Abstract image of a woman sitting on books and studying on a laptop

Breaking WordPress

Download as PPT, PDF
David Yarde, profile picture
David Yarde

The document discusses the prevalence of WordPress in the web ecosystem, noting that 48% of the top 100 websites use it. It outlines several security challenges faced by WordPress users, including types of attacks, implications of a hacked site, and offers recommendations for managed hosting solutions and security resources. The emphasis is on the importance of prevention and protection against potential threats to maintain site integrity and trust.

Technology
Related topics:
Website Security Overview
1 of 15
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Breaking WordPress
#WHOISDAVIDYARDE • AKA Batman • Co-founder @ Sevenality • Twitter: @dsmy
The Web is HUGE!!! There are over 1.8 Billion active websites on the web. • 43% of the top 1 million websites are hosted in USA itself. • 48% of the top 100 blogs/websites run on WordPress. • 672 Exabytes - 672,000,000,000 Gigabytes (GB) of accessible data.
Today’s Challenges • Administration • Credentials • End-users aka wildcards • Education
• Core • Themes* • Plugins* • End-users* Today’s Problem*
Implications of a Hacked Site • SEO rankings wrecked • Loss of customer trust • Visitors exposed to malware • Hours of time wasted assessing & repairing damage • Loss of sales/money
Types of Attacks Opportunistic Targeted • Web Trolls • Ability for mass exposure • Timthumb • Big Enterprises • Wordpress.com • Woothemes • Usually worth the time and energy invested to compromise • Done for bigger returns
Top 5 WordPress Infections • Backdoors • Difficult to detect via http • Good time to start crying • Pharma Attacks • Owners usually detect • Now shamefully selling viagra or some other drug • Injections • Think fake Anti-virus downloads • Defacements • You’re now supporting a rebel army • Malicious Redirects
Know Your Environment • What kind of security does your host use? • What will they do if your site gets hacked? • Will they fix it? • Will they shut it down?
If server management isn’t your thing, use a managed solution.
• WP Engine - http://wpengine.com/ • Flywheel - http://getflywheel.com/ • MediaTemple - http://mediatemple.net/ • GoDaddy - http://www.godaddy.com/ Managed WP Hosting Providers
HELP!! Everything is broken and I’ve been blacklisted!!! • Don’t panic. • Detect • Remove • Protect • Submit
Recommended Resources• WP Security Checklist - http://wpsecuritychecklist.com • Clef - https://getclef.com • iThemes Security(Better WP Security) - http://ithemes.com/security • WP Security Lock - http://wpsecuritylock.com • VaultPress - https://vaultpress.com • ManageWP - https://managewp.com
“An ounce of prevention is worth a pound of cure.” - Benjamin Franklin
Thank You • David Yarde • Co-founder @ Sevenality • Twitter: @dsmy • Email: david@sevenality.com

More Related Content

PDF
Identifying a Compromised WordPress Site
Chris Burgess
 
KEY
10 Ways to Secure WordPress
Jeremy Green
 
PDF
10 Ways to Speed Up and Secure your WP Site
FLBlogCon
 
PPTX
Why it's not your host's fault
chadmow03
 
PDF
Keep Your SIte Secure
Michele Butcher-Jones
 
PDF
VaultPress: A Plugin for your Backup needs
Jacklyn Stachurski
 
PDF
WP Super Cache - Topanga WordPress Meetup
Suzette Franck
 
PPTX
Stephen Cronin - WordPress and Government
sjcronin99
 
Identifying a Compromised WordPress Site
Chris Burgess
 
10 Ways to Secure WordPress
Jeremy Green
 
10 Ways to Speed Up and Secure your WP Site
FLBlogCon
 
Why it's not your host's fault
chadmow03
 
Keep Your SIte Secure
Michele Butcher-Jones
 
VaultPress: A Plugin for your Backup needs
Jacklyn Stachurski
 
WP Super Cache - Topanga WordPress Meetup
Suzette Franck
 
Stephen Cronin - WordPress and Government
sjcronin99
 

Similar to Breaking WordPress (20)

PDF
Security Presentation for Boulder WordPress Meetup
Angela Bowman
 
PPTX
WordPress Security and Best Practices
Robert Vidal
 
PPTX
Understanding word press security wwc-4-7-17
Nicholas Batik
 
PPT
Secure All The Things!
Dougal Campbell
 
PDF
ResellerClub Ctrl+F5 - WordPress Security session
Pratik Jagdishwala
 
PDF
Your WordPress Site is and is not Hacked - You don't know until you check
Angela Bowman
 
PDF
Head Slapping WordPress Security
Chris Burgess
 
PPTX
How WordPress Sites Get Hacked
Andrew Marks
 
PDF
Beefy WordPress Security Wordcamp 2012 by Tammy Lee
Top Draw Inc.
 
PDF
WordPress Security Presentation
Andrew Paton
 
PDF
WordPress Security Essentials
Angela Bowman
 
KEY
Higher Order WordPress Security
Dougal Campbell
 
PDF
Your WordPress Website Is/Not Hacked
Angela Bowman
 
PDF
Securing your WordPress powered Website
Pratik Jagdishwala
 
PPTX
Protect Your WordPress From The Inside Out
SiteGround.com
 
PPTX
WordPress Security - WordPress Meetup Copenhagen 2013
Thor Kristiansen
 
PDF
Word camp2011 introwordpresssecurity
David Wilemski
 
PDF
WordPress Security Essentials WordCamp Denver 2012
Angela Bowman
 
PDF
WordPress Security from WordCamp NYC 2012
Brad Williams
 
PPTX
How secure is WordPress ?
Er. Narayan Koirala
 
Security Presentation for Boulder WordPress Meetup
Angela Bowman
 
WordPress Security and Best Practices
Robert Vidal
 
Understanding word press security wwc-4-7-17
Nicholas Batik
 
Secure All The Things!
Dougal Campbell
 
ResellerClub Ctrl+F5 - WordPress Security session
Pratik Jagdishwala
 
Your WordPress Site is and is not Hacked - You don't know until you check
Angela Bowman
 
Head Slapping WordPress Security
Chris Burgess
 
How WordPress Sites Get Hacked
Andrew Marks
 
Beefy WordPress Security Wordcamp 2012 by Tammy Lee
Top Draw Inc.
 
WordPress Security Presentation
Andrew Paton
 
WordPress Security Essentials
Angela Bowman
 
Higher Order WordPress Security
Dougal Campbell
 
Your WordPress Website Is/Not Hacked
Angela Bowman
 
Securing your WordPress powered Website
Pratik Jagdishwala
 
Protect Your WordPress From The Inside Out
SiteGround.com
 
WordPress Security - WordPress Meetup Copenhagen 2013
Thor Kristiansen
 
Word camp2011 introwordpresssecurity
David Wilemski
 
WordPress Security Essentials WordCamp Denver 2012
Angela Bowman
 
WordPress Security from WordCamp NYC 2012
Brad Williams
 
How secure is WordPress ?
Er. Narayan Koirala
 
Ad

More from David Yarde (12)

PDF
Lovable Influence and Innovation
David Yarde
 
PDF
Changemaking Through Design Thinking
David Yarde
 
PDF
The Art of Working with Non-Developers: PHP World Edition
David Yarde
 
PDF
The Art of Working with Non-Developers: Finding common ground on the road to ...
David Yarde
 
PDF
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
David Yarde
 
PDF
Ready. Set. Handoff. - Improving the Project Handoff Experience.
David Yarde
 
PDF
Managing Project Expectations and Roadblocks
David Yarde
 
PDF
Designing for WordPress: Using User Experience to tell a Strong Brand Story
David Yarde
 
PDF
Timeless Branding
David Yarde
 
PPTX
Branded Content Strategies
David Yarde
 
PPTX
Minimum Lovable Brands
David Yarde
 
PDF
Branding for Success
David Yarde
 
Lovable Influence and Innovation
David Yarde
 
Changemaking Through Design Thinking
David Yarde
 
The Art of Working with Non-Developers: PHP World Edition
David Yarde
 
The Art of Working with Non-Developers: Finding common ground on the road to ...
David Yarde
 
Branding Yourself and Your Business - Building a Brand that can Adapt and Thrive
David Yarde
 
Ready. Set. Handoff. - Improving the Project Handoff Experience.
David Yarde
 
Managing Project Expectations and Roadblocks
David Yarde
 
Designing for WordPress: Using User Experience to tell a Strong Brand Story
David Yarde
 
Timeless Branding
David Yarde
 
Branded Content Strategies
David Yarde
 
Minimum Lovable Brands
David Yarde
 
Branding for Success
David Yarde
 
Ad

Recently uploaded (20)

PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPTX
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
Five Habits of High-Impact Board Members
OnBoard
 
What is a Computer? Input Devices /output devices
GulJan8
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Modernising the Digital Integration Hub
Daniel Toomey
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 

Breaking WordPress

  • 2. #WHOISDAVIDYARDE • AKA Batman • Co-founder @ Sevenality • Twitter: @dsmy
  • 3. The Web is HUGE!!! There are over 1.8 Billion active websites on the web. • 43% of the top 1 million websites are hosted in USA itself. • 48% of the top 100 blogs/websites run on WordPress. • 672 Exabytes - 672,000,000,000 Gigabytes (GB) of accessible data.
  • 4. Today’s Challenges • Administration • Credentials • End-users aka wildcards • Education
  • 5. • Core • Themes* • Plugins* • End-users* Today’s Problem*
  • 6. Implications of a Hacked Site • SEO rankings wrecked • Loss of customer trust • Visitors exposed to malware • Hours of time wasted assessing & repairing damage • Loss of sales/money
  • 7. Types of Attacks Opportunistic Targeted • Web Trolls • Ability for mass exposure • Timthumb • Big Enterprises • Wordpress.com • Woothemes • Usually worth the time and energy invested to compromise • Done for bigger returns
  • 8. Top 5 WordPress Infections • Backdoors • Difficult to detect via http • Good time to start crying • Pharma Attacks • Owners usually detect • Now shamefully selling viagra or some other drug • Injections • Think fake Anti-virus downloads • Defacements • You’re now supporting a rebel army • Malicious Redirects
  • 9. Know Your Environment • What kind of security does your host use? • What will they do if your site gets hacked? • Will they fix it? • Will they shut it down?
  • 10. If server management isn’t your thing, use a managed solution.
  • 11. • WP Engine - http://wpengine.com/ • Flywheel - http://getflywheel.com/ • MediaTemple - http://mediatemple.net/ • GoDaddy - http://www.godaddy.com/ Managed WP Hosting Providers
  • 12. HELP!! Everything is broken and I’ve been blacklisted!!! • Don’t panic. • Detect • Remove • Protect • Submit
  • 13. Recommended Resources• WP Security Checklist - http://wpsecuritychecklist.com • Clef - https://getclef.com • iThemes Security(Better WP Security) - http://ithemes.com/security • WP Security Lock - http://wpsecuritylock.com • VaultPress - https://vaultpress.com • ManageWP - https://managewp.com
  • 14. “An ounce of prevention is worth a pound of cure.” - Benjamin Franklin
  • 15. Thank You • David Yarde • Co-founder @ Sevenality • Twitter: @dsmy • Email: david@sevenality.com