Upload File

secure from the start

17
Welcome "Want to keep your WordPress site safe from hackers? This session is for you" Kieran O'Shea Secure from the Start Secure from the Start Kieran O'Shea [email protected]@kieranoshea http://www.kieranoshea.com/

Upload: kieran-oshea

Post on 18-Dec-2014

482 views

Category:

Technology


0 download

Report

DESCRIPTION

Want to keep your WordPress site safe from hackers? This session is for you. A security orientated talk covering; Risks and Pitfalls, WordPress configuration, Hosting considerations, Must have plugins & Additional config options

TRANSCRIPT

Page 1: Secure From The Start

Welcome

"Want to keep your WordPress site safe from hackers? This session is for you"

Kieran O'SheaSecure from the Start

Secure from the Start

Kieran O'Shea

[email protected] • @kieranoshea • http://www.kieranoshea.com/

Page 2: Secure From The Start

About me

Kieran O'SheaSecure from the Start

Day job in the finance industry

Open Source Work RouterTech

Firmware for home routers WordPress Plugins

Calendar

Page 3: Secure From The Start

Introduction

Kieran O'SheaSecure from the Start

Origin of this session Security home truths Attack Vectors & Advice Plugins Server config Something extra Questions

Page 4: Secure From The Start

Security Home Truths

Kieran O'SheaSecure from the Start

Insecure passwords cracked in seconds Average of 156 days before victims realise hacking has taken place 90% of all businesses have been hacking victims in the last 12 months More than 30,000 websites infected with malware

Page 5: Secure From The Start

Attack Vectors

Kieran O'SheaSecure from the Start

Passwords & Persistence External applications Rogue code

Page 6: Secure From The Start

Passwords

Kieran O'SheaSecure from the Start

Secure passwords

Avoid re-use between systems

Page 7: Secure From The Start

Passwords

Kieran O'SheaSecure from the Start

Risks of re-use

Is this your password?

Page 8: Secure From The Start

Passwords

Kieran O'SheaSecure from the Start

Secure password storage

Single, secure, master password

Page 9: Secure From The Start

External Applications

Kieran O'SheaSecure from the Start

Shared servers externalise risk Protect users from users

Don't chmod 777 Your host should run suPHP Watch home directory changes

Page 10: Secure From The Start

Rogue Code

Kieran O'SheaSecure from the Start

Does your theme footer look like this?

Page 11: Secure From The Start

Rogue Code

Kieran O'SheaSecure from the Start

Hackers & spammers team up

Page 12: Secure From The Start

Rogue Code

Kieran O'SheaSecure from the Start

It can get worse.... much worse

Page 13: Secure From The Start

Plugins

Kieran O'SheaSecure from the Start

Modifcations to files✔ "WordPress File Monitor Plus" (Scott Cariss)

Login attempts✔ "Limit Login Attempts" (Johan Eenfeldt)

Action logging✔ "Audit Trail" (John Godley)

Page 14: Secure From The Start

Server config

Kieran O'SheaSecure from the Start

Use fail2ban Block access at an IP level

# Define specific rules for the blog admin panel <Directory /home/kieran/public_html/wp-admin> Order Deny,Allow Deny from all Allow from 95.172.226.96/27 </Directory>

Page 15: Secure From The Start

Something extra

Kieran O'SheaSecure from the Start

Demos in this session powered by...

Page 16: Secure From The Start

Something extra

Kieran O'SheaSecure from the Start

Demos in this session powered by...

… the Raspberry Pi

Page 17: Secure From The Start

Questions?

Kieran O'SheaSecure from the Start

Kieran O'Shea • [email protected] @kieranoshea • http://www.kieranoshea.com/

Remember, WordCamp tweets archived here: https://wcuk.kieranoshea.com/tweets/


KoruMail Quick Start Guide · 2019-01-10 · Comodo KoruMail – Quick Start Guide KoruMail Secure Email Gateway – Quick Start Guide This quick start guide will take you through

Security in 5G – Conclusions and outlook...Implement lessons learnt, right from the start Less fraud potential, if secure interconnection standardized as mandatory More detailed

TREASURY BANKING SUITE SECURE BROWSER QUICK START … · 2018-02-02 · TREASURY BANKING SUITE SECURE BROWSER QUICK START GUIDE 6. ALL FILES AND FOLDERS HAVE BEEN INSTALLED. SELECT

WIRELESS GATEWAY Quick Start Guide - Xfinity · Wireless Gateway Quick Start Guide Step 3. Secure Your Wireless Gateway Admin Tool 1. Open a web browser from a device connected to

Kaymera secure smartphone Quick start guide AndroidLM

Writing Essays: From Start to Finish - University of …myresource.phoenix.edu/secure/resource/COM156R6/Writing...Writing Essays: From Start to Finish 1. DEVELOPING A STRONG, CLEAR

MGUARD SECURE CLOUD QUICK START GUIDE – OCTOBER 2016 … · MGUARD SECURE CLOUD QUICK START GUIDE – OCTOBER 2016 The mGuard Secure Cloud offers secure, remote access worldwide

Yale Secure App Quick Start Guide… · Yale Secure App Quick Start Guide Install the free Yale Secure app, available from the App StoreSM. This app is compatible with iPhon e ®,

SECURE INDUSTRIAL DISTRIBUTION UNITS FROM URBAN

BT Secure Networking Quick Start

Comodo Secure Web Gateway...Comodo Secure Web Gateway – Quick Start Guide Comodo Secure Web Gateway - Quick Start Guide Comodo Secure Web Gateway (SWG) is a real time web traffic

Resilience A workshop delivered by Secure Start Principal Psychologist Colby Pearce 22 June 2011 Secure Start ® 2011

INTRODUCING SECURE START · Secure Start is delivered by Bis Henderson Group who have award winning and market leading specialists that span supply chain and logistics consulting,

THE START & FINISHstatic.london10000.co.uk/images/pdf/Bupa...and-start-finish-maps.pdf · the start & finish key secure area information point toilets baggage lucozade sport drink

secure your pc from malwares

Secure Drupal, from start to finish

Quick Start Guide for Cisco Secure Access Control Server ... · PDF fileQuick Start Guide for Cisco Secure Access Control Server ... update or new version release through a Cisco extend

secure from Phishing Hacking and Keylogger

Pulse Connect Secure - Delivering Secure Access Solutions · productivity solutions. Pulse Connect Secure provides secure, authenticated access for remote and mobile users from any

Secure your home from mold damage

Developing Secure Business Applications from Secure BPMN

1 C/C++ Compiling @ UM/MCSR. 2 Logging into the system using ssh Logging into the system from Windows: –Start the secure shell client: Start->Programs->SSH

SECURE ACQUISITION OF DIGITAL EVIDENCE FROM …

Secure from the start : The changing landscape

Secure MCUs For the IoT€¦ · Global Shipments of Secure MCUs • Shipments start around 2018 (sub 50 million), 2019 -2023 CAGR 58% • 2019-2020 slight pressure on growth from

Secure Drupal, from start to finish (European Drupal Days 2015)

Pulse Secure Universal App for Windows Quick Start Guide

ChannelList fta - TOT iptvtotstore.totiptv.com/.../TOTiptv_FreeChoiceChannel.pdf · White Channel Yateem Start from ISUfiJllCiðOJ Start from ISUfiJllCidOJ NEWS Start from ISUfiJllCidOJ

From the start

Secure Mobility from GGR Communications

Totally secure your Data Today and start to generate residual income now!!!!

From Secure Coding to Secure Software

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Start from sharing

Jump Start Mobile Productivity with MDM and Secure File ... · PDF fileWhite Paper Jump start mobile productivity with MDM and secure file sharing XenMobile & ShareFile - a complete