Here’s the slides from my talk on how to secure your WordPress website, which I gave at the WordCamp UK 2014 conference in Bournemouth on 12th July. I shared some security best practices and a few practical tips you can use to help harden your WordPress installation.
See the notes at: http://www.primaryimage.com/2014/07/secure-your-wordpress-website/
WordPress security & performance a beginners guideMickey Mellen
We will cover how to create a secure WordPress environment, including an overview of security plugins, and backup solutions. We’ll provide numerous tips to help you keep your WordPress environments secure.
We’ll also cover some introductory WordPress performance settings. This will not be a very technical or detailed overview, but will include tips and techniques that most WordPress users can follow to improve their site’s performance.
Talk on Securing WordPress site at WordCamp Nepal 2012. I will be covering Top 10 Myths That We Live By and Building Secure WordPress Sites in Simple 10 Steps. Watch Video at http://wordpress.tv/2013/02/26/sakin-shrestha-building-secure-wordpress-sites/
Website security is serious business. Knowing how to maximise your WordPress security can be the difference in losing your business or ruining your reputation. The rise in compromised websites has (and in my opinion will always) increase due to the nature of the Internet’s popularity and the demand from consumerism.
WordPress security & performance a beginners guideMickey Mellen
We will cover how to create a secure WordPress environment, including an overview of security plugins, and backup solutions. We’ll provide numerous tips to help you keep your WordPress environments secure.
We’ll also cover some introductory WordPress performance settings. This will not be a very technical or detailed overview, but will include tips and techniques that most WordPress users can follow to improve their site’s performance.
Talk on Securing WordPress site at WordCamp Nepal 2012. I will be covering Top 10 Myths That We Live By and Building Secure WordPress Sites in Simple 10 Steps. Watch Video at http://wordpress.tv/2013/02/26/sakin-shrestha-building-secure-wordpress-sites/
Website security is serious business. Knowing how to maximise your WordPress security can be the difference in losing your business or ruining your reputation. The rise in compromised websites has (and in my opinion will always) increase due to the nature of the Internet’s popularity and the demand from consumerism.
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
Slides from a SiteGround webinar by SiteGround Joomla Performance Guru, Daniel Kanchev. He reveals the 8 most common ways a Joomla website can get hacked and what you can do to protect yourself from each of those hacks.
Outdated Extensions & Themes
Vulnerable Extensions & Themes
Stolen or Weak Login Details
Outdated / Vulnerable Server Software
Incorrectly Configured Web Server
Vulnerable Joomla on a Host Server
Incorrect Joomla Permissions
Local PC Malware
WordPress Security Tips By Catch Internet:
http://catchinternet.com
This slide will cover WordPress Hosting Servers, Example of Link Injection Hacks, How to Secure your WordPress site basics and WordPress Security Plugins
The recent spike of hack attempts on various Joomla sites has made it more urgent than ever to take actions and secure your Joomla in the best possible way. In this webinar the SiteGround Joomla Performance Guru Daniel Kanchev shows the best practices and shares insightful tricks how to protect your Joomla from getting hacked:
- Joomla administrator security settings
- Bullet-proof password tips
- Vulnerable extensions to avoid
- Web application firewall configurations
- Recommended server settings
- Intrusion detection and protection tools
- Disaster recovery plans
The Ultimate Guide to Wordpress SecurityAidanChard
This post is a comprehensive guide covering everything related to Wordpress security including Wordpress vulnerabilities, how to harden your Wordpress website, what to do if your Wordpress website is compromised, and Wordpress security best practices.
There have been some active moves to compromise sites developed in WordPress. These moves by some people have created a fear in WordPress users and making them think about security of WordPress. So in this presentation, Mr. Koirala is trying to convince users that WordPress is secure enough if we deploy it properly.
Since its creation, Wordpress has gained much popularity and rightly so, because it can be used even by people who are not wizards at code writing and website creation.
Common sense, simple security for WordPress. Many presentations have lots of complicated .htaccess tricks, moving/hiding files, etc. However, if people are overwhelmed with details, they tend to not do anything. If I were to summarize what you MUST do for security, I'd say:
1 - BACKUP - find a backup tool and use it. Subscribe to VaultPress.com or host your site with WPEngine.com or purchase BackupBuddy plugin and schedule regular backups. If you're short on cash, use BackWPUp plugin and download your wp-content folder.
2 - UPDATE - All plugins, themes, and WordPress at least once a month or whenever there is a security update. Sign up for an account at WordPress.org, so you'll get notices of WordPress security updates.
3 - DELETE -- All unused plugins and themes. These are your biggest security risks. Delete all unused copies of WordPress you might have installed on your server.
4 - BE CAUTIOUS - Don't use plugins willy nilly. Do some research. They are not all made the same, and they will leave you vulnerable to hacking.
5 - PASSWORDS -- Use strong, randomly generated passwords, all different, for everything - your hosting, ftp, WP login, and email. Use 1Password.com to track your passwords easily and securely.
6 - SECURITY PLUGINS -- Run Firewall 2 and Limit Login Attempts. There are others, but I don't know how well they play with others and what things they modify. You can check out Bulletproof Security and Better WP Security.
7 - BEST PRACTICES - See the slideshow for some other best practices regarding users, comments, etc.
If you just do the above 6 things systematically, you'll be far ahead of your peers! Good luck!
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...Dan Vasile
This project aims for a unified approach on WordPress security design and implementation. It is definitely more than a checklist, it's a guide for secure implementation and an invitation to consider and to analyze each individual case.
There is a long list of recommended resources for securing aspects of the WordPress implementation. The project is aimed to offer open source or free resources instead of commercial ones. Some plugins have a free version and a paid one that offers extra functionality. In such cases, the focus of the project was on the free version.
Learn how to keep your WordPress-powered website secure from hackers and exploits. Brad Williams from WebDevStudios.com shows examples of hacked sites, shares tips and plugins for keeping WordPress secure, and talks about his experiences with WordPress and security.
A number of tools and plugins are already available for the wordpress security audit for your site.
For more visit:https://acodez.in/wordpress-security-audit/
WordPress is the most popular Blogging platform now a days. Many high profile companies are using WordPress as there Blogging platform. Have you ever thought about the security of your blog running WordPress ?? This presentation was presented On 13th Feb 2010, At Nagpur PHP Meetup by me.
The moment my site got hacked - WordCamp SofiaMarko Heijnen
You always think it will never happen to you but when it does, it’s all hands on deck. My personal site was almost hacked and since then I actively looked at what I could improve. During this talk I will talk what I had before and show all the improvements I made since then. It will be a mixed of using using the existing tools and my own creation in managing my sites.
Help Jeff manage his WordPress website by accompanying him on a new journey, with the goal of saving time and putting processes into place so he can focus on doing the work he loves.
2014 WordCamp Austin: Do's and Don'ts of WordPress MultisiteWPMU DEV
We’ll share our experience of building and managing large Multisite networks to provide tips and tricks for all levels including:
- minimum hosting requirements
- recommended free plugins
- coding for Multisite basics (common pitfalls)
- creative ways to leverage Multisite
- advice on painless backups, development environments, and upgrades
- a preview of the Multisite roadmap
Protect Your WordPress From The Inside OutSiteGround.com
The recent spike of hack attempts on various WordPress sites has made it more urgent than ever to take actions and secure your WordPress in the best possible way. In this webinar the WebDevStudios founders show the best practices and share insightful tricks how to protect your WordPress from getting hacked:
- WordPress Security Threats & Trends
- WordPress Admin Security Settings
- Securing Files, Folders & Databases
- Bullet Proof Passwords
- Vulnerable WordPress Extensions
- Recommended Plugins & Services
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
Slides from a SiteGround webinar by SiteGround Joomla Performance Guru, Daniel Kanchev. He reveals the 8 most common ways a Joomla website can get hacked and what you can do to protect yourself from each of those hacks.
Outdated Extensions & Themes
Vulnerable Extensions & Themes
Stolen or Weak Login Details
Outdated / Vulnerable Server Software
Incorrectly Configured Web Server
Vulnerable Joomla on a Host Server
Incorrect Joomla Permissions
Local PC Malware
WordPress Security Tips By Catch Internet:
http://catchinternet.com
This slide will cover WordPress Hosting Servers, Example of Link Injection Hacks, How to Secure your WordPress site basics and WordPress Security Plugins
The recent spike of hack attempts on various Joomla sites has made it more urgent than ever to take actions and secure your Joomla in the best possible way. In this webinar the SiteGround Joomla Performance Guru Daniel Kanchev shows the best practices and shares insightful tricks how to protect your Joomla from getting hacked:
- Joomla administrator security settings
- Bullet-proof password tips
- Vulnerable extensions to avoid
- Web application firewall configurations
- Recommended server settings
- Intrusion detection and protection tools
- Disaster recovery plans
The Ultimate Guide to Wordpress SecurityAidanChard
This post is a comprehensive guide covering everything related to Wordpress security including Wordpress vulnerabilities, how to harden your Wordpress website, what to do if your Wordpress website is compromised, and Wordpress security best practices.
There have been some active moves to compromise sites developed in WordPress. These moves by some people have created a fear in WordPress users and making them think about security of WordPress. So in this presentation, Mr. Koirala is trying to convince users that WordPress is secure enough if we deploy it properly.
Since its creation, Wordpress has gained much popularity and rightly so, because it can be used even by people who are not wizards at code writing and website creation.
Common sense, simple security for WordPress. Many presentations have lots of complicated .htaccess tricks, moving/hiding files, etc. However, if people are overwhelmed with details, they tend to not do anything. If I were to summarize what you MUST do for security, I'd say:
1 - BACKUP - find a backup tool and use it. Subscribe to VaultPress.com or host your site with WPEngine.com or purchase BackupBuddy plugin and schedule regular backups. If you're short on cash, use BackWPUp plugin and download your wp-content folder.
2 - UPDATE - All plugins, themes, and WordPress at least once a month or whenever there is a security update. Sign up for an account at WordPress.org, so you'll get notices of WordPress security updates.
3 - DELETE -- All unused plugins and themes. These are your biggest security risks. Delete all unused copies of WordPress you might have installed on your server.
4 - BE CAUTIOUS - Don't use plugins willy nilly. Do some research. They are not all made the same, and they will leave you vulnerable to hacking.
5 - PASSWORDS -- Use strong, randomly generated passwords, all different, for everything - your hosting, ftp, WP login, and email. Use 1Password.com to track your passwords easily and securely.
6 - SECURITY PLUGINS -- Run Firewall 2 and Limit Login Attempts. There are others, but I don't know how well they play with others and what things they modify. You can check out Bulletproof Security and Better WP Security.
7 - BEST PRACTICES - See the slideshow for some other best practices regarding users, comments, etc.
If you just do the above 6 things systematically, you'll be far ahead of your peers! Good luck!
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...Dan Vasile
This project aims for a unified approach on WordPress security design and implementation. It is definitely more than a checklist, it's a guide for secure implementation and an invitation to consider and to analyze each individual case.
There is a long list of recommended resources for securing aspects of the WordPress implementation. The project is aimed to offer open source or free resources instead of commercial ones. Some plugins have a free version and a paid one that offers extra functionality. In such cases, the focus of the project was on the free version.
Learn how to keep your WordPress-powered website secure from hackers and exploits. Brad Williams from WebDevStudios.com shows examples of hacked sites, shares tips and plugins for keeping WordPress secure, and talks about his experiences with WordPress and security.
A number of tools and plugins are already available for the wordpress security audit for your site.
For more visit:https://acodez.in/wordpress-security-audit/
WordPress is the most popular Blogging platform now a days. Many high profile companies are using WordPress as there Blogging platform. Have you ever thought about the security of your blog running WordPress ?? This presentation was presented On 13th Feb 2010, At Nagpur PHP Meetup by me.
The moment my site got hacked - WordCamp SofiaMarko Heijnen
You always think it will never happen to you but when it does, it’s all hands on deck. My personal site was almost hacked and since then I actively looked at what I could improve. During this talk I will talk what I had before and show all the improvements I made since then. It will be a mixed of using using the existing tools and my own creation in managing my sites.
Help Jeff manage his WordPress website by accompanying him on a new journey, with the goal of saving time and putting processes into place so he can focus on doing the work he loves.
2014 WordCamp Austin: Do's and Don'ts of WordPress MultisiteWPMU DEV
We’ll share our experience of building and managing large Multisite networks to provide tips and tricks for all levels including:
- minimum hosting requirements
- recommended free plugins
- coding for Multisite basics (common pitfalls)
- creative ways to leverage Multisite
- advice on painless backups, development environments, and upgrades
- a preview of the Multisite roadmap
Protect Your WordPress From The Inside OutSiteGround.com
The recent spike of hack attempts on various WordPress sites has made it more urgent than ever to take actions and secure your WordPress in the best possible way. In this webinar the WebDevStudios founders show the best practices and share insightful tricks how to protect your WordPress from getting hacked:
- WordPress Security Threats & Trends
- WordPress Admin Security Settings
- Securing Files, Folders & Databases
- Bullet Proof Passwords
- Vulnerable WordPress Extensions
- Recommended Plugins & Services
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureMeagan Hanes
You’ve designed it, you’ve built it, you’ve launched your new website – job done, right?
Nope – your adventure has only begun!
In this session we’ll review what “website security” really means, why it matters, and how exactly to implement basic security best practices such as:
– Controlling user access to your site,
– Using (and managing) strong passwords,
– Applying updates to Core and Plugins,
– Installing and configuring security plugins,
– & How to back up your site easily, effectively, and automatically!
You’ll leave this session with the ABCs of Security – literally!
Slides from the Web Princess Professional Blog Clinic at #pbevent 2014 at QT Gold Coast.
A talk on how to manage the back end of your WordPress website responsibly
Presentation given at the WP Jyväksylä Meetup March 21st, 2017. This revised version contains references to the WordPress security news that circulated in February 2017.
Staying Connected: Securing Your WordPress WebsiteRaymund Mitchell
The popularity of WordPress has made it a tempting and lucrative target for hackers, crooks and assorted bad guys. With some common sense and a few, relatively easy to use tools, business owners who use WordPress can make their site more challenging for those looking to compromise vulnerable websites.
WordPress Hardening: Strategies to Secure & Protect Your WebsiteReliqusConsulting
WordPress hardening encompasses strategies and practices to fortify website security, safeguarding against unauthorized access, malware, and cyber threats. This process involves implementing multiple layers of security, such as regular software updates, strong password policies, and the use of security plugins. Techniques include limiting login attempts, employing two-factor authentication, securing file permissions, and utilizing SSL encryption. Additionally, regular backups, careful plugin management, and customizing the .htaccess file for enhanced security measures are crucial steps. By rigorously applying these practices, website owners can significantly reduce vulnerabilities and protect their online presence from attacks.
Presentation on WordPress security, which looks at why WordPress sites get hacked, how they get hacked, what to do to reduce your risk and how to recover your site after it has been hacked, or infected with malware.
This was presented at the March 16th, 2016 WordPress Meetup in Hamilton and describes WordPress Security and best practices that should be taken to protect any WordPress website against hackers whom target WordPress websites and impact your Google reputation and online presence.
Revamped talk that presented at WordCamp Miami 2020.
Keeping your website secure is important. No one likes a site that has nasty code injections or looks like it’s been hacked. In fact, WordPress Security is one of the issues that continually needs to be taught to WordPressers around the world because for some people, their website is their livelihood.
I’m not here to make your head pop off with mind boggling hardening tricks. I’m here to give you an introduction to WordPress Security. I might make you laugh, but security is a serious matter. I will be covering a couple methods to secure your WordPress website, and even a couple beginner tips on what to do if your site has been hacked.
By the end of this session, I hope you find a security method that suits you, and are more aware of the importance of securing your WordPress website.
WordPress security 101 - WP Turku Meetup 2.2.2017Otto Kekäläinen
WordPress-sivustojen tietoturva: myytit ja parhaat käytännöt.
Esitelmä WordPress Turku -meetupissa 2.2.2017.
https://www.meetup.com/Turku-WordPress-Meetup/events/235736922/
Similar to How to Secure your WordPress Website - WordCamp UK 2014 (20)
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
6. % of WordPress Usage
23
60
All Websites CMS Websites
%
That’s over 70 million
websites in the world!
Half are self-hosted.
Only a fraction of
sites change from
the default
configuration.
6
1
2
3
%
7. ! = WordPress is an attractive
target to hackers due to its
popularity – a victim of its
own success!
8. ? So why did I get interested
in WordPress security?
21. So is WordPress Secure?
21
• YES IT IS!
• And trusted by some
of the biggest names
in the world:
22. Are you sure it’s secure?
• Most vulnerabilities are found in plugins and
hosting environment, not the WordPress core.
• WordPress is extremely good (& quick) at
rolling out security fixes when issues are
found.
• Many techniques used to attack WordPress
could be applied to other types of CMS too.
22
23. But there are precautions you
can take to secure your site …!
24. And the WordPress Codex
itself gives some tips:
http://codex.wordpress.org/
Hardening_WordPress
!
26. 01 Keep WordPress updated
• WHY? WordPress is open-source – means
anyone can see what vulnerabilities have been
fixed between versions.
• HOW?
One-click upgrades are easy, quick &
reliable.
• Today you should all be using WordPress 3.9.1.
26
27. 01 Keep WordPress updated
• Survey of 350+ NHS WordPress websites:
27
Source: Terence Eden
http://shkspr.mobi/blog/2014/03/2000-nhs-security/vulnerabilities-disclosed/
28. 01 Keep WordPress updated
• I alerted the Trade & Investment (UKTI) Government
department in March they were
using WP 3.4.2 for their blog:
– released in 2012
– 9 security updates had been
issued
28
29. 02 Keep plugins updated
• WHY? Can be a big hole for allowing attacks.
• HOW?
If running multiple sites, use a service
such as WP Remote (free) to check and
install plugin updates in one dashboard.
–How often do you check & install plugin
updates?
29
30. 03 Only use trusted plugins
• WHY? Not all plugins can be trusted!
• HOW?
Get the plugin from wordpress.org or a
trusted source.
How many downloads / reviews has it got?
When was it last updated?
30
31. 04 Only use trusted themes
• WHY? Themes can have poorly written code,
or worse – purposely malicious code included.
• HOW?
Get the theme from a trusted source.
Examine the code yourself.
Be aware of Base64 code:
TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGh
pcyByZWFzb24sIGJ1dCBieSB0aGlzmd1aXNoZWQsIG5vdCft
31
32. 05 Choose a secure password
• WHY? Brute force attacks mainly rely on using
dictionary words.
• HOW?
Use characters, numbers, capitals, etc.
Use a unique password, don’t use the same
for every login on the internet!
Change it regularly, at least every 3 months.
Make sure other users also have strong passwords.
This includes your FTP, cPanel & other passwords too!
32
33. 06 No “admin” usernames
• WHY? Any element of predictability gives
hackers an edge. Bots will try this first!
• HOW?
Setup a new admin account with a
unique username.
Delete the existing admin account.
33
34. 07 You need decent hosting
• WHY? Attacks can exploit vulnerabilities at a
server-level. Don’t let your hosting account be
the weak link.
• HOW?
Choose a reputable host, perhaps those
that specialise in WordPress.
Budget hosts may not always have their
focus on security.
34
35. 08 Keep regular backups!
• WHY? If the worst comes to the worst, have a
clean backup you can restore to!
• HOW?
Download a copy to your
computer.
Use an external service,
e.g. myRepono.
Frequency to depend on
how often your site is updated!
35
36. ? Want more powerful steps to
secure your WordPress site…
37. 09 Restrict login attempts
• WHY? Detect and block brute force attacks.
• HOW?
Install a plugin
such as iThemes
Security.
37
38. 09 Restrict login attempts
38
• Setup differently depending on whether it’s just you or
members of the public logging-in!
39. 09 Restrict login attempts
• BUT THERE ARE FLAWS
IN THIS METHOD:
Botnet attacks can
come from 1000s of
IP addresses.
39
40. 09 Restrict login attempts
• How about BruteProtect? It logs every failed
attempt community-wide.
Botnet attacks can come from 1000s of IP
addresses.
40
41. 10 Switch on SSL encryption
• WHY? Secures
the traffic between
the server and your
computer, inc. your
password.
• HOW?
Buy an SSL certificate from your host.
Force WP-Admin SSL in iThemes Security.
41
42. 11 Obscurity
• WHY? Make it harder for bots to scan for your
WordPress version.
• HOW?
42
43. 12 Change your database prefix
• WHY? Default MySQL tables easy to guess.
• HOW? Use iThemes Security or Change Database Prefix
43
44. 404 detection blocking
“Away mode”
Set “allow” IP addresses
Changing directory URLs as
they can break plugins
Automatic edits to key files
Enforcing strong passwords
for subscribers
Blocking whole countries
Things I don’t recommend:
45. • WHY? Provides another
hurdle for unauthorised
users trying to login.
• HOW?
Google Authenticator
45
13 Two-Factor Authentication
46. 14 Monitor what’s happening
• WHY? If you have a multi-author site, check
what they’re doing!
• HOW? Plainview Activity Monitor
46
48. 15 Block access to system files
• WHY? You don’t want
prying eyes looking at
these sensitive files!
• HOW?
Add some rules to your .htaccess file.
48
49.
50. 15 Block access to system files
# protect files
<files wp-config.php>
Order deny,allow
Deny from all
</files>
<files readme.html>
Order allow,deny
Deny from all
</files>
50
<files license.txt>
Order allow,deny
Deny from all
</files>
<files install.php>
Order allow,deny
Deny from all
</files>
<files error_log>
Order allow,deny
Deny from all
</files>
51. 15 Block access to system files
Recommended on the WordPress Codex:
# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
51
52. 16 Build your own firewall
• WHY? Stop dodgy requests from even
reaching your WordPress installation
– block them at server level.
• HOW?
Again, add some rules to the .htaccess file.
52
56. 16 Build your own firewall
• CHECK OUT…
The 5G 2013 list: http://perishablepress.com/5g-
blacklist-2013/
The htaccess file generated by
BulletProof Security
WordPress Codex
56
57. 17 Hide the .htaccess file itself!
• HOW?
# STRONG HTACCESS PROTECTION
<Files ~ "^.*.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
57
58. 18 Protect your WP-Admin area
• Problem with login limits plugins:
–Query database for every request
–Run a lot of server processes
–Fill up your MySQL database
58
62. 18 Protect your WP-Admin area
• STEP 2: New htaccess file in the WP-Admin folder:
AuthType basic
AuthUserFile "/home/example.co.uk/wp-admin//.htpasswd"
AuthGroupFile /dev/null
AuthName "ENTER YOUR LOGIN DETAILS"
Require valid-user
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
ErrorDocument 401 /401error.html
62
63. 18 Protect your WP-Admin area
• STEP 3: Add this to your root htaccess:
<Files wp-login.php>
AuthType Basic
AuthUserFile "/home/example.co.uk/wp-admin//.htpasswd"
AuthGroupFile /dev/null
AuthName "ENTER YOUR LOGIN DETAILS"
Require valid-user
</Files>
ErrorDocument 401 /401error.html
63
65. 18 Protect your WP-Admin area
65
Create a custom 401 error page:
66. 18 Protect your WP-Admin area
• Benefits:
–Blocks bad bots at server-level
–Less server resources needed than firing up
WordPress
–Works ok with public logins if using a front-
end login form (e.g. ‘Theme My Login’
plugin with the front-end widget)
66
67. 19 Block PHP in Uploads folder
• WHY? Uploads folder can be used by other users.
• HOW?
Create a .htaccess file in the
WP-Content/Uploads folder, with the following:
<Files *.php>
Deny from All
</Files>
67
68. 20 Tighten PHP configuration
• WHY? Helps block PHP code injection
vulnerabilities caused by bad input filtering.
• HOW?
Add a php.ini file in your root directory and
paste in some code…
68
69. 20 Tighten PHP configuration
; Disable allow_url_fopen in php.ini for security reasons
allow_url_fopen = Off
; Disable allow_url_include in php.ini for security reasons
allow_url_include = Off
; Disable display_errors in php.ini for security reasons
display_errors = Off
log_errors = On
69
70. 21 Create your own encryption keys
• WHY? Makes an attackers job harder.
• HOW?
Open up wp-config.php, scroll down to
“Authentication Unique Keys and Salts”.
Generate your own keys at:
https://api.wordpress.org/secret-key/1.1/salt/
70
71. 22 Move WP-Config location
• WHY? Take wp-config.php out of a publicly
accessible location.
• HOW? Move it one level up, outside of your
public_html folder:
71
72. 23 Folder permissions
• WHY? Can be a security hole if permissions
are not strong enough.
• HOW?
Use your FTP software’s
CHMOD feature.
72
73. 23 Folder permissions
All folders should have a CHMOD of 755.
All "wp-" PHP files = 644.
wp-config.php = 640.
htaccess files = 644.
robot.txt = 755.
sitemap.xml = 666.
73
74. Don’t forget the basics:
• Keep WordPress and your plugins updated.
• Have a secure password.
• Get decent quality hosting.