Tony Perez, profile picture
Uploaded byTony Perez
PPTX, PDF1,764 views

Website Security (WordPress) - It's About the Basics

Tony Perez of Sucuri, Inc. gave a presentation on website security, with a focus on WordPress sites. Some key points included: Sucuri scans over 2 million domains and blocks 4 million attacks per month; in 2013 there was an increase in major data breaches; common attacks on websites include exploiting vulnerabilities, malware distribution through remote files/scripts, ransomware explosions, and search engine poisoning; defenses include strong credentials, limiting access and privileges, keeping software updated, using a website firewall, and monitoring activity through logging. Perez emphasized having security as the default posture through a defense-in-depth approach with layered protections.

Embed presentation

Downloaded 15 times
It’s About The Basics Website Security (WordPress)
@PEREZBOX • Sucuri, Inc. – @sucuri_security – @perezbox • Specialization: – Website Security – Incident Handling • Special Interests: – Brazilian JiuJitsu 5/17/2014 Tony Perez | @perezbox | @sucuri_security 2
• Website Security Company • Global Operations • Platform Agnostic (i.e., WordPress, Joomla, etc..) • Scan 2M Unique Domains a Month • Block 4M web attacks a Month • Remediate 400 – 500 websites a day • Signature / Heuristic Based • 24/7 operations 5/17/2014 Tony Perez | @perezbox | @sucuri_security 3
Statistics 5/17/2014 Tony Perez | @perezbox | @sucuri_security 4
2013 – Year of the Mega Breach Data Breaches (Millions) 2011 2013 5/17/2014 Tony Perez | @perezbox | @sucuri_security 5
Anatomy of Malicious Websites Malicious Websites Legitimate Websites 5/17/2014 Tony Perez | @perezbox | @sucuri_security 6
Legitimate Websites Not-Exploitable Exploitable 5/17/2014 Tony Perez | @perezbox | @sucuri_security 7 1 in 8 - Critical Vulnerability
Ransomware Explosion Ransomware 2012 2013 5/17/2014 Tony Perez | @perezbox | @sucuri_security 8
Malware Distribution 26% 19% 16% 14% 11% 4% 10% Remote iFrame Includes Remote JavaScript Includes SPAM Injections Obfuscated / Encoded JavaScript Conditional Redirects Defacements Other 5/17/2014 Tony Perez | @perezbox | @sucuri_security 9
Understanding Hackers 5/17/2014 Tony Perez | @perezbox | @sucuri_security 10
Anatomy of Website Attacks 5/17/2014 Tony Perez | @perezbox | @sucuri_security 11  Use for malware?  Pat of a zombie network?  Data breach? What kind of website do you have?
Five Stages of an Attack 5/17/2014 Tony Perez | @perezbox | @sucuri_security 12
Automated Attacks 5/17/2014 Tony Perez | @perezbox | @sucuri_security 13  Exploiting Access Control
Distribution Mechanism 5/17/2014 Tony Perez | @perezbox | @sucuri_security 14
There’s a Tool for that • Malware as a Service (MaaS) – Yes, pay someone to hack for you • Different tools to break in and generate payloads – Brute force and vulnerability exploits Malware Payloads 5/17/2014 Tony Perez | @perezbox | @sucuri_security 15
Why? 5/17/2014 Tony Perez | @perezbox | @sucuri_security 16
Impacts To You 5/17/2014 Tony Perez | @perezbox | @sucuri_security 17
Beyond The Application Layer • Going Deeper than the application layer, targeting the server. • Server Polymorphism – a.k.a highly adaptive / sophistication 5/17/2014 Tony Perez | @perezbox | @sucuri_security 18 Darkleech Cdork (Apache) Ebury (SSH) Email Server (SPAM) Heartbleed (OpenSSL)
Phishing Lures 5/17/2014 Tony Perez | @perezbox | @sucuri_security 19
Exploiting Forms • Stick With Reputable Sources • Generating SPAM emails, resource hogs • IP blacklisting 5/17/2014 Tony Perez | @perezbox | @sucuri_security 20
Search Engine Poisoning (SEP) • Pharmacy • Payday Loans 5/17/2014 Tony Perez | @perezbox | @sucuri_security 21
Blacklisting 5/17/2014 Tony Perez | @perezbox | @sucuri_security 22
Drive By Downloads 5/17/2014 Tony Perez | @perezbox | @sucuri_security 23
Brute Force Attacks 5/17/2014 Tony Perez | @perezbox | @sucuri_security 24
Denial of Service (DOS) 5/17/2014 Tony Perez | @perezbox | @sucuri_security 25
Brute Force vs Denial of Service 5/17/2014 Tony Perez | @perezbox | @sucuri_security 26
Trust Erosion 5/17/2014 Tony Perez | @perezbox | @sucuri_security 27
Free is not always Free • http://blog.sucuri.net/2014/03/unmasking-free-premium- wordpress-plugins.html 5/17/2014 Tony Perez | @perezbox | @sucuri_security 28 - SEOPresser - Payload located: wp-content/plugins/seo-pressor(gratuit) - File: central.class.php - Flat Skins Pack Extension - Payload located: wp-content/restrict-content-pro/includes/ - File: sidebar.php - Restrict Content Pro - Paylaod located: wp-content/ubermenu-skins-flat
Don’t Worry, Everyone is a “Target” 5/17/2014 Tony Perez | @perezbox | @sucuri_security 29
Defenses 5/17/2014 Tony Perez | @perezbox | @sucuri_security 30
Biggest Weakness / Vulnerability 5/17/2014 Tony Perez | @perezbox | @sucuri_security 31
It’s About Good Posture 5/17/2014 Tony Perez | @perezbox | @sucuri_security 32
Starts With Expectations “It’s about risk reduction… risk will never be zero…” 5/17/2014 Tony Perez | @perezbox | @sucuri_security 33 Posture Risk
Defense in Depth “…a concept in which multiple layers of security controls (defenses) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited…” 5/17/2014 Tony Perez | @perezbox | @sucuri_security 34
Layered Defenses 5/17/2014 Tony Perez | @perezbox | @sucuri_security 35 Protection Detection Auditing Sustainment
Access – P@ssw0rd • Passwords 5/17/2014 Tony Perez | @perezbox | @sucuri_security 36 Complex – Long - Unique
Enforce Strong Credentials 5/17/2014 Tony Perez | @perezbox | @sucuri_security 37
Push the Access Boundaries 5/17/2014 Tony Perez | @perezbox | @sucuri_security 38 • https://getclef.com/ | @getclef
Principle of Least Privileged “requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user or a program depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose.” 5/17/2014 Tony Perez | @perezbox | @sucuri_security 39
Understand Your Roles 5/17/2014 Tony Perez | @perezbox | @sucuri_security 40
Hardening – Kill PHP 5/17/2014 Tony Perez | @perezbox | @sucuri_security 41  PHP Execution, disable it:  /wp-includes  /wp-content ▪ /themes ▪ /plugins ▪ /uploads <Files *.php> Deny from all </Files>
Disable Plugin / Theme Editor • WP-CONFIG File Modification #Disable Plugin / Theme Editor Define(‘DISALLOW_FILE_EDIT’,true); 5/17/2014 Tony Perez | @perezbox | @sucuri_security 42
Brute Force Attacks 5/17/2014 Tony Perez | @perezbox | @sucuri_security 43
Please Backup 5/17/2014 Tony Perez | @perezbox | @sucuri_security 44
Software Vulnerabilities • Stay current with the latest vulnerabilities: – Secure - http://wordpress.org/plugins/secure/ 5/17/2014 Tony Perez | @perezbox | @sucuri_security 45
Brute Force Protection • Local Protection – https://bruteprotect.com/ | @BruteProtect 5/17/2014 Tony Perez | @perezbox | @sucuri_security 46
Stay Current (Update) 5/17/2014 Tony Perez | @perezbox | @sucuri_security 47
Website Firewalls 5/17/2014 Tony Perez | @perezbox | @sucuri_security 48 • Stay ahead of Software Vulnerabilities
Ensure Integrity of Connection 5/17/2014 Tony Perez | @perezbox | @sucuri_security 49 • https://www.getcloak.com/ | @getcloak
Simple Steps to Reduce Risk 1. Employ Website Firewall 2. Don’t let WordPress write to itself 3. Filter Access by IP 4. Use a dedicated server / VPS 5. Monitor all Activity (Logging) 6. Enable SSL for transactions 7. Keep environment current (patched) 8. No Soup Kitchen Servers 5/17/2014 Tony Perez | @perezbox | @sucuri_security 50 1. Connect Securely – SFTP / SSH 2. Authentication Keys / wp- config 3. Use Trusted Sources 4. Use a local Antivirus – MAC too 5. Permissions - D 755 | F 644 6. Least Privileged Principles 7. Accountability 8. Backups – Include Database Ideal implementations:The Bare Minimum:
Notable Resources Name Tool Sucuri Blog http://blog.sucuri.net Sucuri TV http://sucuri.tv Malware Scanner http://sitecheck.sucuri.net Malware Scanner http://unmaskparasites.com Badware Busters https://badwarebusters.org Google Forums http://productforums.google.com/forum/#!categories/webmasters/malware--hacked- sites Google Webmaster Tools http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633 Secunia Security Advisories http://secunia.com/community/advisories/search/?search=wordpress Exploit-DB http://www.exploit- db.com/search/?action=search&filter_description=Wordpress&filter_platform=31 WordPress Hacked FAQ http://codex.wordpress.org/FAQ_My_site_was_hacked WordPress Hardening http://codex.wordpress.org/Hardening_WordPress 5/17/2014 Tony Perez | @perezbox | @sucuri_security 51
Sucuri, Inc. Tony Perez http://sucuri.net http://blog.sucuri.net @perezbox | @sucuri_security http://www.slideshare.net/perezbox/website-security- wordpress-its-about-the-basics 5/17/2014 Tony Perez | @perezbox | @sucuri_security 52

More Related Content

PPTX
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri Security
byTony Perez
 
PPTX
Joomla! Day Atlanta 2014 - Website Security - The Basics
byTony Perez
 
PDF
Piketty twitlog _4-14
byMacropru Reader
 
PDF
let's talk web standards
byZi Bin Cheah
 
PDF
50+ tools to enhance your social media strategy
byJeremy Blanton
 
PPTX
Building a Security Framework for Websites
byTony Perez
 
PPTX
Web application security: how to start?
byAntonio Fontes
 
PPTX
Website Security - Latest and Greatest (WordPress 2014)
byTony Perez
 
WordCamp Minneapolis 2014 - Website Security Presentation - Sucuri Security
byTony Perez
 
Joomla! Day Atlanta 2014 - Website Security - The Basics
byTony Perez
 
Piketty twitlog _4-14
byMacropru Reader
 
let's talk web standards
byZi Bin Cheah
 
50+ tools to enhance your social media strategy
byJeremy Blanton
 
Building a Security Framework for Websites
byTony Perez
 
Web application security: how to start?
byAntonio Fontes
 
Website Security - Latest and Greatest (WordPress 2014)
byTony Perez
 

Similar to Website Security (WordPress) - It's About the Basics

PPTX
Website Security - It Begins With Good Posture
byTony Perez
 
PPTX
Word press website security
byTony Perez
 
PPTX
Hacked - What do you do now?
byTony Perez
 
PPTX
WordPress Security - Learning From Hacks
byTony Perez
 
PPTX
Sucuri Webinar: Website Security Primer for Digital Marketers
bySucuri
 
PPTX
WordPress Website Security - Trends, Threats, Defenses
byTony Perez
 
PPTX
WordPress Security 2014 - The Basics of Security
byTony Perez
 
PPTX
Navigating Online Threats - Website Security for Everyday Website Owners
byTony Perez
 
PPTX
Sucuri Webinar: How Websites Get Hacked
bySucuri
 
PDF
Security Presentation for Boulder WordPress Meetup
byAngela Bowman
 
PPTX
WordPress Security - Dealing With Today's Hacks
byTony Perez
 
PDF
Head Slapping WordPress Security
byChris Burgess
 
PDF
Why security matters
bySucuri
 
PPTX
Pubcon Vegas Session - WordPress Site Security Audits
byKristine Schachinger SEO and Online Marketing
 
PDF
The 7 Deadly Sins of WordPress Security
byJoseph Herbrandson
 
PPTX
Word camp orange county 2012 enduser security
byTony Perez
 
PPTX
WordPress Security and Best Practices
byRobert Vidal
 
PDF
WordCamp Baltimore - WordPress Security: Fundamentals for Business
byJoseph Herbrandson
 
PPTX
WordPress Security - WordPress Meetup Copenhagen 2013
byThor Kristiansen
 
PDF
Are You Safe From Hackers
byMichele Butcher-Jones
 
Website Security - It Begins With Good Posture
byTony Perez
 
Word press website security
byTony Perez
 
Hacked - What do you do now?
byTony Perez
 
WordPress Security - Learning From Hacks
byTony Perez
 
Sucuri Webinar: Website Security Primer for Digital Marketers
bySucuri
 
WordPress Website Security - Trends, Threats, Defenses
byTony Perez
 
WordPress Security 2014 - The Basics of Security
byTony Perez
 
Navigating Online Threats - Website Security for Everyday Website Owners
byTony Perez
 
Sucuri Webinar: How Websites Get Hacked
bySucuri
 
Security Presentation for Boulder WordPress Meetup
byAngela Bowman
 
WordPress Security - Dealing With Today's Hacks
byTony Perez
 
Head Slapping WordPress Security
byChris Burgess
 
Why security matters
bySucuri
 
Pubcon Vegas Session - WordPress Site Security Audits
byKristine Schachinger SEO and Online Marketing
 
The 7 Deadly Sins of WordPress Security
byJoseph Herbrandson
 
Word camp orange county 2012 enduser security
byTony Perez
 
WordPress Security and Best Practices
byRobert Vidal
 
WordCamp Baltimore - WordPress Security: Fundamentals for Business
byJoseph Herbrandson
 
WordPress Security - WordPress Meetup Copenhagen 2013
byThor Kristiansen
 
Are You Safe From Hackers
byMichele Butcher-Jones
 

More from Tony Perez

PPTX
A Practical Security Framework for Website Owners
byTony Perez
 
PPTX
2017 WHD - Bridging the Divide Between Behavior and Security
byTony Perez
 
PPTX
Accounting for Website Security in Higher Education
byTony Perez
 
PPTX
Business of People - Lessons Learned Building a Remote Workforce
byTony Perez
 
PPTX
WordPress Security Begins With Good Posture
byTony Perez
 
PPT
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
byTony Perez
 
PPTX
WordPress Security - The "No-BS" Version
byTony Perez
 
A Practical Security Framework for Website Owners
byTony Perez
 
2017 WHD - Bridging the Divide Between Behavior and Security
byTony Perez
 
Accounting for Website Security in Higher Education
byTony Perez
 
Business of People - Lessons Learned Building a Remote Workforce
byTony Perez
 
WordPress Security Begins With Good Posture
byTony Perez
 
TBEX - North America 2014 - 5 Tips to Keep Your Content and Users Safe
byTony Perez
 
WordPress Security - The "No-BS" Version
byTony Perez
 

Website Security (WordPress) - It's About the Basics

  • 1.
    It’s About TheBasics Website Security (WordPress)
  • 2.
    @PEREZBOX • Sucuri, Inc. –@sucuri_security – @perezbox • Specialization: – Website Security – Incident Handling • Special Interests: – Brazilian JiuJitsu 5/17/2014 Tony Perez | @perezbox | @sucuri_security 2
  • 3.
    • Website SecurityCompany • Global Operations • Platform Agnostic (i.e., WordPress, Joomla, etc..) • Scan 2M Unique Domains a Month • Block 4M web attacks a Month • Remediate 400 – 500 websites a day • Signature / Heuristic Based • 24/7 operations 5/17/2014 Tony Perez | @perezbox | @sucuri_security 3
  • 4.
    Statistics 5/17/2014 Tony Perez |@perezbox | @sucuri_security 4
  • 5.
    2013 – Yearof the Mega Breach Data Breaches (Millions) 2011 2013 5/17/2014 Tony Perez | @perezbox | @sucuri_security 5
  • 6.
    Anatomy of MaliciousWebsites Malicious Websites Legitimate Websites 5/17/2014 Tony Perez | @perezbox | @sucuri_security 6
  • 7.
    Legitimate Websites Not-Exploitable Exploitable 5/17/2014 Tony Perez| @perezbox | @sucuri_security 7 1 in 8 - Critical Vulnerability
  • 8.
    Ransomware Explosion Ransomware 2012 2013 5/17/2014 TonyPerez | @perezbox | @sucuri_security 8
  • 9.
    Malware Distribution 26% 19% 16% 14% 11% 4% 10% Remote iFrame Includes Remote JavaScript Includes SPAMInjections Obfuscated / Encoded JavaScript Conditional Redirects Defacements Other 5/17/2014 Tony Perez | @perezbox | @sucuri_security 9
  • 10.
    Understanding Hackers 5/17/2014 Tony Perez| @perezbox | @sucuri_security 10
  • 11.
    Anatomy of WebsiteAttacks 5/17/2014 Tony Perez | @perezbox | @sucuri_security 11  Use for malware?  Pat of a zombie network?  Data breach? What kind of website do you have?
  • 12.
    Five Stages ofan Attack 5/17/2014 Tony Perez | @perezbox | @sucuri_security 12
  • 13.
    Automated Attacks 5/17/2014 Tony Perez| @perezbox | @sucuri_security 13  Exploiting Access Control
  • 14.
    Distribution Mechanism 5/17/2014 Tony Perez| @perezbox | @sucuri_security 14
  • 15.
    There’s a Toolfor that • Malware as a Service (MaaS) – Yes, pay someone to hack for you • Different tools to break in and generate payloads – Brute force and vulnerability exploits Malware Payloads 5/17/2014 Tony Perez | @perezbox | @sucuri_security 15
  • 16.
    Why? 5/17/2014 Tony Perez |@perezbox | @sucuri_security 16
  • 17.
    Impacts To You 5/17/2014 TonyPerez | @perezbox | @sucuri_security 17
  • 18.
    Beyond The ApplicationLayer • Going Deeper than the application layer, targeting the server. • Server Polymorphism – a.k.a highly adaptive / sophistication 5/17/2014 Tony Perez | @perezbox | @sucuri_security 18 Darkleech Cdork (Apache) Ebury (SSH) Email Server (SPAM) Heartbleed (OpenSSL)
  • 19.
    Phishing Lures 5/17/2014 Tony Perez| @perezbox | @sucuri_security 19
  • 20.
    Exploiting Forms • StickWith Reputable Sources • Generating SPAM emails, resource hogs • IP blacklisting 5/17/2014 Tony Perez | @perezbox | @sucuri_security 20
  • 21.
    Search Engine Poisoning(SEP) • Pharmacy • Payday Loans 5/17/2014 Tony Perez | @perezbox | @sucuri_security 21
  • 22.
    Blacklisting 5/17/2014 Tony Perez |@perezbox | @sucuri_security 22
  • 23.
    Drive By Downloads 5/17/2014 TonyPerez | @perezbox | @sucuri_security 23
  • 24.
    Brute Force Attacks 5/17/2014 TonyPerez | @perezbox | @sucuri_security 24
  • 25.
    Denial of Service(DOS) 5/17/2014 Tony Perez | @perezbox | @sucuri_security 25
  • 26.
    Brute Force vsDenial of Service 5/17/2014 Tony Perez | @perezbox | @sucuri_security 26
  • 27.
    Trust Erosion 5/17/2014 Tony Perez| @perezbox | @sucuri_security 27
  • 28.
    Free is notalways Free • http://blog.sucuri.net/2014/03/unmasking-free-premium- wordpress-plugins.html 5/17/2014 Tony Perez | @perezbox | @sucuri_security 28 - SEOPresser - Payload located: wp-content/plugins/seo-pressor(gratuit) - File: central.class.php - Flat Skins Pack Extension - Payload located: wp-content/restrict-content-pro/includes/ - File: sidebar.php - Restrict Content Pro - Paylaod located: wp-content/ubermenu-skins-flat
  • 29.
    Don’t Worry, Everyoneis a “Target” 5/17/2014 Tony Perez | @perezbox | @sucuri_security 29
  • 30.
    Defenses 5/17/2014 Tony Perez |@perezbox | @sucuri_security 30
  • 31.
    Biggest Weakness /Vulnerability 5/17/2014 Tony Perez | @perezbox | @sucuri_security 31
  • 32.
    It’s About GoodPosture 5/17/2014 Tony Perez | @perezbox | @sucuri_security 32
  • 33.
    Starts With Expectations “It’sabout risk reduction… risk will never be zero…” 5/17/2014 Tony Perez | @perezbox | @sucuri_security 33 Posture Risk
  • 34.
    Defense in Depth “…aconcept in which multiple layers of security controls (defenses) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited…” 5/17/2014 Tony Perez | @perezbox | @sucuri_security 34
  • 35.
    Layered Defenses 5/17/2014 Tony Perez| @perezbox | @sucuri_security 35 Protection Detection Auditing Sustainment
  • 36.
    Access – P@ssw0rd •Passwords 5/17/2014 Tony Perez | @perezbox | @sucuri_security 36 Complex – Long - Unique
  • 37.
    Enforce Strong Credentials 5/17/2014 TonyPerez | @perezbox | @sucuri_security 37
  • 38.
    Push the AccessBoundaries 5/17/2014 Tony Perez | @perezbox | @sucuri_security 38 • https://getclef.com/ | @getclef
  • 39.
    Principle of LeastPrivileged “requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user or a program depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose.” 5/17/2014 Tony Perez | @perezbox | @sucuri_security 39
  • 40.
    Understand Your Roles 5/17/2014 TonyPerez | @perezbox | @sucuri_security 40
  • 41.
    Hardening – KillPHP 5/17/2014 Tony Perez | @perezbox | @sucuri_security 41  PHP Execution, disable it:  /wp-includes  /wp-content ▪ /themes ▪ /plugins ▪ /uploads <Files *.php> Deny from all </Files>
  • 42.
    Disable Plugin /Theme Editor • WP-CONFIG File Modification #Disable Plugin / Theme Editor Define(‘DISALLOW_FILE_EDIT’,true); 5/17/2014 Tony Perez | @perezbox | @sucuri_security 42
  • 43.
    Brute Force Attacks 5/17/2014 TonyPerez | @perezbox | @sucuri_security 43
  • 44.
    Please Backup 5/17/2014 Tony Perez| @perezbox | @sucuri_security 44
  • 45.
    Software Vulnerabilities • Staycurrent with the latest vulnerabilities: – Secure - http://wordpress.org/plugins/secure/ 5/17/2014 Tony Perez | @perezbox | @sucuri_security 45
  • 46.
    Brute Force Protection •Local Protection – https://bruteprotect.com/ | @BruteProtect 5/17/2014 Tony Perez | @perezbox | @sucuri_security 46
  • 47.
    Stay Current (Update) 5/17/2014 TonyPerez | @perezbox | @sucuri_security 47
  • 48.
    Website Firewalls 5/17/2014 Tony Perez| @perezbox | @sucuri_security 48 • Stay ahead of Software Vulnerabilities
  • 49.
    Ensure Integrity ofConnection 5/17/2014 Tony Perez | @perezbox | @sucuri_security 49 • https://www.getcloak.com/ | @getcloak
  • 50.
    Simple Steps toReduce Risk 1. Employ Website Firewall 2. Don’t let WordPress write to itself 3. Filter Access by IP 4. Use a dedicated server / VPS 5. Monitor all Activity (Logging) 6. Enable SSL for transactions 7. Keep environment current (patched) 8. No Soup Kitchen Servers 5/17/2014 Tony Perez | @perezbox | @sucuri_security 50 1. Connect Securely – SFTP / SSH 2. Authentication Keys / wp- config 3. Use Trusted Sources 4. Use a local Antivirus – MAC too 5. Permissions - D 755 | F 644 6. Least Privileged Principles 7. Accountability 8. Backups – Include Database Ideal implementations:The Bare Minimum:
  • 51.
    Notable Resources Name Tool SucuriBlog http://blog.sucuri.net Sucuri TV http://sucuri.tv Malware Scanner http://sitecheck.sucuri.net Malware Scanner http://unmaskparasites.com Badware Busters https://badwarebusters.org Google Forums http://productforums.google.com/forum/#!categories/webmasters/malware--hacked- sites Google Webmaster Tools http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633 Secunia Security Advisories http://secunia.com/community/advisories/search/?search=wordpress Exploit-DB http://www.exploit- db.com/search/?action=search&filter_description=Wordpress&filter_platform=31 WordPress Hacked FAQ http://codex.wordpress.org/FAQ_My_site_was_hacked WordPress Hardening http://codex.wordpress.org/Hardening_WordPress 5/17/2014 Tony Perez | @perezbox | @sucuri_security 51
  • 52.
    Sucuri, Inc. Tony Perez http://sucuri.net http://blog.sucuri.net @perezbox| @sucuri_security http://www.slideshare.net/perezbox/website-security- wordpress-its-about-the-basics 5/17/2014 Tony Perez | @perezbox | @sucuri_security 52