You installed a security plugin, and you don’t get much traffic anyway since your business is small…so you don’t need to worry about getting hacked, right? Think again! Security incidents are on the rise, and small businesses are easy targets. You may not have a lot of money to invest, but you can learn a framework to help you get a better grasp on security for your website and your business.
16. Application
• WordPress core
• Themes/plugins
• cPanel
Network
• Server
• Computer/mobile device
• Router
• “Tubes”
Human
• Site administrators
• Contributors/users
ATTACK
SURFACE
17.
18.
19. NIST Cybersecurity Framework
• Collaborative effort
• Built using “best
practice” guidelines for
organizations to better
manage and reduce
cybersecurity risk
• Designed to be flexible
32. PROTECT Access Control
Information Protection Procedures
Protective Technology
Protect
• Plugin is protective technology – if configured
• Logs / removable media / no “kitchen sink” servers
41. Takeaways
Security is managing risk
Protect your entire “attack surface”
Cybersecurity Framework
3 fundamentals to do now
S-U-B set – Secure Access, Update, Backup (and test)
42. Secure Your WordPress Site –
AND Your Business
Stacy M. Clements
WordCamp Minneapolis 2019
https://www.linkedin.com/in/stacyclements
@StacyClements