SlideShare a Scribd company logo

WP security-wordcamp2016-vitalykarasik

Download as PPTX, PDF
V
Vitaly Karasik

Wordpress Security lecture for the WordCamp 2016 Israel Resources: WordPress Codex – http://codex.wordpress.org/Hardening_WordPress WordFence Blog – http://wordfence.com/blog Sucuri Blog – https://blog.sucuri.net/category/wordpress-security/ WPScan – http://wpscan.org/ LMD Scanner – https://www.rfxn.com/projects/linux-malware-detect/ Security Plugins – http://researchasahobby.com/?p=1915 Hack Target – https://hackertarget.com/wordpress-security-scan

Internet
1 of 16
Intro to WordPress Security Security for smart people or Vitaly Karasik DevOps Consultant www.vitalykarasik.com WordCamp 2016 27.03.2016 12135
Hacks Cost You More Than Money • SEO rating • Blacklisting • Reputation - “It can take years to build, and minutes to lose.” • Customer’s data leak
Attack Types Exploit Vulnerabilities Brute Force DoS
How to prevent – Concepts • Security is a process, not a task • Limiting Access • Containment • Preparation and Knowledge • Trusted Sources
How to prevent – Methods • Updates, Updates, Updates • WordPress Plugins – only trusted, delete unused • Credentials – usernames, passwords, dual-factor • Limiting Access to WP Admin • Server Hardening • Database User Privileges • FileSystem permissions
Tools and Services • WP Plugins – WordFence, Sucuri • DoS Protection, WAF – CloudFlare, Incapsula • Security Scanners – LMD Scanner, WPScan • WP Managed Hosting – WPEngine
WordFence Firewall and Brute Force Protection
WordFence Real-time Monitoring
WordFence Reports
Backups and Deployment • Offsite Backup – UpdraftPlus • Revision Control – Github, Bitbucket • Automatic Deployment – Beanstalk
Monitoring – be the first to know! • Server Monitoring – Anturis, CloudWatch • Website Monitoring – Anturis, Pingdom • Logs Monitoring – Logz.io, Loggly
Monitoring – Anturis Screenshot
Resources • WordPress Codex – http://codex.wordpress.org/Hardening_WordPress • WordFence Blog – http://wordfence.com/blog • Sucuri Blog – https://blog.sucuri.net/category/wordpress-security/ • WPScan – http://wpscan.org/ • LMD Scanner – https://www.rfxn.com/projects/linux-malware-detect/ • Security Plugins – http://researchasahobby.com/?p=1915 • Hack Target – https://hackertarget.com/wordpress-security-scan
Thanks for listening! Any Questions? Vitaly Karasik DevOps Consultant www.vitalykarasik.com WordCamp 2016 Scan this code to view presentation and links:

Recommended

O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
NCCOMMS
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
CloudIDSummit
 
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa ToromanO365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
NCCOMMS
 
CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
CloudIDSummit
 
O365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
O365Con19 - O365 Identity Management and The Golden Config - Chris GoosenO365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
O365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
NCCOMMS
 
The Power of Social Login
The Power of Social LoginThe Power of Social Login
The Power of Social Login
Michele Leroux Bustamante
 
Azure signalr service
Azure signalr serviceAzure signalr service
Azure signalr service
Udaiappa Ramachandran
 
Secure Web Services
Secure Web ServicesSecure Web Services
Secure Web ServicesRob Daigneau
 

Recommended

O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
NCCOMMS
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
CloudIDSummit
 
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa ToromanO365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
NCCOMMS
 
CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
CloudIDSummit
 
O365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
O365Con19 - O365 Identity Management and The Golden Config - Chris GoosenO365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
O365Con19 - O365 Identity Management and The Golden Config - Chris Goosen
NCCOMMS
 
The Power of Social Login
The Power of Social LoginThe Power of Social Login
The Power of Social Login
Michele Leroux Bustamante
 
Azure signalr service
Azure signalr serviceAzure signalr service
Azure signalr service
Udaiappa Ramachandran
 
Secure Web Services
Secure Web ServicesSecure Web Services
Secure Web ServicesRob Daigneau
 
AJAX Security - LAC2016
AJAX Security - LAC2016AJAX Security - LAC2016
AJAX Security - LAC2016
Julia Logan a.k.a. IrishWonder
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
NCCOMMS
 
WEB_Seminar_by_Prashant_Walke
WEB_Seminar_by_Prashant_WalkeWEB_Seminar_by_Prashant_Walke
WEB_Seminar_by_Prashant_WalkePrashant Walke
 
WordPress and the Enterprise
WordPress and the EnterpriseWordPress and the Enterprise
WordPress and the Enterprise
Prasad Ajinkya
 
Sydney 2015 Azure bootcamp PaaS presentation
Sydney 2015 Azure bootcamp PaaS presentationSydney 2015 Azure bootcamp PaaS presentation
Sydney 2015 Azure bootcamp PaaS presentation
Aaron Saikovski
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
NCCOMMS
 
Deep thoughts from the real world of azure
Deep thoughts from the real world of azureDeep thoughts from the real world of azure
Deep thoughts from the real world of azure
Michele Leroux Bustamante
 
CICS Content Delivery Server v3
CICS Content Delivery Server v3CICS Content Delivery Server v3
CICS Content Delivery Server v3
Matter of Fact Software
 
Ajax Security Dangers
Ajax Security DangersAjax Security Dangers
Ajax Security Dangersdrkimsky
 
WordPress hosting & Management: An overview
WordPress hosting & Management: An overviewWordPress hosting & Management: An overview
WordPress hosting & Management: An overview
dominicj
 
Locking down word press
Locking down word pressLocking down word press
Locking down word press
Zachary Russell
 
Cics content delivery server v3
Cics content delivery server v3Cics content delivery server v3
Cics content delivery server v3
Matter of Fact Software
 
WebMatrix
WebMatrixWebMatrix
WebMatrix
Kris van der Mast
 
Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
AJAX: How to Divert Threats
AJAX: How to Divert ThreatsAJAX: How to Divert Threats
AJAX: How to Divert Threats
Cenzic
 
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionQualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionRisk Analysis Consultants, s.r.o.
 
Give Your SharePoint Site a Physical
Give Your SharePoint Site a PhysicalGive Your SharePoint Site a Physical
Give Your SharePoint Site a Physical
Ascendum Solutions
 
Dzhengis 93098 ajax - security
Dzhengis 93098 ajax - securityDzhengis 93098 ajax - security
Dzhengis 93098 ajax - security
dzhengo44
 
O365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi RoineO365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi Roine
NCCOMMS
 
Ako na vlastne WP temy
Ako na vlastne WP temyAko na vlastne WP temy
Ako na vlastne WP temy
Juraj Kiss
 
25 Ed Tech Leaders to Follow
25 Ed Tech Leaders to Follow25 Ed Tech Leaders to Follow
25 Ed Tech Leaders to Follow
Lisa Thumann
 
A better you
A better youA better you
A better you
Bev Hepting
 

More Related Content

What's hot

AJAX Security - LAC2016
AJAX Security - LAC2016AJAX Security - LAC2016
AJAX Security - LAC2016
Julia Logan a.k.a. IrishWonder
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
NCCOMMS
 
WEB_Seminar_by_Prashant_Walke
WEB_Seminar_by_Prashant_WalkeWEB_Seminar_by_Prashant_Walke
WEB_Seminar_by_Prashant_WalkePrashant Walke
 
WordPress and the Enterprise
WordPress and the EnterpriseWordPress and the Enterprise
WordPress and the Enterprise
Prasad Ajinkya
 
Sydney 2015 Azure bootcamp PaaS presentation
Sydney 2015 Azure bootcamp PaaS presentationSydney 2015 Azure bootcamp PaaS presentation
Sydney 2015 Azure bootcamp PaaS presentation
Aaron Saikovski
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
NCCOMMS
 
Deep thoughts from the real world of azure
Deep thoughts from the real world of azureDeep thoughts from the real world of azure
Deep thoughts from the real world of azure
Michele Leroux Bustamante
 
CICS Content Delivery Server v3
CICS Content Delivery Server v3CICS Content Delivery Server v3
CICS Content Delivery Server v3
Matter of Fact Software
 
Ajax Security Dangers
Ajax Security DangersAjax Security Dangers
Ajax Security Dangersdrkimsky
 
WordPress hosting & Management: An overview
WordPress hosting & Management: An overviewWordPress hosting & Management: An overview
WordPress hosting & Management: An overview
dominicj
 
Locking down word press
Locking down word pressLocking down word press
Locking down word press
Zachary Russell
 
Cics content delivery server v3
Cics content delivery server v3Cics content delivery server v3
Cics content delivery server v3
Matter of Fact Software
 
WebMatrix
WebMatrixWebMatrix
WebMatrix
Kris van der Mast
 
Web application security
Web application securityWeb application security
Web application securityAkash Mahajan
 
AJAX: How to Divert Threats
AJAX: How to Divert ThreatsAJAX: How to Divert Threats
AJAX: How to Divert Threats
Cenzic
 
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionQualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionRisk Analysis Consultants, s.r.o.
 
Give Your SharePoint Site a Physical
Give Your SharePoint Site a PhysicalGive Your SharePoint Site a Physical
Give Your SharePoint Site a Physical
Ascendum Solutions
 
Dzhengis 93098 ajax - security
Dzhengis 93098 ajax - securityDzhengis 93098 ajax - security
Dzhengis 93098 ajax - security
dzhengo44
 
O365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi RoineO365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi Roine
NCCOMMS
 

What's hot (19)

AJAX Security - LAC2016
AJAX Security - LAC2016AJAX Security - LAC2016
AJAX Security - LAC2016
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
 
WEB_Seminar_by_Prashant_Walke
WEB_Seminar_by_Prashant_WalkeWEB_Seminar_by_Prashant_Walke
WEB_Seminar_by_Prashant_Walke
 
WordPress and the Enterprise
WordPress and the EnterpriseWordPress and the Enterprise
WordPress and the Enterprise
 
Sydney 2015 Azure bootcamp PaaS presentation
Sydney 2015 Azure bootcamp PaaS presentationSydney 2015 Azure bootcamp PaaS presentation
Sydney 2015 Azure bootcamp PaaS presentation
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
 
Deep thoughts from the real world of azure
Deep thoughts from the real world of azureDeep thoughts from the real world of azure
Deep thoughts from the real world of azure
 
CICS Content Delivery Server v3
CICS Content Delivery Server v3CICS Content Delivery Server v3
CICS Content Delivery Server v3
 
Ajax Security Dangers
Ajax Security DangersAjax Security Dangers
Ajax Security Dangers
 
WordPress hosting & Management: An overview
WordPress hosting & Management: An overviewWordPress hosting & Management: An overview
WordPress hosting & Management: An overview
 
Locking down word press
Locking down word pressLocking down word press
Locking down word press
 
Cics content delivery server v3
Cics content delivery server v3Cics content delivery server v3
Cics content delivery server v3
 
WebMatrix
WebMatrixWebMatrix
WebMatrix
 
Web application security
Web application securityWeb application security
Web application security
 
AJAX: How to Divert Threats
AJAX: How to Divert ThreatsAJAX: How to Divert Threats
AJAX: How to Divert Threats
 
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionQualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
 
Give Your SharePoint Site a Physical
Give Your SharePoint Site a PhysicalGive Your SharePoint Site a Physical
Give Your SharePoint Site a Physical
 
Dzhengis 93098 ajax - security
Dzhengis 93098 ajax - securityDzhengis 93098 ajax - security
Dzhengis 93098 ajax - security
 
O365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi RoineO365Con19 - Azure Blackbelt - Jussi Roine
O365Con19 - Azure Blackbelt - Jussi Roine
 

Viewers also liked

Ako na vlastne WP temy
Ako na vlastne WP temyAko na vlastne WP temy
Ako na vlastne WP temy
Juraj Kiss
 
25 Ed Tech Leaders to Follow
25 Ed Tech Leaders to Follow25 Ed Tech Leaders to Follow
25 Ed Tech Leaders to Follow
Lisa Thumann
 
A better you
A better youA better you
A better you
Bev Hepting
 
Advanced media in 2012
Advanced media in 2012Advanced media in 2012
Advanced media in 2012AMTDubai
 
Cloughjordan
CloughjordanCloughjordan
Cloughjordan
henpartysireland
 
NJEA Lisa Thumann's Keynote July 7, 2009
NJEA Lisa Thumann's Keynote July 7, 2009NJEA Lisa Thumann's Keynote July 7, 2009
NJEA Lisa Thumann's Keynote July 7, 2009
Lisa Thumann
 
Legislación Turística
Legislación Turística Legislación Turística
Legislación Turística
Alejandro Guillen
 
Campaña publicitaria
Campaña publicitariaCampaña publicitaria
Campaña publicitaria
Gabriela Martinez
 
Western sscoop.ppt
Western sscoop.pptWestern sscoop.ppt
Western sscoop.pptWesterncoop
 
Sait
SaitSait
Sait
Alejandro Guillen
 
La escasez
La escasezLa escasez
La escasezmtf63
 
The most complete protfolio of RF beacon intellectual property
The most complete protfolio of RF beacon intellectual propertyThe most complete protfolio of RF beacon intellectual property
The most complete protfolio of RF beacon intellectual property
Ehud Mendelson
 
10 Skills our Students Should Graduate With
10 Skills our Students Should Graduate With10 Skills our Students Should Graduate With
10 Skills our Students Should Graduate With
Lisa Thumann
 
Análise global do turismo pg inp
Análise global do turismo pg inpAnálise global do turismo pg inp
Análise global do turismo pg inp
th2
 
WordCamp Cantabria 2015 : Como hacer un Smart Theme
WordCamp Cantabria 2015 : Como hacer un Smart ThemeWordCamp Cantabria 2015 : Como hacer un Smart Theme
WordCamp Cantabria 2015 : Como hacer un Smart Theme
Pancho Pérez Salazar
 
Twitter PowerPoint (1)
Twitter PowerPoint (1)Twitter PowerPoint (1)
Twitter PowerPoint (1)Devyn Nance
 
Using the Power of Twitter: Building Online Learning
Using the Power of Twitter: Building Online LearningUsing the Power of Twitter: Building Online Learning
Using the Power of Twitter: Building Online LearningLisa Thumann
 
Be More Connected: Social Media Marketing Strategies for Non-Profits
Be More Connected: Social Media Marketing Strategies for Non-ProfitsBe More Connected: Social Media Marketing Strategies for Non-Profits
Be More Connected: Social Media Marketing Strategies for Non-Profits
Julia Gorzka Freeman
 
Jak na SEO ve WordPressu (Pavel Ungr)
Jak na SEO ve WordPressu (Pavel Ungr)Jak na SEO ve WordPressu (Pavel Ungr)
Jak na SEO ve WordPressu (Pavel Ungr)wcsk
 
WordPress, WordPress Multisite y WordPress Multinetwork
WordPress, WordPress Multisite y WordPress MultinetworkWordPress, WordPress Multisite y WordPress Multinetwork
WordPress, WordPress Multisite y WordPress Multinetwork
José Conti Calveras
 

Viewers also liked (20)

Ako na vlastne WP temy
Ako na vlastne WP temyAko na vlastne WP temy
Ako na vlastne WP temy
 
25 Ed Tech Leaders to Follow
25 Ed Tech Leaders to Follow25 Ed Tech Leaders to Follow
25 Ed Tech Leaders to Follow
 
A better you
A better youA better you
A better you
 
Advanced media in 2012
Advanced media in 2012Advanced media in 2012
Advanced media in 2012
 
Cloughjordan
CloughjordanCloughjordan
Cloughjordan
 
NJEA Lisa Thumann's Keynote July 7, 2009
NJEA Lisa Thumann's Keynote July 7, 2009NJEA Lisa Thumann's Keynote July 7, 2009
NJEA Lisa Thumann's Keynote July 7, 2009
 
Legislación Turística
Legislación Turística Legislación Turística
Legislación Turística
 
Campaña publicitaria
Campaña publicitariaCampaña publicitaria
Campaña publicitaria
 
Western sscoop.ppt
Western sscoop.pptWestern sscoop.ppt
Western sscoop.ppt
 
Sait
SaitSait
Sait
 
La escasez
La escasezLa escasez
La escasez
 
The most complete protfolio of RF beacon intellectual property
The most complete protfolio of RF beacon intellectual propertyThe most complete protfolio of RF beacon intellectual property
The most complete protfolio of RF beacon intellectual property
 
10 Skills our Students Should Graduate With
10 Skills our Students Should Graduate With10 Skills our Students Should Graduate With
10 Skills our Students Should Graduate With
 
Análise global do turismo pg inp
Análise global do turismo pg inpAnálise global do turismo pg inp
Análise global do turismo pg inp
 
WordCamp Cantabria 2015 : Como hacer un Smart Theme
WordCamp Cantabria 2015 : Como hacer un Smart ThemeWordCamp Cantabria 2015 : Como hacer un Smart Theme
WordCamp Cantabria 2015 : Como hacer un Smart Theme
 
Twitter PowerPoint (1)
Twitter PowerPoint (1)Twitter PowerPoint (1)
Twitter PowerPoint (1)
 
Using the Power of Twitter: Building Online Learning
Using the Power of Twitter: Building Online LearningUsing the Power of Twitter: Building Online Learning
Using the Power of Twitter: Building Online Learning
 
Be More Connected: Social Media Marketing Strategies for Non-Profits
Be More Connected: Social Media Marketing Strategies for Non-ProfitsBe More Connected: Social Media Marketing Strategies for Non-Profits
Be More Connected: Social Media Marketing Strategies for Non-Profits
 
Jak na SEO ve WordPressu (Pavel Ungr)
Jak na SEO ve WordPressu (Pavel Ungr)Jak na SEO ve WordPressu (Pavel Ungr)
Jak na SEO ve WordPressu (Pavel Ungr)
 
WordPress, WordPress Multisite y WordPress Multinetwork
WordPress, WordPress Multisite y WordPress MultinetworkWordPress, WordPress Multisite y WordPress Multinetwork
WordPress, WordPress Multisite y WordPress Multinetwork
 

Similar to WP security-wordcamp2016-vitalykarasik

Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking Drupal
Greg Foss
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
Thuan Ng
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be Prepared
Alan Eardley
 
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
K data
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
CloudHesive
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
CloudHesive
 
Filemaker security-protect-your-data
Filemaker security-protect-your-dataFilemaker security-protect-your-data
Filemaker security-protect-your-data
DB Services
 
MySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 Security
Mark Swarbrick
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
Brian Layman
 
Secure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessSecure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your Business
Stacy Clements
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
Alert Logic
 
Mr. desmond cloud security_format
Mr. desmond cloud security_formatMr. desmond cloud security_format
Mr. desmond cloud security_formatMULTIMATICS_ID
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security
Amazon Web Services
 
A Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterA Study in Borderless Over Perimeter
A Study in Borderless Over Perimeter
ForgeRock
 
Professional WordPress Security: Beyond Security Plugins
Professional WordPress Security: Beyond Security PluginsProfessional WordPress Security: Beyond Security Plugins
Professional WordPress Security: Beyond Security Plugins
Chris Burgess
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
MariaDB plc
 
Foundations of cloud security monitoring
Foundations of cloud security monitoringFoundations of cloud security monitoring
Foundations of cloud security monitoring
Moshe Ferber
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
Microsoft TechNet - Belgium and Luxembourg
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
Kelly Grizzle
 

Similar to WP security-wordcamp2016-vitalykarasik (20)

Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking Drupal
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
 
Cloud First: Be Prepared
Cloud First: Be PreparedCloud First: Be Prepared
Cloud First: Be Prepared
 
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
[2016 데이터 그랜드 컨퍼런스] 5 1(보안,품질). 웨어밸리 data security challenges and its solutio...
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
Azure Iaas preso slides
Azure Iaas preso slidesAzure Iaas preso slides
Azure Iaas preso slides
 
Filemaker security-protect-your-data
Filemaker security-protect-your-dataFilemaker security-protect-your-data
Filemaker security-protect-your-data
 
MySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 SecurityMySQL Tech Tour 2015 - 5.7 Security
MySQL Tech Tour 2015 - 5.7 Security
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
 
Secure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your BusinessSecure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your Business
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
 
Mr. desmond cloud security_format
Mr. desmond cloud security_formatMr. desmond cloud security_format
Mr. desmond cloud security_format
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security
 
A Study in Borderless Over Perimeter
A Study in Borderless Over PerimeterA Study in Borderless Over Perimeter
A Study in Borderless Over Perimeter
 
Professional WordPress Security: Beyond Security Plugins
Professional WordPress Security: Beyond Security PluginsProfessional WordPress Security: Beyond Security Plugins
Professional WordPress Security: Beyond Security Plugins
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
 
Foundations of cloud security monitoring
Foundations of cloud security monitoringFoundations of cloud security monitoring
Foundations of cloud security monitoring
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
 

Recently uploaded

一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
cuobya
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
SEO Article Boost
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 

Recently uploaded (20)

一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 

WP security-wordcamp2016-vitalykarasik

  • 1. Intro to WordPress Security Security for smart people or Vitaly Karasik DevOps Consultant www.vitalykarasik.com WordCamp 2016 27.03.2016 12135
  • 2.
  • 3. Hacks Cost You More Than Money • SEO rating • Blacklisting • Reputation - “It can take years to build, and minutes to lose.” • Customer’s data leak
  • 5.
  • 6. How to prevent – Concepts • Security is a process, not a task • Limiting Access • Containment • Preparation and Knowledge • Trusted Sources
  • 7. How to prevent – Methods • Updates, Updates, Updates • WordPress Plugins – only trusted, delete unused • Credentials – usernames, passwords, dual-factor • Limiting Access to WP Admin • Server Hardening • Database User Privileges • FileSystem permissions
  • 8. Tools and Services • WP Plugins – WordFence, Sucuri • DoS Protection, WAF – CloudFlare, Incapsula • Security Scanners – LMD Scanner, WPScan • WP Managed Hosting – WPEngine
  • 9. WordFence Firewall and Brute Force Protection
  • 12. Backups and Deployment • Offsite Backup – UpdraftPlus • Revision Control – Github, Bitbucket • Automatic Deployment – Beanstalk
  • 13. Monitoring – be the first to know! • Server Monitoring – Anturis, CloudWatch • Website Monitoring – Anturis, Pingdom • Logs Monitoring – Logz.io, Loggly
  • 15. Resources • WordPress Codex – http://codex.wordpress.org/Hardening_WordPress • WordFence Blog – http://wordfence.com/blog • Sucuri Blog – https://blog.sucuri.net/category/wordpress-security/ • WPScan – http://wpscan.org/ • LMD Scanner – https://www.rfxn.com/projects/linux-malware-detect/ • Security Plugins – http://researchasahobby.com/?p=1915 • Hack Target – https://hackertarget.com/wordpress-security-scan
  • 16. Thanks for listening! Any Questions? Vitaly Karasik DevOps Consultant www.vitalykarasik.com WordCamp 2016 Scan this code to view presentation and links: