SlideShare a Scribd company logo
Reno-Tahoe WordCamp2011WORDPRESSENDUSERSECURITYIT STARTS WITH YOU!Dre Armeda - @dremeda
DRE ARMEDA, CISSP& I love tacos!CISSP, web addict, WordPress fanatic, Design-Dev-InfoSec geek, Chargers fan & Taco lover.Founder – CubicTwoCo-Founder – Sucuri SecurityRead my random nonsense at dre.imStraight off the streets of CPT!Dre Armeda - @dremeda
WHAT IS SECURITY?Different people, different meanings.Protecting things of value from harm’s way.Dre Armeda - @dremeda
IS MY SITE SECURE?Is any site?The percentage of risk can never be 0!Key objective: Minimize riskDre Armeda - @dremeda
IT STARTS WITH YOU!Always think aheadBefore you show the world your awesomeness, think long term. An integrated approach to security, beginning to end, will help protect your investment, and your visitor safety.Information security is everyone’s responsibilityDre Armeda - @dremeda
ARE YOU SECURE LOCALLY?My machine is my castle!Think of your local environment as if it was a medieval castle and you’re the queen or king. You & your queen/kingdom must be protected.Keep your computer up to dateEnsure you’re patching or installing updates ASAP
Automatic updates rock!Install an anti-virus solutionEnsure you’re keeping definitions current
Automatic updates aren’t a bad idea here either!Yes, personal firewalls still apply!Dre Armeda - @dremeda
CONNECTING SECURELY?Who’s watching?It’s your information, but who’s watching & listening? You may be a network geek at home, but what happens at Starbucks?Your Internet ConnectionUse SSL whenever possible, especially on an unverified connection.HTTPS - great way to ensure transactions & traffic are traveling with security in mind.Connecting To Your Site(s)Consider using sFTP/SSH vs. FTPStill widely marketed, but did you know your credentials are passed unencrypted when using FTP
If FTP is unavoidable, deny anonymous login, limit connections, practice least privilege
Don’t store your credentials in your FTP client.Dre Armeda - @dremeda
WHERE YOU VISITThis place sells fake anti-virusJust because your website is super ninja like doesn’t mean others are too. Most desktop viruses and malware these days are passed via infected websites.Safe BrowsingUse NoScript extension for Firefox
It’s OK to be skeptical. Not sure, ask questions!
Disable pop-upsDre Armeda - @dremeda
HERE’S MY PASSWORDIt’s passwordPasswords are like toothbrushes, you should keep them to yourself. And discard them, and get a new one, if they have been used by others.Password ManagementChange passwords often
Don’t share your passwords
Avoid writing passwords down
Use a password manager
KeePass Password Safe
LastPass
1PasswordZoneAlarm by Check PointDre Armeda - @dremeda
WHAT’S A PASSPHRASEIt’s passwordGood passwords are great, great passphrase’s are awesomeLonger than traditional passwords
Hard to exploit
Easy to remember with all the added security goodnessF0urScore&7YearsAgoDre Armeda - @dremeda
WHERE DO YOU LIVE?Choose wisely!At the end of the day, hosting providers market the world. You in turn, should have opportunity to know how they’re going to protect you.Your Lovely HostCheap doesn’t always mean best, or safest!How many sites on their network are blacklisted or infected w/ malware?
What versions of software do they run and how often do they update?
How are account credentials stored & who has access.
Do they have published security practices?Use Google Tools to check your host:http://www.google.com/safebrowsing/diagnostic?site=hostingcompanywebsite.comDre Armeda - @dremeda
WORDPRESSSECURITY TIPSThings to think aboutDre Armeda - @dremeda
UPDATE UPDATE UPDATEDre Armeda - @dremeda
UPDATE UPDATE UPDATE!Then update againKeep WordPress Updated!Quick Tips for Successful UpdatesDon’t edit WordPress core
Research your plugins & themes before deployment
Use child themes
Don’t test hot
Read ReviewsMinor WordPress versions ( ie3.1.x ) do NOT add new features. They contain bug fixes and security patchesDre Armeda - @dremeda
YES, PLUGINS TOO!Why should I?Update Those Plugins!The pluginChangelog tab makes it very easy to view what has changed in a new plugin versionAlso viewable in the plugin installer in your wp-admin areaDre Armeda - @dremeda

More Related Content

What's hot

Introduction to WordPress Theme Development
Introduction to WordPress Theme DevelopmentIntroduction to WordPress Theme Development
Introduction to WordPress Theme Development
Sitdhibong Laokok
 
Wcphx 2012-workshop
Wcphx 2012-workshopWcphx 2012-workshop
Wcphx 2012-workshop
Ptah Dunbar
 
iPhone Web Applications: HTML5, CSS3 & dev tips for iPhone development
iPhone Web Applications: HTML5, CSS3 & dev tips for iPhone developmentiPhone Web Applications: HTML5, CSS3 & dev tips for iPhone development
iPhone Web Applications: HTML5, CSS3 & dev tips for iPhone development
Estelle Weyl
 
WordPress Theme Development
WordPress Theme DevelopmentWordPress Theme Development
WordPress Theme Development
WisdmLabs
 
LinkedIn Platform at LeWeb 2010
LinkedIn Platform at LeWeb 2010LinkedIn Platform at LeWeb 2010
LinkedIn Platform at LeWeb 2010
Adam Trachtenberg
 
WordPress Multisite at WordCamp Columbus by Angie Meeker
WordPress Multisite at WordCamp Columbus by Angie MeekerWordPress Multisite at WordCamp Columbus by Angie Meeker
WordPress Multisite at WordCamp Columbus by Angie Meeker
Angela Meeker
 
Drupal 7 Theming - what's new
Drupal 7 Theming - what's newDrupal 7 Theming - what's new
Drupal 7 Theming - what's new
Marek Sotak
 
Cms & wordpress theme development 2011
Cms & wordpress theme development 2011Cms & wordpress theme development 2011
Cms & wordpress theme development 2011
Dave Wallace
 
Flash Templates- Joomla!Days NL 2009 #jd09nl
Flash Templates- Joomla!Days NL 2009 #jd09nlFlash Templates- Joomla!Days NL 2009 #jd09nl
Flash Templates- Joomla!Days NL 2009 #jd09nl
Joomla!Days Netherlands
 
D7 theming what's new - London
D7 theming what's new - LondonD7 theming what's new - London
D7 theming what's new - London
Marek Sotak
 
August 10th, 2009 Pete De Mulle Twitter
August 10th, 2009 Pete De Mulle TwitterAugust 10th, 2009 Pete De Mulle Twitter
August 10th, 2009 Pete De Mulle Twitter
Straight North
 
FVCP - Facebook , Twitter and Meetup API / Widgets
FVCP - Facebook , Twitter and Meetup API / WidgetsFVCP - Facebook , Twitter and Meetup API / Widgets
FVCP - Facebook , Twitter and Meetup API / Widgets
Pete DuMelle
 
Dissecting WordPress Themes and Page Templates, WordPress Columbus Meetup
Dissecting WordPress Themes and Page Templates, WordPress Columbus MeetupDissecting WordPress Themes and Page Templates, WordPress Columbus Meetup
Dissecting WordPress Themes and Page Templates, WordPress Columbus Meetup
Angela Meeker
 
WordPress Developers Israel Meetup #1
WordPress Developers Israel Meetup #1WordPress Developers Israel Meetup #1
WordPress Developers Israel Meetup #1
Yoav Farhi
 
Designing Firefox Themes
Designing Firefox ThemesDesigning Firefox Themes
Designing Firefox Themes
Lim Chee Aun
 
How to Issue and Activate Free SSL using Let's Encrypt
How to Issue and Activate Free SSL using Let's EncryptHow to Issue and Activate Free SSL using Let's Encrypt
How to Issue and Activate Free SSL using Let's Encrypt
Mayeenul Islam
 
Theme like a monster #ddceu
Theme like a monster #ddceuTheme like a monster #ddceu
Theme like a monster #ddceu
Marek Sotak
 
WordPress Theme Development
 WordPress Theme Development WordPress Theme Development
WordPress Theme Development
Bijay Oli
 
Adopt or hack - how to hack a theme in a Drupal way
Adopt or hack - how to hack a theme in a Drupal wayAdopt or hack - how to hack a theme in a Drupal way
Adopt or hack - how to hack a theme in a Drupal way
Marek Sotak
 

What's hot (19)

Introduction to WordPress Theme Development
Introduction to WordPress Theme DevelopmentIntroduction to WordPress Theme Development
Introduction to WordPress Theme Development
 
Wcphx 2012-workshop
Wcphx 2012-workshopWcphx 2012-workshop
Wcphx 2012-workshop
 
iPhone Web Applications: HTML5, CSS3 & dev tips for iPhone development
iPhone Web Applications: HTML5, CSS3 & dev tips for iPhone developmentiPhone Web Applications: HTML5, CSS3 & dev tips for iPhone development
iPhone Web Applications: HTML5, CSS3 & dev tips for iPhone development
 
WordPress Theme Development
WordPress Theme DevelopmentWordPress Theme Development
WordPress Theme Development
 
LinkedIn Platform at LeWeb 2010
LinkedIn Platform at LeWeb 2010LinkedIn Platform at LeWeb 2010
LinkedIn Platform at LeWeb 2010
 
WordPress Multisite at WordCamp Columbus by Angie Meeker
WordPress Multisite at WordCamp Columbus by Angie MeekerWordPress Multisite at WordCamp Columbus by Angie Meeker
WordPress Multisite at WordCamp Columbus by Angie Meeker
 
Drupal 7 Theming - what's new
Drupal 7 Theming - what's newDrupal 7 Theming - what's new
Drupal 7 Theming - what's new
 
Cms & wordpress theme development 2011
Cms & wordpress theme development 2011Cms & wordpress theme development 2011
Cms & wordpress theme development 2011
 
Flash Templates- Joomla!Days NL 2009 #jd09nl
Flash Templates- Joomla!Days NL 2009 #jd09nlFlash Templates- Joomla!Days NL 2009 #jd09nl
Flash Templates- Joomla!Days NL 2009 #jd09nl
 
D7 theming what's new - London
D7 theming what's new - LondonD7 theming what's new - London
D7 theming what's new - London
 
August 10th, 2009 Pete De Mulle Twitter
August 10th, 2009 Pete De Mulle TwitterAugust 10th, 2009 Pete De Mulle Twitter
August 10th, 2009 Pete De Mulle Twitter
 
FVCP - Facebook , Twitter and Meetup API / Widgets
FVCP - Facebook , Twitter and Meetup API / WidgetsFVCP - Facebook , Twitter and Meetup API / Widgets
FVCP - Facebook , Twitter and Meetup API / Widgets
 
Dissecting WordPress Themes and Page Templates, WordPress Columbus Meetup
Dissecting WordPress Themes and Page Templates, WordPress Columbus MeetupDissecting WordPress Themes and Page Templates, WordPress Columbus Meetup
Dissecting WordPress Themes and Page Templates, WordPress Columbus Meetup
 
WordPress Developers Israel Meetup #1
WordPress Developers Israel Meetup #1WordPress Developers Israel Meetup #1
WordPress Developers Israel Meetup #1
 
Designing Firefox Themes
Designing Firefox ThemesDesigning Firefox Themes
Designing Firefox Themes
 
How to Issue and Activate Free SSL using Let's Encrypt
How to Issue and Activate Free SSL using Let's EncryptHow to Issue and Activate Free SSL using Let's Encrypt
How to Issue and Activate Free SSL using Let's Encrypt
 
Theme like a monster #ddceu
Theme like a monster #ddceuTheme like a monster #ddceu
Theme like a monster #ddceu
 
WordPress Theme Development
 WordPress Theme Development WordPress Theme Development
WordPress Theme Development
 
Adopt or hack - how to hack a theme in a Drupal way
Adopt or hack - how to hack a theme in a Drupal wayAdopt or hack - how to hack a theme in a Drupal way
Adopt or hack - how to hack a theme in a Drupal way
 

Viewers also liked

A Fantástica Fábrica de Websites - WordPress
A Fantástica Fábrica de Websites - WordPressA Fantástica Fábrica de Websites - WordPress
A Fantástica Fábrica de Websites - WordPress
Daniel Glik
 
Creating and Managing Content on Your WordPress Site
Creating and Managing Content on Your WordPress SiteCreating and Managing Content on Your WordPress Site
Creating and Managing Content on Your WordPress Site
Kelly Henderson
 
Object Oriented Programming for WordPress Plugin Development
Object Oriented Programming for WordPress Plugin DevelopmentObject Oriented Programming for WordPress Plugin Development
Object Oriented Programming for WordPress Plugin Development
mtoppa
 
Breaking up (your code) is hard to do
Breaking up (your code) is hard to doBreaking up (your code) is hard to do
Breaking up (your code) is hard to do
Dan Beil
 
Power Up Your Non-Profit Website With WordPress
Power Up Your Non-Profit Website With WordPressPower Up Your Non-Profit Website With WordPress
Power Up Your Non-Profit Website With WordPress
Raymund Mitchell
 
BuddyPress Tips: How We Built chekmrk
BuddyPress Tips: How We Built chekmrkBuddyPress Tips: How We Built chekmrk
BuddyPress Tips: How We Built chekmrk
Wes Chyrchel
 
The Capitalist in the Co-Op: The Art & Science of the Premium WordPress Business
The Capitalist in the Co-Op: The Art & Science of the Premium WordPress BusinessThe Capitalist in the Co-Op: The Art & Science of the Premium WordPress Business
The Capitalist in the Co-Op: The Art & Science of the Premium WordPress Business
Shane Pearlman
 
Take the next step with git
Take the next step with gitTake the next step with git
Take the next step with git
Karin Taliga
 
Build your website before you install wordpress.
Build your website before you install wordpress.Build your website before you install wordpress.
Build your website before you install wordpress.
Russell Aaron
 
Testing Made Easy
Testing Made EasyTesting Made Easy
Testing Made Easy
Micah Wood
 
Using Curated Content in WordPress - Why and How
Using Curated Content in WordPress - Why and HowUsing Curated Content in WordPress - Why and How
Using Curated Content in WordPress - Why and How
Adam W. Warner
 
Scoping and Estimating WordPress Projects as an Agency
Scoping and Estimating WordPress Projects as an AgencyScoping and Estimating WordPress Projects as an Agency
Scoping and Estimating WordPress Projects as an Agency
Kara Hansen
 
Acessibilidade Web agora é obrigatória. Estamos preparados?
Acessibilidade Web agora é obrigatória. Estamos preparados?Acessibilidade Web agora é obrigatória. Estamos preparados?
Acessibilidade Web agora é obrigatória. Estamos preparados?
Hans Mösl
 
Debugging common errors in WordPress by Steve Mortiboy
Debugging common errors in WordPress by Steve MortiboyDebugging common errors in WordPress by Steve Mortiboy
Debugging common errors in WordPress by Steve Mortiboy
Steve Mortiboy
 
A Plugin For That presentation
A Plugin For That presentationA Plugin For That presentation
A Plugin For That presentation
marnafriedman
 
Builing a WordPress Theme
Builing a WordPress ThemeBuiling a WordPress Theme
Builing a WordPress Theme
certainstrings
 
Stop Creating Data For Sake of Creating Data
Stop Creating Data For Sake of Creating DataStop Creating Data For Sake of Creating Data
Stop Creating Data For Sake of Creating Data
George Ortiz
 
The Best SEO Plugin for WordPress
The Best SEO Plugin for WordPressThe Best SEO Plugin for WordPress
The Best SEO Plugin for WordPress
2 the Top Web Design & Marketing
 
Por um wordpress mais seguro
Por um wordpress mais seguroPor um wordpress mais seguro
Por um wordpress mais seguro
Flávio Silveira
 
Using Theme Frameworks for rapid development and sustainability
Using Theme Frameworks for rapid development and sustainabilityUsing Theme Frameworks for rapid development and sustainability
Using Theme Frameworks for rapid development and sustainability
Joel Norris
 

Viewers also liked (20)

A Fantástica Fábrica de Websites - WordPress
A Fantástica Fábrica de Websites - WordPressA Fantástica Fábrica de Websites - WordPress
A Fantástica Fábrica de Websites - WordPress
 
Creating and Managing Content on Your WordPress Site
Creating and Managing Content on Your WordPress SiteCreating and Managing Content on Your WordPress Site
Creating and Managing Content on Your WordPress Site
 
Object Oriented Programming for WordPress Plugin Development
Object Oriented Programming for WordPress Plugin DevelopmentObject Oriented Programming for WordPress Plugin Development
Object Oriented Programming for WordPress Plugin Development
 
Breaking up (your code) is hard to do
Breaking up (your code) is hard to doBreaking up (your code) is hard to do
Breaking up (your code) is hard to do
 
Power Up Your Non-Profit Website With WordPress
Power Up Your Non-Profit Website With WordPressPower Up Your Non-Profit Website With WordPress
Power Up Your Non-Profit Website With WordPress
 
BuddyPress Tips: How We Built chekmrk
BuddyPress Tips: How We Built chekmrkBuddyPress Tips: How We Built chekmrk
BuddyPress Tips: How We Built chekmrk
 
The Capitalist in the Co-Op: The Art & Science of the Premium WordPress Business
The Capitalist in the Co-Op: The Art & Science of the Premium WordPress BusinessThe Capitalist in the Co-Op: The Art & Science of the Premium WordPress Business
The Capitalist in the Co-Op: The Art & Science of the Premium WordPress Business
 
Take the next step with git
Take the next step with gitTake the next step with git
Take the next step with git
 
Build your website before you install wordpress.
Build your website before you install wordpress.Build your website before you install wordpress.
Build your website before you install wordpress.
 
Testing Made Easy
Testing Made EasyTesting Made Easy
Testing Made Easy
 
Using Curated Content in WordPress - Why and How
Using Curated Content in WordPress - Why and HowUsing Curated Content in WordPress - Why and How
Using Curated Content in WordPress - Why and How
 
Scoping and Estimating WordPress Projects as an Agency
Scoping and Estimating WordPress Projects as an AgencyScoping and Estimating WordPress Projects as an Agency
Scoping and Estimating WordPress Projects as an Agency
 
Acessibilidade Web agora é obrigatória. Estamos preparados?
Acessibilidade Web agora é obrigatória. Estamos preparados?Acessibilidade Web agora é obrigatória. Estamos preparados?
Acessibilidade Web agora é obrigatória. Estamos preparados?
 
Debugging common errors in WordPress by Steve Mortiboy
Debugging common errors in WordPress by Steve MortiboyDebugging common errors in WordPress by Steve Mortiboy
Debugging common errors in WordPress by Steve Mortiboy
 
A Plugin For That presentation
A Plugin For That presentationA Plugin For That presentation
A Plugin For That presentation
 
Builing a WordPress Theme
Builing a WordPress ThemeBuiling a WordPress Theme
Builing a WordPress Theme
 
Stop Creating Data For Sake of Creating Data
Stop Creating Data For Sake of Creating DataStop Creating Data For Sake of Creating Data
Stop Creating Data For Sake of Creating Data
 
The Best SEO Plugin for WordPress
The Best SEO Plugin for WordPressThe Best SEO Plugin for WordPress
The Best SEO Plugin for WordPress
 
Por um wordpress mais seguro
Por um wordpress mais seguroPor um wordpress mais seguro
Por um wordpress mais seguro
 
Using Theme Frameworks for rapid development and sustainability
Using Theme Frameworks for rapid development and sustainabilityUsing Theme Frameworks for rapid development and sustainability
Using Theme Frameworks for rapid development and sustainability
 

Similar to Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre Armeda

WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
WordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User SecurityWordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User Security
Dre Armeda
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011
Dre Armeda
 
WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011
Dre Armeda
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
Dre Armeda
 
Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012
Brad Williams
 
Word press security 101
Word press security 101  Word press security 101
Word press security 101
Kojac801
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
SiteGround.com
 
Php My Sql Security 2007
Php My Sql Security 2007Php My Sql Security 2007
Php My Sql Security 2007
Aung Khant
 
WordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateWordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 Update
Zero Point Development
 
From Zero to Hadoop: a tutorial for getting started writing Hadoop jobs on Am...
From Zero to Hadoop: a tutorial for getting started writing Hadoop jobs on Am...From Zero to Hadoop: a tutorial for getting started writing Hadoop jobs on Am...
From Zero to Hadoop: a tutorial for getting started writing Hadoop jobs on Am...
Alexander Dean
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPress
Dre Armeda
 
Maintaining your own branch of Drupal core
Maintaining your own branch of Drupal coreMaintaining your own branch of Drupal core
Maintaining your own branch of Drupal core
drumm
 
Optimize Site Deployments with Drush (DrupalCamp WNY 2011)
Optimize Site Deployments with Drush (DrupalCamp WNY 2011)Optimize Site Deployments with Drush (DrupalCamp WNY 2011)
Optimize Site Deployments with Drush (DrupalCamp WNY 2011)
Jon Peck
 
Use Web Skills To Build Mobile Apps
Use Web Skills To Build Mobile AppsUse Web Skills To Build Mobile Apps
Use Web Skills To Build Mobile Apps
Nathan Smith
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
Zero Point Development
 
Modern Perl
Modern PerlModern Perl
Modern Perl
Dave Cross
 
Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014
Paris Android User Group
 
Fotis alexandrou scalability on php - media camp 2010
Fotis alexandrou   scalability on php - media camp 2010Fotis alexandrou   scalability on php - media camp 2010
Fotis alexandrou scalability on php - media camp 2010
Fotis Alexandrou
 
WordPress Security - WordCamp phoenix 2013
WordPress Security - WordCamp phoenix 2013  WordPress Security - WordCamp phoenix 2013
WordPress Security - WordCamp phoenix 2013
Dre Armeda
 

Similar to Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre Armeda (20)

WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
 
WordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User SecurityWordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User Security
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011
 
WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011WordPress End-User Security - Orange County WordCamp 2011
WordPress End-User Security - Orange County WordCamp 2011
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012
 
Word press security 101
Word press security 101  Word press security 101
Word press security 101
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
Php My Sql Security 2007
Php My Sql Security 2007Php My Sql Security 2007
Php My Sql Security 2007
 
WordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateWordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 Update
 
From Zero to Hadoop: a tutorial for getting started writing Hadoop jobs on Am...
From Zero to Hadoop: a tutorial for getting started writing Hadoop jobs on Am...From Zero to Hadoop: a tutorial for getting started writing Hadoop jobs on Am...
From Zero to Hadoop: a tutorial for getting started writing Hadoop jobs on Am...
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPress
 
Maintaining your own branch of Drupal core
Maintaining your own branch of Drupal coreMaintaining your own branch of Drupal core
Maintaining your own branch of Drupal core
 
Optimize Site Deployments with Drush (DrupalCamp WNY 2011)
Optimize Site Deployments with Drush (DrupalCamp WNY 2011)Optimize Site Deployments with Drush (DrupalCamp WNY 2011)
Optimize Site Deployments with Drush (DrupalCamp WNY 2011)
 
Use Web Skills To Build Mobile Apps
Use Web Skills To Build Mobile AppsUse Web Skills To Build Mobile Apps
Use Web Skills To Build Mobile Apps
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
Modern Perl
Modern PerlModern Perl
Modern Perl
 
Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014
 
Fotis alexandrou scalability on php - media camp 2010
Fotis alexandrou   scalability on php - media camp 2010Fotis alexandrou   scalability on php - media camp 2010
Fotis alexandrou scalability on php - media camp 2010
 
WordPress Security - WordCamp phoenix 2013
WordPress Security - WordCamp phoenix 2013  WordPress Security - WordCamp phoenix 2013
WordPress Security - WordCamp phoenix 2013
 

Recently uploaded

Camunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptxCamunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptx
ZachWylie3
 
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
FIDO Alliance
 
kk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdfkk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdf
KIRAN KV
 
Discovery Series - Zero to Hero - Task Mining Session 1
Discovery Series - Zero to Hero - Task Mining Session 1Discovery Series - Zero to Hero - Task Mining Session 1
Discovery Series - Zero to Hero - Task Mining Session 1
DianaGray10
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
DianaGray10
 
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
OnBoard
 
NVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space ExplorationNVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space Exploration
Alison B. Lowndes
 
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Zilliz
 
Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3
DianaGray10
 
Retrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with RagasRetrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with Ragas
Zilliz
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 
It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...
Zilliz
 
Keynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive SecurityKeynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive Security
Priyanka Aash
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10
ankush9927
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024
Stephanie Beckett
 
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptxMAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
janagijoythi
 

Recently uploaded (20)

Camunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptxCamunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptx
 
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
 
kk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdfkk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdf
 
Discovery Series - Zero to Hero - Task Mining Session 1
Discovery Series - Zero to Hero - Task Mining Session 1Discovery Series - Zero to Hero - Task Mining Session 1
Discovery Series - Zero to Hero - Task Mining Session 1
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
 
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
Mastering Board Best Practices: Essential Skills for Effective Non-profit Lea...
 
NVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space ExplorationNVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space Exploration
 
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
Garbage In, Garbage Out: Why poor data curation is killing your AI models (an...
 
Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3
 
Retrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with RagasRetrieval Augmented Generation Evaluation with Ragas
Retrieval Augmented Generation Evaluation with Ragas
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
 
It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...
 
Keynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive SecurityKeynote : AI & Future Of Offensive Security
Keynote : AI & Future Of Offensive Security
 
Finetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and DefendingFinetuning GenAI For Hacking and Defending
Finetuning GenAI For Hacking and Defending
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10Computer HARDWARE presenattion by CWD students class 10
Computer HARDWARE presenattion by CWD students class 10
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024What's New in Teams Calling, Meetings, Devices June 2024
What's New in Teams Calling, Meetings, Devices June 2024
 
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptxMAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
MAKE MONEY ONLINE Unlock Your Income Potential Today.pptx
 

Reno-Tahoe WordCamp 2011 - WordPress End User Security - Dre Armeda

  • 2. DRE ARMEDA, CISSP& I love tacos!CISSP, web addict, WordPress fanatic, Design-Dev-InfoSec geek, Chargers fan & Taco lover.Founder – CubicTwoCo-Founder – Sucuri SecurityRead my random nonsense at dre.imStraight off the streets of CPT!Dre Armeda - @dremeda
  • 3. WHAT IS SECURITY?Different people, different meanings.Protecting things of value from harm’s way.Dre Armeda - @dremeda
  • 4. IS MY SITE SECURE?Is any site?The percentage of risk can never be 0!Key objective: Minimize riskDre Armeda - @dremeda
  • 5. IT STARTS WITH YOU!Always think aheadBefore you show the world your awesomeness, think long term. An integrated approach to security, beginning to end, will help protect your investment, and your visitor safety.Information security is everyone’s responsibilityDre Armeda - @dremeda
  • 6. ARE YOU SECURE LOCALLY?My machine is my castle!Think of your local environment as if it was a medieval castle and you’re the queen or king. You & your queen/kingdom must be protected.Keep your computer up to dateEnsure you’re patching or installing updates ASAP
  • 7. Automatic updates rock!Install an anti-virus solutionEnsure you’re keeping definitions current
  • 8. Automatic updates aren’t a bad idea here either!Yes, personal firewalls still apply!Dre Armeda - @dremeda
  • 9. CONNECTING SECURELY?Who’s watching?It’s your information, but who’s watching & listening? You may be a network geek at home, but what happens at Starbucks?Your Internet ConnectionUse SSL whenever possible, especially on an unverified connection.HTTPS - great way to ensure transactions & traffic are traveling with security in mind.Connecting To Your Site(s)Consider using sFTP/SSH vs. FTPStill widely marketed, but did you know your credentials are passed unencrypted when using FTP
  • 10. If FTP is unavoidable, deny anonymous login, limit connections, practice least privilege
  • 11. Don’t store your credentials in your FTP client.Dre Armeda - @dremeda
  • 12. WHERE YOU VISITThis place sells fake anti-virusJust because your website is super ninja like doesn’t mean others are too. Most desktop viruses and malware these days are passed via infected websites.Safe BrowsingUse NoScript extension for Firefox
  • 13. It’s OK to be skeptical. Not sure, ask questions!
  • 15. HERE’S MY PASSWORDIt’s passwordPasswords are like toothbrushes, you should keep them to yourself. And discard them, and get a new one, if they have been used by others.Password ManagementChange passwords often
  • 16. Don’t share your passwords
  • 18. Use a password manager
  • 21. 1PasswordZoneAlarm by Check PointDre Armeda - @dremeda
  • 22. WHAT’S A PASSPHRASEIt’s passwordGood passwords are great, great passphrase’s are awesomeLonger than traditional passwords
  • 24. Easy to remember with all the added security goodnessF0urScore&7YearsAgoDre Armeda - @dremeda
  • 25. WHERE DO YOU LIVE?Choose wisely!At the end of the day, hosting providers market the world. You in turn, should have opportunity to know how they’re going to protect you.Your Lovely HostCheap doesn’t always mean best, or safest!How many sites on their network are blacklisted or infected w/ malware?
  • 26. What versions of software do they run and how often do they update?
  • 27. How are account credentials stored & who has access.
  • 28. Do they have published security practices?Use Google Tools to check your host:http://www.google.com/safebrowsing/diagnostic?site=hostingcompanywebsite.comDre Armeda - @dremeda
  • 29. WORDPRESSSECURITY TIPSThings to think aboutDre Armeda - @dremeda
  • 30. UPDATE UPDATE UPDATEDre Armeda - @dremeda
  • 31. UPDATE UPDATE UPDATE!Then update againKeep WordPress Updated!Quick Tips for Successful UpdatesDon’t edit WordPress core
  • 32. Research your plugins & themes before deployment
  • 35. Read ReviewsMinor WordPress versions ( ie3.1.x ) do NOT add new features. They contain bug fixes and security patchesDre Armeda - @dremeda
  • 36. YES, PLUGINS TOO!Why should I?Update Those Plugins!The pluginChangelog tab makes it very easy to view what has changed in a new plugin versionAlso viewable in the plugin installer in your wp-admin areaDre Armeda - @dremeda
  • 37. CHANGE DB TABLE PREFIXWon’t solve world hunger, but why not?1.WordPress installer allows you to specify new prefix during install2. Or, BEFORE installing, you can change the prefix manually in wp-config.php:/** * WordPress Database Table prefix. * * You can have multiple installations in one database if you give each a unique * prefix. Only numbers, letters, and underscores please! */$table_prefix = ‘tacos_';All database tables will now have a unique prefix (ietacos_posts)Dre Armeda - @dremeda
  • 38. KEEPING SECRETSAh come onSome secrets should remain secretsDre Armeda - @dremeda
  • 39. USE SECRET KEYSYes it’s a bit obscureA secret key is a hashing salt which makes your site harder to hack by adding random elements to the password.1. Edit wp-config.phpAFTERBEFOREdefine('AUTH_KEY', '*8`:Balq!`,-j.JTl~sP%&>@ON,t(}S6)IG|nG1JIfY(,y=][-3$!N6be]-af|BD');define('SECURE_AUTH_KEY', 'q+i-|3S~d?];6$[$!ZOXbw6c]0 !k/,UxOod>fqV!sWCkvBihF2#hI=CDt_}WaH1');define('LOGGED_IN_KEY', 'D/QoRf{=&OC=CrT/^Zq}M9MPT&49^O}G+m2L{ItpX_jh(-I&-?pkeC_SaF0nw;m+');define('NONCE_KEY', 'oJo8C&sc+ C7Yc,W1v o5}.FR,Zk!J<]vaCa%2D9nj8otj5z8UnJ_q.Q!hgpQ*-H');define('AUTH_SALT', 'r>O/;U|xg~I5v.u(Nq+JMfYHk.*[p8!baAsb1DKa8.0}q/@V5snU1hV2eR!|whmt');define('SECURE_AUTH_SALT', '3s1|cIj d7y<?]Z1n# i1^FQ *L(Kax)Y%r(mp[DUX.1a3!jv(;P_H6Q7|y.!7|-');define('LOGGED_IN_SALT', '`@>+QdZhD!|AKk09*mr~-F]/F39Sxjl31FX8uw+wxUYI;U{NWx|y|+bKJ*4`uF`*');define('NONCE_SALT', 'O+#iqcPw#]O4TcC%Kz_DAf:mK!Zy@Zt*Kmm^C25U|T!|?ldOf/l1TZ6Tw$9y[M/6');define('AUTH_KEY', 'put your unique phrase here');define('SECURE_AUTH_KEY', 'put your unique phrase here');define('LOGGED_IN_KEY', 'put your unique phrase here');define('NONCE_KEY', 'put your unique phrase here');define('AUTH_SALT', 'put your unique phrase here');define('SECURE_AUTH_SALT', 'put your unique phrase here');define('LOGGED_IN_SALT', 'put your unique phrase here');define('NONCE_SALT', 'put your unique phrase here');Some secrets should remain secrets2. Visit this URL to get your secret keys:https://api.wordpress.org/secret-key/1.1/saltDre Armeda - @dremeda
  • 40. REALLY SECUREDoh!Yes, it happens. #FAILDre Armeda - @dremeda
  • 41. COMMENCE LOCKDOWNTehSSL’sAdd the code below to wp-config.php to force SSL (https) on logindefine('FORCE_SSL_LOGIN', true);Add the code below to wp-config.php to force SSL (https) on all admin pagesdefine('FORCE_SSL_ADMIN', true);Using SSL (https) on all admin screens in WordPress will encrypt all data transmitted with the same encryption as online shoppinghttps://codex.wordpress.org/Administration_Over_SSLDre Armeda - @dremeda
  • 42. LIMIT ACCESSThem, that, there IP’s1. Create an .htaccess file in your wp-admin directory2. Add the following lines of code:AuthUserFile /dev/nullAuthGroupFile /dev/nullAuthName "Access Control"AuthType Basicorder deny,allowdeny from all#IP address to Whitelistallow from 67.123.83.59allow from 123.123.123.123Only a user with the IP 67.123.83.59 or 123.123.123.123 can access wp-adminDre Armeda - @dremeda
  • 43. USE TRUSTED SOURCESShirley you can’t be serious?Is this happening on your site?Themes can include base64() encoded text links to promote various serviceshttp://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/Dre Armeda - @dremeda
  • 44. USE TRUSTED SOURCESSo many choicesTrusted Sources for Free WordPress ThemesWordPress.org Theme Directoryhttp://wordpress.org/extend/themes/WooThemeshttp://www.woothemes.com/themes/free/Themelabhttp://www.themelab.com/free-wordpress-themesTheme Hybridhttp://themehybrid.com/ThemeShaper(Thematic)http://themeshaper.comGraph Paper Presshttp://graphpaperpress.com/themes/More themes: http://wpmu.org/when-is-a-free-wordpress-theme-really-free-some-thoughts-and-some-places-to-find-them/Dre Armeda - @dremeda
  • 45. HOW DO YOU LOGIN?With a keyboard dummyDre Armeda - @dremeda
  • 46. DON’T BE HOOD YO!I got nothing!Dre Armeda - @dremeda
  • 47. HALFWAY THERE…Livin’ on a prayerKnowing your username is half the battle. Don't make it easy on the hackers.Dre Armeda - @dremeda
  • 48. NO MORE ADMIN USERGood bye old manChange the admin username in MySQL:UPDATE wp_users SET user_login='hulkster' WHERE user_login='admin';Or create a new account with administrator privileges. Create a new account. Make the username very unique Assign account to Administrator role Log out and log back in with new account Delete admin accountWordPress will allow you to reassign all content written by admin to an account of your choice. Dre Armeda - @dremeda
  • 49. OH BABY!Wouldn’t you know itWordPress 3.0 lets you setthe administrator username during the installation process!DON'T USE ADMIN!Dre Armeda - @dremeda
  • 50. PERMISSIONSSay no to 777What folder permissions should you use?Good Rule of Thumb: Files should be set to 644
  • 51. Folders should be set to 755Better Rule of Thumb:Set permissions to the lowest that still work.Start with the default settings above If your host requires 777…SWITCH HOSTS!Dre Armeda - @dremeda
  • 52. CHANGING PERMISSIONSChoose wisely!Or via SSH with the following commandsfind [your path here] -type d -exec chmod 755 {} find [your path here] -type f -exec chmod 644 {} Dre Armeda - @dremeda
  • 53. UPDATE UPDATE UPDATEDre Armeda - @dremeda
  • 54. SECURITY PLUGINSHot digitySucuriWordPress Security - https://wordpress.sucuri.net/sucuri-wp-plugin.zip
  • 55. WordPress Exploit Scanner - http://wordpress.org/extend/plugins/exploit-scanner/
  • 56. WordPress File Monitor - http://wordpress.org/extend/plugins/wordpress-file-monitor/
  • 57. Login Lockdown - http://wordpress.org/extend/plugins/login-lockdown/
  • 59. BulletProof Security - http://wordpress.org/extend/plugins/bulletproof-security/
  • 61. Backup PluginsStart now if you haven’t alreadyBackup Buddy – http://pluginbuddy.com/purchase/backupbuddy/
  • 63. SucuriWordPress Security - http//wordpress.sucuri.net/sucuri-wp-plugin.zip
  • 64. WP Time Machine – http://wordpress.org/extend/plugins/wp-time-machine/
  • 65. WP-DB Backup – http://wordpress.org/extend/plugins/wp-db-backup/Dre Armeda - @dremeda
  • 66. WEBSITE SCANNING TOOLSAre you serving malware?Malware Scanning ToolsSucuri.net – http://sucuri.net/
  • 67. Unmask Parasites - http://unmaskparasites.com/Malware RemovalSucuri.net- http//sucuri.net
  • 69. RESOURCESGood reading Security Related Codex Articleshttp://codex.wordpress.org/Hardening_WordPress
  • 72. http://codex.wordpress.org/htaccess_for_subdirectories Blog Security Articleshttp://blog.sucuri.net/2010/11/yet-another-wordpress-security-post-part-one.html
  • 79. THANKS FORCOMINGSee you soonDre Armeda, CISSP@dremedaCubictwo.comSucuri.netDre.imDre Armeda - @dremeda