SlideShare a Scribd company logo

Wordcampcolumbus 2009

Download as PPTX, PDF
Brian Lockrey
Brian Lockrey

WordCamp Columbus Presentation: Internet Security for Bloggers and Podcasters May 16, 2009 Brian Lockrey http://assistcoach.com

Technology
1 of 20
Internet Security for Bloggers and Podcasters Brian Lockrey http://AssistCoach.com
Overview Blog Security WordPress Social Networking Micro-Blogging Podcasts Advertising Best Practices
Blog Security: WordPress WordPress Security: Google 11,800,000 Very Popular Platform Prime Target for Hackers SEO: Search Engine Optimization Traffic Redirection Links to Pharmacy / Adult sites Graphics Replacement Ad / Affiliate Redirection Many others…
Blog Security: WordPress You are on their hit list! Game… Like you play Guitar Hero… Always run the latest versions Backdoor entry points Passwords for users are downloaded Open Source Software Backups are essential Frequent updates are essential Many others…
Blog Security: WordPress Monitor log files Block probers if you can Delete meta tag that displays WP version “Powered by WordPress” Private site or hosted? WordPress.com What is your Time worth? What is your Blog worth?
Blog Security: WordPress Turn off Open Registration WP 2.5+ has better password encryption Use a Strong admin password! Limit Search on your server Protect Directories from public browsing Drop the version string in Meta Tags
Blog Security: WordPress Limitwp-admin access by IP address Protect using .htaccess Protect your MySQL database Use SSH/Shell access, not FTP Use SFTP uploads if you can Use VPN if you can Never use Telnet!
Hosting Platform? Use Linux / Apache if you can Do NOT use Microsoft Windows Automattic PollDaddy migration PollDaddy .NET / SQL to PHP/MySQL Automattic has 1,200 servers in use Per Matt’s Blog - Stable and Scalable
WordPress: Internals PHP MySQL Known Database Schema Known Class and Function Names Known File Names Known Folder Names
WordPress: Internals PHP – Must be kept updated MySQL – Must be kept updated OpenSource Software more secure Security Through Transparency Millions of people looking at it Often fixed quickly
WordPress: Look For? The Obvious PlugIns that you did not install header.php changes Search Engine redirection (hard to detect) Spammers may hide text View HTML Source Code Google records your “bad” content
WordPress: Look For More? New Directories Your RSS feeds Search Engines Google = link:twittgroups.com Digg, StumbleUpon Many others…
If You Get Hacked? Justa matter of time Change ALL passwords Backup databases Update software quickly Shut down site. Maybe… Email to security@wordpress.com
WordPress: Plugins / Widgets Only use what you can trust Watch for suspicious activity WP Security Scan File Permissions Database Security XSS vulnerabilities Many others…
Comment Boxes / Widgets Comment Spam Login Required reCHAPTCHA codes Google Friend Connect OpenID Twitter OAuth Many others…
Advertising On Your Blog Google AdWords / AdSense Others ??? Affiliate Programs Be Careful… WordPress Plugins $5000 per Week? Slim Chance Should you $$$ to Advertise?
Podcasts Reliable Hosting Service Your XML feeds Search Engines Password Protect the Content Folders Will keep out the Google Spiders
Best Practices Software Up To Date! Backup Databases Directory Protection Codes File Protection Codes Remove Install Files Remove Version # Layered Software Do NOT use Microsoft Windows!
Summary Overwhelmed? StartSimple Best Practices Stay Updated Follow the Experts Network with others Collaborate with others
Questions? @AssistCoach

Recommended

Library Program Technology in Ukraine & Romania
Library Program Technology in Ukraine & RomaniaLibrary Program Technology in Ukraine & Romania
Library Program Technology in Ukraine & Romania
Mark Belinsky
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-security
Digamber Pradhan
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Heroku
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security session
Pratik Jagdishwala
 
Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]
HaMiD Fadaei | همیدفدایی
 
Website security
Website securityWebsite security
Website security
Akhilesh Kant
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
Thor Kristiansen
 

Recommended

Library Program Technology in Ukraine & Romania
Library Program Technology in Ukraine & RomaniaLibrary Program Technology in Ukraine & Romania
Library Program Technology in Ukraine & Romania
Mark Belinsky
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-security
Digamber Pradhan
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Heroku
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security session
Pratik Jagdishwala
 
Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]
HaMiD Fadaei | همیدفدایی
 
Website security
Website securityWebsite security
Website security
Akhilesh Kant
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
Thor Kristiansen
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
Otto Kekäläinen
 
Security 101
Security 101Security 101
Security 101
Red Gate Software
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
Dre Armeda
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101
Seravo
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
SiteGround.com
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff Hoffman
Jeff Hoffman
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011
Dre Armeda
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
Acodez IT Solutions
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP Profiling
Otto Kekäläinen
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
Brad Williams
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basics
amiable_indian
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
Brad Williams
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPress
Dre Armeda
 
Use Xdebug to profile PHP
Use Xdebug to profile PHPUse Xdebug to profile PHP
Use Xdebug to profile PHP
Seravo
 
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Bastian Grimm
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home Ownership
Denise (Dee) Teal
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
SiteGround.com
 
Don't Get Stung
Don't Get StungDon't Get Stung
Don't Get Stung
Barry Dorrans
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developers
Seravo
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
Brad Williams
 
PodCamp Ohio 2009
PodCamp Ohio 2009PodCamp Ohio 2009
PodCamp Ohio 2009
Brian Lockrey
 
Innovation, Education, and Technology
Innovation, Education, and TechnologyInnovation, Education, and Technology
Innovation, Education, and Technology
Dave Shortreed
 

More Related Content

What's hot

WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
Otto Kekäläinen
 
Security 101
Security 101Security 101
Security 101
Red Gate Software
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
Dre Armeda
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101
Seravo
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
SiteGround.com
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff Hoffman
Jeff Hoffman
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011
Dre Armeda
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
Acodez IT Solutions
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP Profiling
Otto Kekäläinen
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
Brad Williams
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basics
amiable_indian
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
Brad Williams
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPress
Dre Armeda
 
Use Xdebug to profile PHP
Use Xdebug to profile PHPUse Xdebug to profile PHP
Use Xdebug to profile PHP
Seravo
 
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Bastian Grimm
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home Ownership
Denise (Dee) Teal
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
SiteGround.com
 
Don't Get Stung
Don't Get StungDon't Get Stung
Don't Get Stung
Barry Dorrans
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developers
Seravo
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
Brad Williams
 

What's hot (20)

WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
 
Security 101
Security 101Security 101
Security 101
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff Hoffman
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP Profiling
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Google Hacking Basics
Google Hacking BasicsGoogle Hacking Basics
Google Hacking Basics
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
 
Lockdown WordPress
Lockdown WordPressLockdown WordPress
Lockdown WordPress
 
Use Xdebug to profile PHP
Use Xdebug to profile PHPUse Xdebug to profile PHP
Use Xdebug to profile PHP
 
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home Ownership
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
Don't Get Stung
Don't Get StungDon't Get Stung
Don't Get Stung
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developers
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
 

Viewers also liked

PodCamp Ohio 2009
PodCamp Ohio 2009PodCamp Ohio 2009
PodCamp Ohio 2009
Brian Lockrey
 
Innovation, Education, and Technology
Innovation, Education, and TechnologyInnovation, Education, and Technology
Innovation, Education, and Technology
Dave Shortreed
 
Innovation In Education Using Social Media
Innovation In Education Using Social MediaInnovation In Education Using Social Media
Innovation In Education Using Social Media
Brian Lockrey
 
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
Mónica Edwards Schachter
 
Innovating in Education, Educating for Innovation
Innovating in Education, Educating for InnovationInnovating in Education, Educating for Innovation
Innovating in Education, Educating for Innovation
Antonio Dias de Figueiredo
 
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
Barry Feldman
 

Viewers also liked (6)

PodCamp Ohio 2009
PodCamp Ohio 2009PodCamp Ohio 2009
PodCamp Ohio 2009
 
Innovation, Education, and Technology
Innovation, Education, and TechnologyInnovation, Education, and Technology
Innovation, Education, and Technology
 
Innovation In Education Using Social Media
Innovation In Education Using Social MediaInnovation In Education Using Social Media
Innovation In Education Using Social Media
 
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
Quo Vadis EducACTION (about discourses and trends in social innovation, educ...
 
Innovating in Education, Educating for Innovation
Innovating in Education, Educating for InnovationInnovating in Education, Educating for Innovation
Innovating in Education, Educating for Innovation
 
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
 

Similar to Wordcampcolumbus 2009

Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRFBe Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Mark Stanton
 
Gmr Highload Presentation Revised
Gmr Highload Presentation RevisedGmr Highload Presentation Revised
Gmr Highload Presentation Revised
Ontico
 
Gmr Highload Presentation
Gmr Highload PresentationGmr Highload Presentation
Gmr Highload Presentation
Ontico
 
Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09
heikowebers
 
PHP & MVC
PHP & MVCPHP & MVC
PHP & MVC
Chris Weldon
 
Whats New In Silverlight 3
Whats New In Silverlight 3Whats New In Silverlight 3
Whats New In Silverlight 3
Bruce Johnson
 
Glasgow Reversing Club
Glasgow Reversing ClubGlasgow Reversing Club
Glasgow Reversing Club
epokh
 
Drupal
DrupalDrupal
Drupal
Isriya Paireepairit
 
Performance, Games, and Distributed Testing in JavaScript
Performance, Games, and Distributed Testing in JavaScriptPerformance, Games, and Distributed Testing in JavaScript
Performance, Games, and Distributed Testing in JavaScript
jeresig
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
hernanibf
 
How to set up a Wordpress Blog
How to set up a Wordpress BlogHow to set up a Wordpress Blog
How to set up a Wordpress Blog
kichu
 
Mojomojo Talk
Mojomojo TalkMojomojo Talk
Mojomojo Talk
Marcus Ramberg
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA Hum
Atlassian
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA Hum
Atlassian
 
SEASR Installation
SEASR InstallationSEASR Installation
SEASR Installation
Loretta Auvil
 
Turbogears Presentation
Turbogears PresentationTurbogears Presentation
Turbogears Presentation
didip
 
The Yahoo Open Stack
The Yahoo Open StackThe Yahoo Open Stack
The Yahoo Open Stack
Megan Eskey
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!
Jeff Jones
 
LSG Webinar - 13 Nov 08
LSG Webinar - 13 Nov 08LSG Webinar - 13 Nov 08
LSG Webinar - 13 Nov 08
Barry Sampson
 
Getting Started: The Installation
Getting Started: The InstallationGetting Started: The Installation
Getting Started: The Installation
Ibrahim Abdel Fattah Mohamed
 

Similar to Wordcampcolumbus 2009 (20)

Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRFBe Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
 
Gmr Highload Presentation Revised
Gmr Highload Presentation RevisedGmr Highload Presentation Revised
Gmr Highload Presentation Revised
 
Gmr Highload Presentation
Gmr Highload PresentationGmr Highload Presentation
Gmr Highload Presentation
 
Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09
 
PHP & MVC
PHP & MVCPHP & MVC
PHP & MVC
 
Whats New In Silverlight 3
Whats New In Silverlight 3Whats New In Silverlight 3
Whats New In Silverlight 3
 
Glasgow Reversing Club
Glasgow Reversing ClubGlasgow Reversing Club
Glasgow Reversing Club
 
Drupal
DrupalDrupal
Drupal
 
Performance, Games, and Distributed Testing in JavaScript
Performance, Games, and Distributed Testing in JavaScriptPerformance, Games, and Distributed Testing in JavaScript
Performance, Games, and Distributed Testing in JavaScript
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
 
How to set up a Wordpress Blog
How to set up a Wordpress BlogHow to set up a Wordpress Blog
How to set up a Wordpress Blog
 
Mojomojo Talk
Mojomojo TalkMojomojo Talk
Mojomojo Talk
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA Hum
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA Hum
 
SEASR Installation
SEASR InstallationSEASR Installation
SEASR Installation
 
Turbogears Presentation
Turbogears PresentationTurbogears Presentation
Turbogears Presentation
 
The Yahoo Open Stack
The Yahoo Open StackThe Yahoo Open Stack
The Yahoo Open Stack
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!
 
LSG Webinar - 13 Nov 08
LSG Webinar - 13 Nov 08LSG Webinar - 13 Nov 08
LSG Webinar - 13 Nov 08
 
Getting Started: The Installation
Getting Started: The InstallationGetting Started: The Installation
Getting Started: The Installation
 

Recently uploaded

Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
leebarnesutopia
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsGetting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
ScyllaDB
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
Tobias Schneck
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 

Recently uploaded (20)

Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsGetting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 

Wordcampcolumbus 2009

  • 1. Internet Security for Bloggers and Podcasters Brian Lockrey http://AssistCoach.com
  • 3. Blog Security: WordPress WordPress Security: Google 11,800,000 Very Popular Platform Prime Target for Hackers SEO: Search Engine Optimization Traffic Redirection Links to Pharmacy / Adult sites Graphics Replacement Ad / Affiliate Redirection Many others…
  • 4. Blog Security: WordPress You are on their hit list! Game… Like you play Guitar Hero… Always run the latest versions Backdoor entry points Passwords for users are downloaded Open Source Software Backups are essential Frequent updates are essential Many others…
  • 5. Blog Security: WordPress Monitor log files Block probers if you can Delete meta tag that displays WP version “Powered by WordPress” Private site or hosted? WordPress.com What is your Time worth? What is your Blog worth?
  • 6. Blog Security: WordPress Turn off Open Registration WP 2.5+ has better password encryption Use a Strong admin password! Limit Search on your server Protect Directories from public browsing Drop the version string in Meta Tags
  • 7. Blog Security: WordPress Limitwp-admin access by IP address Protect using .htaccess Protect your MySQL database Use SSH/Shell access, not FTP Use SFTP uploads if you can Use VPN if you can Never use Telnet!
  • 8. Hosting Platform? Use Linux / Apache if you can Do NOT use Microsoft Windows Automattic PollDaddy migration PollDaddy .NET / SQL to PHP/MySQL Automattic has 1,200 servers in use Per Matt’s Blog - Stable and Scalable
  • 9. WordPress: Internals PHP MySQL Known Database Schema Known Class and Function Names Known File Names Known Folder Names
  • 10. WordPress: Internals PHP – Must be kept updated MySQL – Must be kept updated OpenSource Software more secure Security Through Transparency Millions of people looking at it Often fixed quickly
  • 11. WordPress: Look For? The Obvious PlugIns that you did not install header.php changes Search Engine redirection (hard to detect) Spammers may hide text View HTML Source Code Google records your “bad” content
  • 12. WordPress: Look For More? New Directories Your RSS feeds Search Engines Google = link:twittgroups.com Digg, StumbleUpon Many others…
  • 13. If You Get Hacked? Justa matter of time Change ALL passwords Backup databases Update software quickly Shut down site. Maybe… Email to security@wordpress.com
  • 14. WordPress: Plugins / Widgets Only use what you can trust Watch for suspicious activity WP Security Scan File Permissions Database Security XSS vulnerabilities Many others…
  • 15. Comment Boxes / Widgets Comment Spam Login Required reCHAPTCHA codes Google Friend Connect OpenID Twitter OAuth Many others…
  • 16. Advertising On Your Blog Google AdWords / AdSense Others ??? Affiliate Programs Be Careful… WordPress Plugins $5000 per Week? Slim Chance Should you $$$ to Advertise?
  • 17. Podcasts Reliable Hosting Service Your XML feeds Search Engines Password Protect the Content Folders Will keep out the Google Spiders
  • 18. Best Practices Software Up To Date! Backup Databases Directory Protection Codes File Protection Codes Remove Install Files Remove Version # Layered Software Do NOT use Microsoft Windows!
  • 19. Summary Overwhelmed? StartSimple Best Practices Stay Updated Follow the Experts Network with others Collaborate with others