Thinking
Changemaking Through Design Thinking
 
The Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World EditionThe Art of Working with Non-Developers: PHP World Edition
The Art of Working with Non-Developers: PHP World Edition
 
The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...The Art of Working with Non-Developers: Finding common ground on the road to ...
The Art of Working with Non-Developers: Finding common ground on the road to ...
 
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and ThriveBranding Yourself and Your Business - Building a Brand that can Adapt and Thrive
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
 
Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.Ready. Set. Handoff. - Improving the Project Handoff Experience.
Ready. Set. Handoff. - Improving the Project Handoff Experience.
 
Managing Project Expectations and Roadblocks
Managing Project Expectations and RoadblocksManaging Project Expectations and Roadblocks
Managing Project Expectations and Roadblocks
 
Designing for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand StoryDesigning for WordPress: Using User Experience to tell a Strong Brand Story
Designing for WordPress: Using User Experience to tell a Strong Brand Story
 
Timeless Branding
Timeless BrandingTimeless Branding
Timeless Branding
 
Branded Content Strategies
Branded Content StrategiesBranded Content Strategies
Branded Content Strategies
 
Minimum Lovable Brands
Minimum Lovable BrandsMinimum Lovable Brands
Minimum Lovable Brands
 
Branding for Success
Branding for SuccessBranding for Success
Branding for Success
 

Recently uploaded

Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

Breaking WordPress

  • 2. #WHOISDAVIDYARDE • AKA Batman • Co-founder @ Sevenality • Twitter: @dsmy
  • 3. The Web is HUGE!!! There are over 1.8 Billion active websites on the web. • 43% of the top 1 million websites are hosted in USA itself. • 48% of the top 100 blogs/websites run on WordPress. • 672 Exabytes - 672,000,000,000 Gigabytes (GB) of accessible data.
  • 4. Today’s Challenges • Administration • Credentials • End-users aka wildcards • Education
  • 5. • Core • Themes* • Plugins* • End-users* Today’s Problem*
  • 6. Implications of a Hacked Site • SEO rankings wrecked • Loss of customer trust • Visitors exposed to malware • Hours of time wasted assessing & repairing damage • Loss of sales/money
  • 7. Types of Attacks Opportunistic Targeted • Web Trolls • Ability for mass exposure • Timthumb • Big Enterprises • Wordpress.com • Woothemes • Usually worth the time and energy invested to compromise • Done for bigger returns
  • 8. Top 5 WordPress Infections • Backdoors • Difficult to detect via http • Good time to start crying • Pharma Attacks • Owners usually detect • Now shamefully selling viagra or some other drug • Injections • Think fake Anti-virus downloads • Defacements • You’re now supporting a rebel army • Malicious Redirects
  • 9. Know Your Environment • What kind of security does your host use? • What will they do if your site gets hacked? • Will they fix it? • Will they shut it down?
  • 10. If server management isn’t your thing, use a managed solution.
  • 11. • WP Engine - http://wpengine.com/ • Flywheel - http://getflywheel.com/ • MediaTemple - http://mediatemple.net/ • GoDaddy - http://www.godaddy.com/ Managed WP Hosting Providers
  • 12. HELP!! Everything is broken and I’ve been blacklisted!!! • Don’t panic. • Detect • Remove • Protect • Submit
  • 13. Recommended Resources• WP Security Checklist - http://wpsecuritychecklist.com • Clef - https://getclef.com • iThemes Security(Better WP Security) - http://ithemes.com/security • WP Security Lock - http://wpsecuritylock.com • VaultPress - https://vaultpress.com • ManageWP - https://managewp.com
  • 14. “An ounce of prevention is worth a pound of cure.” - Benjamin Franklin
  • 15. Thank You • David Yarde • Co-founder @ Sevenality • Twitter: @dsmy • Email: david@sevenality.com