Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Personal and Website Security Mindset

Mindfulness – “The quality or state of being conscious or aware of something.” Security can seem intimidating and complex for many, but we shouldn’t (can’t) let that stop us from doing everything we can to secure our WordPress sites and ourselves. After all, our websites are often part of our livelihood. In this session Adam addresses the “big picture” of personal and website security and breaks down the fundamental tasks needed for a strong security plan online. He provides an actionable checklist on what audience members can implement immediately to better secure themselves online in addition to their WordPress websites. After attending this session, audience members will have a better understanding of personal security online and how it affects website security as a whole, as well as steps they can take to mitigate risk in the future.

  • Login to see the comments

  • Be the first to like this

The Personal and Website Security Mindset

  1. 1. @ S I T E L O C K Personal and Website Security Mindset Setting Standards for Your We bsite s and Yours e lf W C A B Q 2 0 1 8 @ w p m o d d e r
  2. 2. Mindfulness “The quality or state of being conscious or aware of something.”
  3. 3. WCEU – Vienna, Austria 2016
  4. 4. Did You Know? $16 billion was stolen from 15.4 million U.S. consumers in 2016
  5. 5. Did You Also Know? • There are 3.26 billion internet users as of December 2015; that’s over 40% of the world population. • Only 44% of web traffic is from humans; 56% of web traffic is from bots, impersonators, hacking tools, scrapers and spammers.
  6. 6. What We’ll Cover Today Personal Offline Security 1 Why and How Websites Get Hacked 2 What We All Should Be Doing 3 Going Above and Beyond 4 After the Hack 5
  7. 7. Adam W. Warner • O p e n S o u r c e C o m m u n i t y M a n a g e r • C o - F o u n d e r a t F o o P l u g i n s • D i s c o v e r e d Wo r d P r e s s i n 2 0 0 5 • Wo r d P r e s s C o m m u n i t y A d d i c t • F a n o f F r a c t a l s • L o v e r o f M e a t b a l l s • P r o u d D a d !
  8. 8. Offline Security
  9. 9. Lock It Up
  10. 10. Limit What You Carry
  11. 11. Ask Before Sharing
  12. 12. Shred All The Things!
  13. 13. Prescription Labels
  14. 14. Opt Out of Offers 1-888-567-8688 optoutprescreen.com
  15. 15. Let’s Get Digital
  16. 16. Hacking Techniques • Vulnerability scanning • Server disruption • Monetary loss • Information leaks • Vandalism (defacement)
  17. 17. Why Websites Get Hacked • Drive-by-downloads • Redirections • System resources • Because they don’t like you
  18. 18. Why MY Site!?
  19. 19. Opportunity • It’s not you, it’s them • Because it’s possible • Because we give them an opening
  20. 20. Automation • Most hacking attempts are automated
  21. 21. Pathways to a Successful Hack • 41% get hacked through vulnerabilities in their hosting platform • 29% by means of an insecure theme • 22% via a vulnerable plugin • 8% because of weak passwords
  22. 22. Two Categories of Security
  23. 23. Access Controls
  24. 24. Software Vulnerabilities • Anywhere there is a system, there’s a potential software vulnerability waiting to be exploited
  25. 25. Software Vulnerabilities
  26. 26. What Do Hacks Look Like?
  27. 27. Where Do You Start? • With yourself of course
  28. 28. Simple Steps for Everyone
  29. 29. Strong Passwords: Everywhere
  30. 30. Reusing Passwords
  31. 31. Even More About Passwords
  32. 32. Password Managers • L a s t P a s s • D a s h l a n e • R o b o f o r m • Tr u e K e y
  33. 33. Your Computer
  34. 34. Public Networks Use a VPN. Please!
  35. 35. Don’t Change Core
  36. 36. Backup. Backup. Backup.
  37. 37. Update. Update. Update.
  38. 38. Remove Inactive Software
  39. 39. Install Software Only from Official Sources
  40. 40. Choose a Secure Host https://wordpress.org/hosting/
  41. 41. SSL
  42. 42. Latest Version of PHP
  43. 43. Security Plugins and Services
  44. 44. Kick It Up a Notch
  45. 45. Limit Login Attempts • Limit Login Attempts • Login Lockdown
  46. 46. Captcha and ReCaptcha
  47. 47. 2FA (Two-Factor Authentication)
  48. 48. Disable File Editing
  49. 49. Disable XML-RPC?
  50. 50. Disable REST API
  51. 51. Learn More https://codex.wordpress.org/Hardening_WordPress
  52. 52. Install a Firewall
  53. 53. (CDN) Content Delivery Network
  54. 54. How to Detect a Hacked Site • Visit your site often • Search for your site • Unexplained spikes in traffic • Investigate customer/visitor reports • continued…
  55. 55. Detect a Hacked Site (con’t…) • Google Search Console (email alerts) • Remote scanner • Malware scanner • Source code scanner • Service that detects site changes
  56. 56. What To Do If You’re Hacked
  57. 57. Clean It Yourself
  58. 58. Use a Service • Security is their core business • Cleans files, databases, backdoors, etc. • Remove malware warnings • Remove from blacklists • Helps services learn for the benefit of all
  59. 59. What To Do After Cleanup • Change ALL passwords • Read this again: h t t p s : / / c o d e x . wo r d p r e s s . o r g / H a r d e n i n g _ W o r d P r e s s
  60. 60. Now What?
  61. 61. Thank You – Questions? • Follow at: • @WPDistrict • @wpmodder • My Blog Posts: • http://wpdistrict.sitelock.com • http://succeedwithwp.com • https://fooplugins.com

×