real wordpress security - kill the noise
DESCRIPTION
A WordPress presentation that focuses on security principles and not false sense of security through adding 20 plugins. Lets stick to the basics folks! This presentation was given at WordCamp Miami #wcmiaTRANSCRIPT
![Page 1: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/1.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Real WordPress Security
Kill the noise!
![Page 2: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/2.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Dre Armeda
Co-Founder of Sucuri Inc. – Sucuri.netCo-Host of DradCast – DradCast.com
@dremeda | dremeda.com | drejitsu.com
• Softball Dad• Proud Navy Veteran• Brazilian Jiu-Jitsu Player• Chargers & Angels Fan• Harley Enthusiast• Taco Lover
![Page 3: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/3.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
![Page 4: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/4.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
The Internet Rocks
With adoption and growth comes innovation!
Over 2 billion internet users today(Internet World Stats)
566% growth in the last 12 years (Internet World Stats)
861,379,000 registered hostnames - Jan14 (Tech Made Easy)
180,000,000 active websites (Tech Made Easy)
![Page 5: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/5.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
![Page 6: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/6.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
It’s Not All Peachy
Malware – short for malicious software
DoS/DDoS - Denial of Service
Brute Force
SPAM Links
SEO Poisoning
XSS
SQL Injections
Blacklisting
DNS Poisoning
Innovative thinking sparks risk
![Page 7: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/7.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Malware Type Distribution
SiteCheck numbers don’t lie!
Remote iF
rame Inclu
des
Remote Ja
vaScript In
cludes
SPAM In
jections
Obfuscate
d / Enco
ded JavaScri
pt
Conditional Redire
cts
Defacements
Other
26%
19%16%
14%11%
4%
10%
9 Million Unique Domains Scanned19 % Infected
![Page 8: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/8.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Trends
![Page 9: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/9.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
How Bad is it?
An explosion in web malicious links!
Malicious Links
20112012
600%
![Page 10: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/10.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
What Are Malicious Links?
Oh you’ve seen them. You’ve seen them everywhere!
Malicious Links
Social Media
Email Links Website
Text Messages
![Page 11: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/11.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Increase in PhishingAll is not what it seems!
55% of Companies have fallen victim
![Page 12: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/12.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Search Engine Poisoning (SEP)
Get Payday Loans or Cheap Pills.
![Page 13: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/13.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Brute Force
![Page 14: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/14.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Denial of Service (DoS)
![Page 15: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/15.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Denial of Service (DoS)
![Page 16: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/16.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Why Is This Happening?
Awesome spawns not so awesome situations!
![Page 17: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/17.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Almost always for the $$$
![Page 18: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/18.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
How Does This Happen
A new type of webmaster!
![Page 19: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/19.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
The Worlds Biggest Weakness
![Page 20: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/20.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Am I At Risk?
The percentage of risk will never be zero!
Ever See a Dodo Bird?
![Page 21: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/21.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Everyone is a Target!
Even you!
![Page 22: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/22.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
What Can We do?
Be smart. Be consistent. Cut out the noise!
![Page 23: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/23.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Things You May See
Your users saying they are being redirected
Spam links in your HTML or even visible
Google SERP shows Viagra for your keywords
Google Blacklists you
Sharp traffic decreases for no reason
If your site is infected
![Page 24: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/24.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Quick Steps
Scan for malware – http://sitecheck.sucuri.net
Kill WordPress sessions by resetting Salts - http://wordpress.org/support/topic/set-up-a-secret-key-in-wordpress-
25
Reset ALL passwords (WP, FTP, SSH)
Replace WordPress Core
Update ALL Software
Look for out of place files
Hire someone to audit the site and perform full server-side scan & cleanup
If you think your site is infected
![Page 25: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/25.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Proactive Defenses!
![Page 26: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/26.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Keep Software Updated
Leading cause for infection along with passwords
Scared to upgrade because stuff breaks?
Major vs. Point Release
Run upgrade tests
Do your homework
Information Security is everyone’s responsibility
![Page 27: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/27.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Use Trusted Sources!
![Page 28: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/28.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
No Soup Kitchen Servers
WordPressers act like they forgot about DEV
Cross-contamination is a big deal
Segment by user and account
Not active. Not good enough
If it’s not in use, get rid of it
Production is not your archive server!
![Page 29: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/29.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Reduce Access
Give people enough access to do their job, nothing more; remove access when they complete their job!
User Proper Roles
This goes for WordPress, FTP, & DB’s, etc.
Limit failed logins to thwart brute force
Practice two form auth & layered login
Disable PHP Execution!
Least privilege to some, no privilege for most.
<Files *.php>Deny from all</Files>
![Page 30: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/30.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Password Management
Complex – Long - Unique
Password still top 5 actively used password
Use unique passphrases
Use different passwords across accounts
Password Management Tools
Password is a password not to be used as your password, ever!
![Page 31: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/31.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Backup Schedule
Create a schedule today!
Backup outside of your production environment
Multiple backups are awesome
Talk to your host to see what they offer
Various tools available
When they hack you, reduce downtime.
![Page 32: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/32.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Tools & Services
Website Firewall
Sucuri CloudProxy
Great tools and services to help you reduce risk.
Password ManagementLastPassKeyPass Password Safe1Password
Malware ScanningSucuri SiteCheckUnMask Parasites
Malware CleanupSucuri
BackupsSucuri BackupsVaultPress
![Page 33: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/33.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Notable ResourcesName Tool
Sucuri Blog http://blog.sucuri.net
Sucuri TV http://sucuri.tv
Malware Scanner http://sitecheck.sucuri.net
Malware Scanner http://unmaskparasites.com
Badware Busters https://badwarebusters.org
Google Forums http://productforums.google.com/forum/#!categories/webmasters/malware--hacked-sites
Google Webmaster Tools http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633
Secunia Security Advisories http://secunia.com/community/advisories/search/?search=wordpress
Exploit-DB http://www.exploit-db.com/search/?action=search&filter_description=Wordpress&filter_platform=31
Joomla! Security and Performance FAQs http://docs.joomla.org/Security_and_Performance_FAQs
Joomla! Security Checklist http://docs.joomla.org/Security_Checklist/Getting_Started
![Page 34: Real WordPress Security - Kill the Noise](https://reader038.vdocuments.net/reader038/viewer/2022103111/54c916864a7959fb7d8b4571/html5/thumbnails/34.jpg)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Thank You For Listening
Now go, reduce risk. Go!