38

WordCamp Baltimore - WordPress Security: Fundamentals for Business

Embed Size (px)

Citation preview

  • 1. ABOUT MEWEB DESIGN AND INFORMATION SECURITYCommitted to WordPress since 2008.SUCURI Researcher and Account ManagerRemoving malware and protecting websites.Personally cleaned over 5,000 websitesSUCURI.NETTwitter: @JHerbrandsonjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected]

2. ABOUT SUCURIOver 45 Security Professionals Making a Safer WebSECURITY SCANNING & ANALYSISChecking the health over 3 Million websitesevery month through our freeSitecheck Scanner:http://sitecheck.sucuri.netMALWARE CLEANUPCleaning and remediating 300 400hacked or infected websites everyday.ATTACK PROTECTIONBlocking over 33 million attacks andinstances of malicious traffic every monthEDUCATIONProviding detailed and actionable securityinformation through our blog athttp://blog.sucuri.net"joseph herbrandson | www.sucuri.net1-888-873-0817| [email protected]!G 3. ATTACK TRAFFIC ORIGINSMap.Ipviking.comjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 4. A QUICK DEMOAttack in Progress:https://www.youtube.com/watch?v=v4Xr3LrixVg&list=UUzkxqKA_bkNlj1-nX5f2LNAjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 5. Sooo WHY?Its Just Businessprobably- The Short Answer: Fame and Fortune- $BILLION Spam Generic Pharmaceuticals, Payday Loans, Gambling,Designed Brand Knock Offs- Hacktivism Politics and religion at the speed of download- Immaturity Kids being kidsjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 6. #Start with theBasicsI 7. THE NEED FOR SECURITYTHE STATE OF THE INTERNETwww.internetlivestats.comjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 8. Shared Hosting DedicatedHostingjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] HostingHOSTING OPTIONSChoose wiselyDoneforyouAllCheap yours 9. MANAGED-HOSTING PROVIDERSWordPress Experts for Everyone!joseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 10. SPEAKING OF ENVIRONMENTWho is using the Public Wifi?joseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 11. ( IINo Easy Path 12. WORD of WARNINGNo chance of 0% risk.The next 0-Day attack is always around the cornerjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 13. SECURITY HEADLINESProof: Seen the news lately?joseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 14. c IIIALWAYSBackup 15. BUT IVE NEVER HAD A PROBLEM BEFOREHave a low profile, non-threateningsite? You are still getting attentionjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 16. FREE WEBSITE REBRANDjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] HARD AT WORKPHARMACEUTICAL SPAM MAKESHACKERS TWO BILLION DOLLARS/YEARSOLUTION: OFFSITE BACKUPSRESULT: CLEAN SITE IMMEDIATELYK$j 17. AUTOMATED BACKUPSKnow you have a backup planbackup buddy vaultpress sucuri backups webhosting backupsjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected]/backupbuddy/$Vaultpress.com Sucuri.net Your hostingcompany 18. t IVTake PasswordPolicy Seriously 19. Top 5 passwords used in 2013Seriously.Password Last Years Rank123456 2password 112345678 3qwerty 5abc123 4credit: SplashData.comjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 20. PASSWORD MANAGERRemembers your passwords so you dont have tolastpass 1password keypass dashlanelastpass.com agilebits.com keepass.info dashlane.comjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 21. LEAST PRIVILEGEDoes your user setup look like this?!2!4joseph herbrandson | www.sucuri.net1-888-873-0817| [email protected]!3Hosting/!7Administrator FTP/SFTProot accesscontrol panel Editor/contributer!1ActualAdminPotentialHackersFriends!12WritersSeo GuysAnalysts!2Editors!1Random People!10!5HackersFriendsAgain 22. wSteal and BeStolen FromV 23. NOT THE CODE YOURE LOOKING FORAssisting the enemyThis probably shouldnt be in your theme:if(isset($_GET['pwd'])) {eval(base64_decode("CiRhdXRoX3Bhc3MgPSAiN2U5NBhY3RpdmF0ZXMsIGNoYW5nZWQgZWxlbWVudHMgaW4gdGhlIG9yaWdpbmFsIHBsdWdpbiwgZGVzaWduZWQgdG8gYmVoYXZlIGxpa2UgY2xlYW4gY29kZSwgc2lnbmFsIHRoZSBoYWNrZXIgdG8gbGV0IGl0IGtub3cgdGhhdCBpdOKAmXMgaW4uIEEgY2xlYW4gYmFjayBkb29yIGhhcyBiZWVuIG9wZW5lZCwgYW5kIHlvdXIgc2l0ZSBpcyBub3cgb24gYW4gYXV0b21hdGVkIGF0dGFjayBsaXN0LCBtZWFudCB0byBxdWlldGx5IGluZmVjdCBhbmQgcmVpbmZlY3QgeW91ciBzaXRlIGFnYWluIGFuZCBhZw==)); }joseph herbrandson | www.sucuri.net1-888-873-0817| [email protected]! 24. MORE THAN EXPECTEDjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 25. KHave a SystemVI 26. A SYSTEM TO LIVE BY1. Protect! Your computer has a firewall, why doesnt your website?2. Detect! The same goes for AntiVirus.3. Respond! Clean up the mess. You have a backup right?Encompassing Actions:- Know the best practices- Mind your maintenancejoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 27. SYSTEM IN ACTIONjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 28. cUnderstand theChangingLandscapeVII 29. WORDPRESS COREStrong and Securej (joseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] CreatorsMaking WordPressSolid and SecureAuto-UpdatesGet importantpatches right away.SupportEverything you needat WordPress.org 30. WordPress Version Distribution3.0 4.0 (wordpress.org/about/stats/)joseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 31. 3rd Party VULNERABILITIESKeep watchVulnerabilities disclosed at http://blog.sucuri.netAll-In-One SEO 20 Million DownloadsWPtouch 6 Million DownloadsMailPoet - 2.7 Million DownloadsCustom Contact Forms 640k DownloadsSlider Revolution Hundreds of Thousands (themeforest/codecanyon)joseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 32. Z XGoingfurtherTips, Tools, and Services 33. WEBSITE ANTIVIRUS & FIREWALLProtection and DetectionDont be the mark! Understand the changes you are implementingAntiVirus Firewalljoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] Website AntivirusCloudFlareSucuri Website FirewallUtilitiesiThemes SecurityBruteProtectSucuri Security Plugin 34. RESOURCESBecause you dont know what you dont knowGeneral WordPress Security:https://codex.wordpress.org/Hardening_WordPresshttps://blog.sucuri.netHacking and General Security:http://www.securityfocus.com/http://blogs.sophos.com/Facebook Groups:WordPress SecurityAdvanced WordPressSubReddits:Reddit.com/r/HackingReddit.com/r/WordPressjoseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 35. EASY PATH TO CLEANUPResponseNEED:Releases of WordPress at:https://wordpress.org/download/release-archive/Clean backup of active theme and required pluginsNew Passwords (WordPress, FTP, Hosting Control Panel, Everything Else)joseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 36. joseph herbrandson | www.sucuri.net1-888-873-0817| [email protected] 37. THANKYOU!%