SlideShare a Scribd company logo

Secure Your WordPress Site - And Your Business

Stacy Clements, profile picture
Stacy Clements

The document outlines essential strategies for securing WordPress sites and emphasizes the importance of managing cybersecurity risks for small businesses. It introduces the NIST cybersecurity framework and details protective measures, including strong passwords, two-factor authentication, and regular backups. Key takeaways include the significance of understanding one's attack surface and the fundamentals of security: set, update, and backup.

Small Business & Entrepreneurship
1 of 42
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Secure Your WordPress Site – AND Your Business Stacy M. Clements WordCamp Minneapolis 2019 https://www.linkedin.com/in/stacyclements @StacyClements
Secure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your Business
Secure Your WordPress Site – And Your Business Why you should care Ways you’re vulnerable Cybersecurity Framework Three cybersecurity fundamentals
• Small business owner • Air Force veteran • Technology & security enthusiast Stacy M. Clements Fixer • Problem Solver • Pitbull
Why should you care?
• Computing power • Server resources • Personal information • Connections / access What Do You Have?
• Phishing • Ransomware • Cryptojacking • Denial of service • Insider attack What Can Happen To It?
• Technical problems and changes • Security misconfiguration • Uneducated or inattentive users How Can They Get It?
VULNERABILITY THREATASSET RISK
VULNERABILITY THREATASSET RISK
Risk
Why isn’t a plugin enough?
Secure Your WordPress Site - And Your Business
Application • WordPress core • Themes/plugins • cPanel Network • Server • Computer/mobile device • Router • “Tubes” Human • Site administrators • Contributors/users ATTACK SURFACE
Secure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your Business
NIST Cybersecurity Framework • Collaborative effort • Built using “best practice” guidelines for organizations to better manage and reduce cybersecurity risk • Designed to be flexible
Framework Core Elements Functions organize basic cybersecurity activities at the highest level
Framework Core Elements Categories break down Functions into groups of cybersecurity outcomes
Framework Core Elements Subcategories get more specific – describing specific outcomes of technical and/or management activities
Framework Core Elements Informative References are common standards, guidelines, and practices used to achieve these outcomes
Once Upon A Time…
BOB
Source: Sucuri Website Hack Trend Report 2018
Secure Your WordPress Site - And Your Business
IDENTIFY Asset Management Identify WordPress site Cloud storage Plugins Database Users Files Payments Server • What are your assets? • Who can access – and how? SALLY
Identify IDENTIFY Asset Management Risk Assessment • What are the threats and vulnerabilities? • How do you get your “cyber threat intelligence”?
PROTECT Access Control Protect • Enforce strong passwords and use 2FA • Change default credentials!
Protect PROTECT Access Control Information Protection Procedures Protect • Secure – Update – Backup – TEST! • Develop and exercise response and recovery plans
PROTECT Access Control Information Protection Procedures Protective Technology Protect • Plugin is protective technology – if configured • Logs / removable media / no “kitchen sink” servers
Detect DETECT Security Continuous Monitoring • Awareness – have a baseline and know when something looks suspicious
Detect • Who is getting and assessing alerts? • Who is taking action? DETECT Security Continuous Monitoring Detection Processes
Respond RESPOND Execute Response Plan • What immediate actions do you need to take? • Make required notifications
Respond RESPOND Execute Response Plan Analysis & Mitigation
• Restore from the backup you created and tested (You did do that, right?) • Communicate with your customers Recover RECOVER Execute Recovery Plan
Recover • Recovery is not just returning to the pre-incident state • Hotwash / Lessons Learned? RECOVER Execute Recovery Plan Improvements
Secure Your WordPress Site - And Your Business
Secure Access • Password management • Multi-factor authentication Update • Inventory • Regular update schedule • Periodic review Backup • Backup • Backup • Backup • TEST!
Takeaways Security is managing risk Protect your entire “attack surface” Cybersecurity Framework 3 fundamentals to do now S-U-B set – Secure Access, Update, Backup (and test)
Secure Your WordPress Site – AND Your Business Stacy M. Clements WordCamp Minneapolis 2019 https://www.linkedin.com/in/stacyclements @StacyClements

More Related Content

PPTX
Security Essentials
Ashley Deuble
 
PDF
Web Application Firewall - Web Application & Web Services Security integrated...
Thomas Malmberg
 
PDF
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Aaron Hnatiw
 
PDF
CIS Security Benchmark
Rahul Khengare
 
PPTX
Jason Kent - AppSec Without Additional Tools
centralohioissa
 
PPTX
WordPress Security: Beyond The Plugin
Stacy Clements
 
PPTX
AWS Security Ideas - re:Invent 2016
2nd Sight Lab
 
PDF
Top Azure security fails and how to avoid them
Karl Ots
 
Security Essentials
Ashley Deuble
 
Web Application Firewall - Web Application & Web Services Security integrated...
Thomas Malmberg
 
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Aaron Hnatiw
 
CIS Security Benchmark
Rahul Khengare
 
Jason Kent - AppSec Without Additional Tools
centralohioissa
 
WordPress Security: Beyond The Plugin
Stacy Clements
 
AWS Security Ideas - re:Invent 2016
2nd Sight Lab
 
Top Azure security fails and how to avoid them
Karl Ots
 

What's hot (20)

PPTX
So Your Company Hired A Pentester
NorthBayWeb
 
PPTX
The Teams Behind DevSecOps
Uleska
 
PDF
Technical Services eBook
Ideba
 
PPTX
Security O365 Using AI-based Advanced Threat Protection
Bitglass
 
PPTX
The Threat Is Real. Protect Yourself.
2nd Sight Lab
 
PPTX
Where To Start When Your Environment is Fucked
Amanda Berlin
 
PDF
Top 18 azure security fails and how to avoid them
Karl Ots
 
PPTX
Turning security into code by Jeff Williams
DevSecCon
 
PPTX
Outpost24 webinar - Why security perfection is the enemy of DevSecOps
Outpost24
 
PDF
5 things that could get your business hacked
Mike Ward
 
PDF
Top 5 Data Security Strategies in QA
QASource
 
PDF
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
Karl Ots
 
PPTX
How to-become-secure-and-stay-secure
IIMBNSRCEL
 
PPTX
241_ATD_TUE_1430_EagleRockEnergy_final
Anthony Hopkins
 
PPTX
SPI Dynamics web application security 101
Wade Malone
 
PDF
Your internet-exposure-that-makes-you-vulnerable
IIMBNSRCEL
 
PDF
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon
 
PDF
Feeding the Virtual Patch Pipeline
DevOps.com
 
PDF
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon
 
PPTX
Internet security for browser support
RepairStreet
 
So Your Company Hired A Pentester
NorthBayWeb
 
The Teams Behind DevSecOps
Uleska
 
Technical Services eBook
Ideba
 
Security O365 Using AI-based Advanced Threat Protection
Bitglass
 
The Threat Is Real. Protect Yourself.
2nd Sight Lab
 
Where To Start When Your Environment is Fucked
Amanda Berlin
 
Top 18 azure security fails and how to avoid them
Karl Ots
 
Turning security into code by Jeff Williams
DevSecCon
 
Outpost24 webinar - Why security perfection is the enemy of DevSecOps
Outpost24
 
5 things that could get your business hacked
Mike Ward
 
Top 5 Data Security Strategies in QA
QASource
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
Karl Ots
 
How to-become-secure-and-stay-secure
IIMBNSRCEL
 
241_ATD_TUE_1430_EagleRockEnergy_final
Anthony Hopkins
 
SPI Dynamics web application security 101
Wade Malone
 
Your internet-exposure-that-makes-you-vulnerable
IIMBNSRCEL
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon
 
Feeding the Virtual Patch Pipeline
DevOps.com
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon
 
Internet security for browser support
RepairStreet
 
Ad

Similar to Secure Your WordPress Site - And Your Business (20)

PPTX
Cyber security fundamentals & ethical hacking
ervaijnathgoler
 
PDF
Top Security Challenges Facing Credit Unions Today
Chris Gates
 
PPTX
Web Security Overview
Noah Jaehnert
 
PPTX
Cyber Security and Healthcare
Jonathon Coulter
 
PPTX
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
PPTX
Starting your Career in Information Security
Ahmed Sayed-
 
PPTX
How to develop an AppSec culture in your project
99X Technology
 
PPTX
Building an AppSec Culture
Nirosh Jayaratnam
 
PDF
Decrease Cyber Risk at your Community Bank
Great Bay Software
 
PDF
AppSec in an Agile World
David Lindner
 
PPTX
Just Trust Everyone and We Will Be Fine, Right?
Scott Carlson
 
PPTX
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
Empired
 
PPTX
Safe Internet Banking Cyber Security
Kushantha Gunawardana
 
PPTX
00. introduction to app sec v3
Eoin Keary
 
PPTX
CIO Summit: Data Security in a Mobile World
iMIS
 
PPTX
CIO Summit: Data Security in a Mobile World
iMIS
 
PDF
Cybersecurity Basics - Aravindr.com
Aravind R
 
PPTX
RMS Security Breakfast
Rackspace
 
PPTX
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam
 
PDF
Annual OktCyberfest 2019
Fahad Al-Hasan
 
Cyber security fundamentals & ethical hacking
ervaijnathgoler
 
Top Security Challenges Facing Credit Unions Today
Chris Gates
 
Web Security Overview
Noah Jaehnert
 
Cyber Security and Healthcare
Jonathon Coulter
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
Starting your Career in Information Security
Ahmed Sayed-
 
How to develop an AppSec culture in your project
99X Technology
 
Building an AppSec Culture
Nirosh Jayaratnam
 
Decrease Cyber Risk at your Community Bank
Great Bay Software
 
AppSec in an Agile World
David Lindner
 
Just Trust Everyone and We Will Be Fine, Right?
Scott Carlson
 
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
Empired
 
Safe Internet Banking Cyber Security
Kushantha Gunawardana
 
00. introduction to app sec v3
Eoin Keary
 
CIO Summit: Data Security in a Mobile World
iMIS
 
CIO Summit: Data Security in a Mobile World
iMIS
 
Cybersecurity Basics - Aravindr.com
Aravind R
 
RMS Security Breakfast
Rackspace
 
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam
 
Annual OktCyberfest 2019
Fahad Al-Hasan
 
Ad

Recently uploaded (20)

PPTX
ELS-07 Lifeskills ToT PPt-Adama (ABE).pptx
TefferiMekonnen2
 
PPTX
Transforming Finance with Ratiobox – Oracle NetSuite Bookkeeping & Accounting...
Ratiobox Limited
 
PPTX
Introduction to Computing Profession.pptx
RaadShaukat
 
PPTX
6. FINANCE FOR NON-FINANCIAL MANAGERS.15.08.2024.pptx
Alison Humphries-Engelbrecht
 
PDF
Qloudhost DMACA ignored hosting provider
qloudhost1
 
PDF
Why DevOps Teams Are Dropping Spreadsheets for Real-Time Cloud Hygiene.pdf
Sudeep Khire
 
PPT
Organizational Culture and Management.ppt
shivprasadjaysi2005
 
PDF
Decision trees for high uncertainty decisions
ubertubers1
 
PPTX
The quotation presentation for diffferent businesses
mariazechariah07
 
PPT
Chap8. Product & Service Strategy and branding
ammarilistic12306
 
PDF
india-2024-agrifoodtech-investment-report.pdf
ShivamSharma393029
 
DOC
BHCC毕业证学历认证,埃德蒙学院毕业证毕业证书样本
vwgqef478576bjd2
 
PPT
chap9.New Product Development product lifecycle.ppt
ammarilistic12306
 
PPTX
Daily stand up meeting on the various business
SmitNeev
 
PDF
Captivating LED Visuals, Built to Impress Brightlink.pdf
brightlinkcables
 
PPTX
Spread Maya's Sustainable Product Collection 2025.pptx
marketing549449
 
PPTX
Structure of Organization in Professional Practices.pptx
RaadShaukat
 
PDF
AgriTech-Indias-Sunrise-Sector- Investor
ShivamSharma393029
 
PDF
The Potential for EV Battery Recycling in Europe.pdf
LinaWang40
 
PPTX
TimeBee vs. Toggl: Which Time Tracking Tool is Best for You?
Michael Carter
 
ELS-07 Lifeskills ToT PPt-Adama (ABE).pptx
TefferiMekonnen2
 
Transforming Finance with Ratiobox – Oracle NetSuite Bookkeeping & Accounting...
Ratiobox Limited
 
Introduction to Computing Profession.pptx
RaadShaukat
 
6. FINANCE FOR NON-FINANCIAL MANAGERS.15.08.2024.pptx
Alison Humphries-Engelbrecht
 
Qloudhost DMACA ignored hosting provider
qloudhost1
 
Why DevOps Teams Are Dropping Spreadsheets for Real-Time Cloud Hygiene.pdf
Sudeep Khire
 
Organizational Culture and Management.ppt
shivprasadjaysi2005
 
Decision trees for high uncertainty decisions
ubertubers1
 
The quotation presentation for diffferent businesses
mariazechariah07
 
Chap8. Product & Service Strategy and branding
ammarilistic12306
 
india-2024-agrifoodtech-investment-report.pdf
ShivamSharma393029
 
BHCC毕业证学历认证,埃德蒙学院毕业证毕业证书样本
vwgqef478576bjd2
 
chap9.New Product Development product lifecycle.ppt
ammarilistic12306
 
Daily stand up meeting on the various business
SmitNeev
 
Captivating LED Visuals, Built to Impress Brightlink.pdf
brightlinkcables
 
Spread Maya's Sustainable Product Collection 2025.pptx
marketing549449
 
Structure of Organization in Professional Practices.pptx
RaadShaukat
 
AgriTech-Indias-Sunrise-Sector- Investor
ShivamSharma393029
 
The Potential for EV Battery Recycling in Europe.pdf
LinaWang40
 
TimeBee vs. Toggl: Which Time Tracking Tool is Best for You?
Michael Carter
 

Secure Your WordPress Site - And Your Business