wordpress security
play

WordPress Security Dont Be a Mark (with apologies to anyone named - PowerPoint PPT Presentation

Feb 16, 2023 •192 likes •376 views

WordPress Security Dont Be a Mark (with apologies to anyone named Mark) Will Chatham @willc www.willchatham.com Asheville Area WordPress Group, August 17, 2016 Overview Security Threats: Why & Who How WordPress Gets Hacked

  1. WordPress Security Don’t Be a Mark (with apologies to anyone named Mark) Will Chatham @willc www.willchatham.com Asheville Area WordPress Group, August 17, 2016

  2. Overview ● Security Threats: Why & Who ● How WordPress Gets Hacked ● Don’t Be a Mark (Target) ● Disaster Recovery: Get Well Soon! ● Q&A Discussion (but feel free to ask at any time!)

  3. Will Chatham BA, Certified Ethical Hacker, Certified Penetration Tester, Security+, A+ ● Asheville Resident since 1992, graduate WWC ‘96 ● Longtime WordPress user, developer, fan ● Lover of secrets ○ Magician -> Locksmith -> Web Dev -> SEO -> Ethical Hacker ● Currently Cyber Security Analyst at the National Centers for Environmental Information (NOAA) in Asheville

  4. What? You are up against: Spam injection/Black Hat SEO Resource theft - spammers Botnets Data Theft / Deletion Ransomware Drive By Downloads The easiest way to defeat security is to go around it. Defacement/Bragging Rights

  5. WordPress Security Threats: Who Are They? It is usually automated scripts run by: ● Script Kiddies (aka Skiddies) ● Blackhat SEOs ● Malware/Adware It is rarely: ● Guys in hoodies in dark rooms ● Competitors ● Spies ● Governments

  6. Hacking WordPress: Common Attacks Finding Vulnerabilities to: ● Gain Access ● Escalate Privileges ● Upload Files ● Malicious Code Injection

  7. Don’t Be a Target Security is not about eliminating threats, it is about reducing them.

  8. Basic WordPress Security If you walk away tonight and do nothing else, at least do this: ● Update everything weekly or more (WordPress, plugins, themes) ● Unique, strong password ● Unique, uncommon usernames

  9. Plugins: The Biggest Threat Plugins are why most WordPress hacks occur. Some best practices: ● Only use well-known, active, updated plugins, preferably from the WP Plugin Directory ● Do not use abandoned plugins ● Do your research ● Keep them up to date! This plugin keeps your plugins updated automatically, and it’s free: Update Control Or you can do it on your own in wp-config.php

  10. More Stuff to Update Update WordPress Core ● WordPress itself has an excellent track record in security ● Quick to patch, auto-updates enabled by default now (is yours?) Update your Themes ● Theme frameworks bring risk ● Included functionality in themes (sliders, forms, etc)

  11. Your Web Host Matters Shared Hosting: You are the company you keep Virtual Private Server (VPS): Taller fences Dedicated Hosting: Have an IT staff? Managed WordPress Hosting: Best option for many businesses With web hosting, you really do get what you pay for!

  12. Using Defense-In-Depth (sort-of) The “admin” username Disable file editing Password security Limit login attempts Add Two-Factor Authentication Be selective with XML-RPC Employ Least Privileged principles (Free) plugins & themes Hide the admin area SSL Use WordPress security keys for authentication Update, update, update

  13. WordPress Security Plugins Two of the better freemium WP plugins: iThemes Security (formerly Better WP Security) WordFence Quick demo?

  14. SSL Encrypts your website’s traffic ● Gain visitor trust, especially for ecommerce sites ● Protect your login, cookies, sessions ● Preferential treatment from Google It is now free, so there is no reason not to get a SSL certificate for your website https://letsencrypt.org/

  15. Disaster Recovery Backups make recovery a breeze BackupBuddy ($6.66/mo) Ask your web host If they provide backups! Updraft (Free) VaultPress ($5/mo) Remote Backup Storage: Amazon S3, Google Drive, DropBox, etc etc etc

  16. Getting Help The WordPress Codex Guide - help for when you have been hacked Repair Services: Sucuri Ask your web host If they restore backups! WordFence

  17. References and More Info https://yoast.com/wordpress-security/ https://wordpress.org/plugins/google-authenticator/ https://blog.sucuri.net/2015/02/why-websites-get-hacked.html https://www.wordfence.com/blog/2016/03/attackers-gain-access-wordpress-sites/ https://codex.wordpress.org/Configuring_Automatic_Background_Updates https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project http://www.wpbeginner.com/beginners-guide/what-why-and-hows-of-wordpress-security-keys/

  18. Contact Me Will Chatham will@willchatham.com @willc These slides will be available at: www.willchatham.com ciao!

Recommend

Wordpress Security GIMPA, November 2018 By: @niiankrah What is Wordpress? WordPress is a

Wordpress Security GIMPA, November 2018 By: @niiankrah What is Wordpress? WordPress is a

Wordpress Security GIMPA, November 2018 By: @niiankrah What is Wordpress? WordPress is a free and open-source content management system based on PHP and MySQL. It uses a plugin architecture and a template system. It is most

367 views • 17 slides
Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot

Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot

Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot gray inc. @dotgray Sunday, March 15, 15 Resources Codex.WordPress.org / Hardening_WordPress Blog.Sucuri.net / WordPress Security WPSecure.net /

608 views • 32 slides
WORDPRESS Lesson 01.01 Introduction to WordPress Welcome Welcome to WordPress! Over the next

WORDPRESS Lesson 01.01 Introduction to WordPress Welcome Welcome to WordPress! Over the next

WORDPRESS Lesson 01.01 Introduction to WordPress Welcome Welcome to WordPress! Over the next set of sessions we're going to cover a lot of different topics, techniques, and technologies, all of which are going to help you better manage and

410 views • 13 slides
WORDPRESS Lesson 02.02 WordPress Editor WordPress Editor WordPress uses a simple HTML editor

WORDPRESS Lesson 02.02 WordPress Editor WordPress Editor WordPress uses a simple HTML editor

WORDPRESS Lesson 02.02 WordPress Editor WordPress Editor WordPress uses a simple HTML editor that allows users to create and update content for blog posts, pages, comments, and other content types that require a rich editing environment.

766 views • 17 slides
BEGINNER AND ADVANCED STEPS FOR WP SECURITY GEORGETOWN WORDPRESS MEETUP 03 APR 2019 @ GEORGETOWN

BEGINNER AND ADVANCED STEPS FOR WP SECURITY GEORGETOWN WORDPRESS MEETUP 03 APR 2019 @ GEORGETOWN

BEGINNER AND ADVANCED STEPS FOR WP SECURITY GEORGETOWN WORDPRESS MEETUP 03 APR 2019 @ GEORGETOWN LIBRARY www.BEACON.agency SCHEDULE AGENDA Why WordPress Security is Important 6:00p NETWORKING The Role of Web Hosting The Role of

448 views • 29 slides
BEGINNER AND ADVANCED STEPS FOR WP SECURITY RHODE ISLAND WORDPRESS MEETUP 11 Sept. 2018 @

BEGINNER AND ADVANCED STEPS FOR WP SECURITY RHODE ISLAND WORDPRESS MEETUP 11 Sept. 2018 @

BEGINNER AND ADVANCED STEPS FOR WP SECURITY RHODE ISLAND WORDPRESS MEETUP 11 Sept. 2018 @ Stillwater Books www.BEACON.agency SCHEDULE AGENDA Why WordPress Security is Important 6:00p NETWORKING The Role of Web Hosting The Role

509 views • 29 slides
Contributing to WordPress Sam Sidler @samuelsidler samuelsidler.com sam@wordpress.org Why

Contributing to WordPress Sam Sidler @samuelsidler samuelsidler.com sam@wordpress.org Why

Contributing to WordPress Sam Sidler @samuelsidler samuelsidler.com sam@wordpress.org Why Contribute to WordPress? Learn from the best developers Gain experience in the codebase Influence the direction of the project Make valuable

265 views • 25 slides
A Month of WordPress Plugins 2007 Ask and You May

A Month of WordPress Plugins 2007 Ask and You May

WordPress Plugins Lorelle VanFossen File Gallery WordPress Plugin A Month of WordPress Plugins 2007 Ask and You May Change WordPress Open Camp

542 views • 32 slides
WordPress Day 8 - Underscores 1 What is underscores? _s, or underscores , is a WordPress

WordPress Day 8 - Underscores 1 What is underscores? _s, or underscores , is a WordPress

TWD 25 WordPress Day 8 - Underscores 1 What is underscores? _s, or underscores , is a WordPress starter theme. It is a code base for building custom themes. 2 Why use underscores? Maintained by Automattic developers. This is the

821 views • 47 slides
HOW YOU CAN GET INVOLVED WITH THE WORDPRESS COMMUNITY WHO WE ARE JOHN HAWKINS - WordPress

HOW YOU CAN GET INVOLVED WITH THE WORDPRESS COMMUNITY WHO WE ARE JOHN HAWKINS - WordPress

HOW YOU CAN GET INVOLVED WITH THE WORDPRESS COMMUNITY WHO WE ARE JOHN HAWKINS - WordPress developer - WordPress user for 15+ years - Owned a WP Agency for 5+ years - Organized first WordCamp in Vegas (2009) - Founded the WP Vegas

684 views • 35 slides
wordpress masterclass how to set up your own wordpress website I'm a web designer whos

wordpress masterclass how to set up your own wordpress website I'm a web designer whos

wordpress masterclass how to set up your own wordpress website I'm a web designer whos passionate about helping small businesses create a professional online brand personality that stands out from the crowd and generates an income that gives

786 views • 37 slides
WordPress Day 1 1 About Me Jonathon Leathers - WordPress Developer TWD 4 Student (2013)

WordPress Day 1 1 About Me Jonathon Leathers - WordPress Developer TWD 4 Student (2013)

TWD 25 WordPress Day 1 1 About Me Jonathon Leathers - WordPress Developer TWD 4 Student (2013) weCreate Design (2014 - now) Vancouver WordPress Meetup Organizer (2017 - now) WordCamp Vancouver Lead Organizer (2018 & 2019) TWD

1.52k views • 119 slides
WordPress I Day 7 1 Tuesday, June 18, 13 Moving Your WordPress Site (within the same domain)

WordPress I Day 7 1 Tuesday, June 18, 13 Moving Your WordPress Site (within the same domain)

WordPress I Day 7 1 Tuesday, June 18, 13 Moving Your WordPress Site (within the same domain) How do I move files from a \wordpress sub- directory to the site root? A common request. Unlike a basic HTML site, we can't simply move the

593 views • 25 slides
Simple WordPress Security Barry Gould, BlogSec.net Barry@blogsec.net Why should we worry?

Simple WordPress Security Barry Gould, BlogSec.net Barry@blogsec.net Why should we worry?

Simple WordPress Security Barry Gould, BlogSec.net Barry@blogsec.net Why should we worry? Hacked site = Loss of business / reputation from loss of customer trust. Cleanup costs. Even small sites are at risk; bots dont discriminate!

326 views • 20 slides
WORDPRESS O L I V I A B I S S E T l e m o n a d e c o d e . c o m lemonadecode.online A B O U T

WORDPRESS O L I V I A B I S S E T l e m o n a d e c o d e . c o m lemonadecode.online A B O U T

H OW Y OUNG P EOPLE C AN B UILD BIG IDEAS W ITH WORDPRESS O L I V I A B I S S E T l e m o n a d e c o d e . c o m lemonadecode.online A B O U T M E Home-Schooled & Traditional Schooling WordPress User For 4 Years, Started When I

581 views • 37 slides
Project 1 Robert Windisch Automated security check for WordPress plugins Static Code Analysis

Project 1 Robert Windisch Automated security check for WordPress plugins Static Code Analysis

Project 1 Robert Windisch Automated security check for WordPress plugins Static Code Analysis Powered by RIPS Technologies High-tech company based in Bochum, Germany Supports the full feature stack of the PHP language Detects

1.06k views • 47 slides
Mike Little WordPress Co-founder WordPress: the early years. A co-founders view

Mike Little WordPress Co-founder WordPress: the early years. A co-founders view

Mike Little WordPress Co-founder WordPress: the early years. A co-founders view Democratising publishing and empowering freedom of speech since 2003. Questions? @mikelittlezed1 https://mikelittle.org/

450 views • 5 slides
Wordpress Workshop From Zero to Hero (September 2018) Contents 1. Admin 2. Wordpress Basics

Wordpress Workshop From Zero to Hero (September 2018) Contents 1. Admin 2. Wordpress Basics

Wordpress Workshop From Zero to Hero (September 2018) Contents 1. Admin 2. Wordpress Basics 3. Create a Basic Wordpress Website 4. Using Oxygen 5. Website Design 6. Client Portal Course contents 1. Admin and Set up a. (Give

641 views • 39 slides
WORDPRESS Lesson 10.01 Administration Administration Maintaining your WordPress site is easy,

WORDPRESS Lesson 10.01 Administration Administration Maintaining your WordPress site is easy,

WORDPRESS Lesson 10.01 Administration Administration Maintaining your WordPress site is easy, and doesnt require a lot of time. In the next several slides, well discuss the various chores that are important in maintaining an error free

239 views • 10 slides
WordPress 101 Mercer Public Library January 24, 2019 A little planning... What do I need for a

WordPress 101 Mercer Public Library January 24, 2019 A little planning... What do I need for a

WordPress 101 Mercer Public Library January 24, 2019 A little planning... What do I need for a website? Host (Server) Domain name Website design Why WordPress? Stable, reliable platform 60% of sites using a CMS use WordPress

564 views • 8 slides
WordPress Site Speed WordPress Maui Meetup - October 15, 2015 Why Does Speed Matter? A ff

WordPress Site Speed WordPress Maui Meetup - October 15, 2015 Why Does Speed Matter? A ff

WordPress Site Speed WordPress Maui Meetup - October 15, 2015 Why Does Speed Matter? A ff ects Google ranking and page crawling since 2010 Akamai survey: 75% of the 1,058 people asked would not return to websites that took longer than 4

166 views • 15 slides
rdpress By Amir Shokri Amirsh.nll@gmail.com History Of Wordpress WordPress was released on May

rdpress By Amir Shokri Amirsh.nll@gmail.com History Of Wordpress WordPress was released on May

rdpress By Amir Shokri Amirsh.nll@gmail.com History Of Wordpress WordPress was released on May 27, 2003, by its founders, Matt Mullenweg and Mike Little, as a fork of b2/cafelog. The software is released under the GPLv2 (or later) license.

565 views • 8 slides
Designing Websites for 2016 and Beyond Marjorie R. Asturias Happiness Engineer WordPress.com

Designing Websites for 2016 and Beyond Marjorie R. Asturias Happiness Engineer WordPress.com

Designing Websites for 2016 and Beyond Marjorie R. Asturias Happiness Engineer WordPress.com Powers 1 in 4 websites +25% of the web Plugins Upgrades Total WordPress Sites +25k 3 +60m WordPress.com Page Views Employees +14m 5 billion

437 views • 20 slides
WordPress & the Divi Theme NTPCUG Applications Development (AppDev) SIG August 17, 2019

WordPress & the Divi Theme NTPCUG Applications Development (AppDev) SIG August 17, 2019

WordPress & the Divi Theme NTPCUG Applications Development (AppDev) SIG August 17, 2019 Chris Morgan What is WordPress : WordPress is a free and open source content management system (CMS) based on PHP and MySQL. It can be used to

65 views • 4 slides

More recommend