wordpress malware - what is it and how to protect your website

Report

Post on 16-Apr-2017

80 Views

Category:

Technology

1 Downloads

Preview:

Click to see full reader

TRANSCRIPT

WordPress MalwareOwen Cutajar (@OwenC)

Your lovely WordPress site …

looking not-so-lovely …

According to the FBI

“There are only two types of companies: those that have been hacked, and those that will be.”

Robert Mueller, FBI Director, 2012

Why?

Profit or Propaganda

Wordpress is an attractive target

Outdated version of WordPress

Large surface of attack across plugins/themes

Classes of attacks

Targeted attacks

Password cracking (brute force / dictionary attacks)

DDOS

Malware

Some terminology

Virus

Worm

Trojan Horse

Botnet

Malnet

Types of attacks

Defacing

Spam

Drive-by Downloads

Backdoors

Malicious redirects and embeds

Defacing

Spam

Drive-By Downloads

Backdoors

Malicious Redirects and Embeds

How?

Exploits and vulnerabilities

Outdated software

Insecure credentials

Compromised host

Infection Demo

Local Samples

Tools:

Base64Decoder: https://www.base64decode.org/

Execute PHP: https://eval.in/

https://www.base64decode.org/
https://eval.in/

Cleaning an infected site

Manually

Wordfence demo

Protecting your siteAutomatic updates

Security plugins

External scanning

User education

Two factor authentication

Off-site Backups

SSL on login page

References

Wordpress Vulnerability Database: http://wpvulndb.com

Wordfence: https://wordpress.org/plugins/wordfence/

Securi: https://sucuri.net/wordpress-security/

Cloudflare: https://www.cloudflare.com/

Me: @OwenC on Twitter, owencutajar on Skype

http://wpvulndb.com
https://wordpress.org/plugins/wordfence/
https://sucuri.net/wordpress-security/
https://www.cloudflare.com/

top related

tracking anti-malware protection...
Documents
how to protect your dell computer from malware?
Technology
7 steps that will help protect your wordpress website from...
Small Business & Entrepreneurship
acciÓn deverÁn -...
Documents
know, protect, empower. don’t learn malware.€¦ ·...
Documents
yorkshire and humber regional cyber crime unit · malware...
Documents
data sheet antifraud protect your brand from phishing and...
Documents
fireeye - equities.wedbush.comfireeye’s technology is...
Documents
php aspis: using partial taint tracking to protect against...
Documents
hp elitebook 735 g5 notebook pc -...
Documents
malware fails best bugs in malware felix leder [malware...
Documents
protect your wordpress website - setting up ithemes security
Software
canon imageclass security white...
Documents
sitelock website security insider · 2020-02-25 · tips...
Documents
administrator protect against malware by: brittany slisher...
Documents
what is malware? · web viewmanaged by your network...
Documents
how to protect your business from the coming malware storm
Documents
5 ways to protect your business from dangerous malware
Technology
infographic - 15 ways to protect your business from a...
Documents
white paper protect against malware with dns firewalls ·...
Documents