SlideShare a Scribd company logo

Real Security for WordPress

Dre Armeda, profile picture
Dre Armeda

The document emphasizes the importance of security for WordPress websites amid the growing threat of malware, which is proliferating and causing significant financial losses. Key recommendations include keeping software updated, reducing access privileges, using strong password management practices, and establishing a regular backup schedule. Additionally, it suggests utilizing various tools and services to enhance security and mitigate risks.

1 of 17
Downloaded 26 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Real Security for WordPress Life, Liberty, and the Pursuit of Risk Reduction Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Dre Armeda CEO, Co-Founder of Sucuri Inc. – sucuri.net Co-Host of The DradCast – dradcast.com @dremeda | dre.im I wear many hats, and love tacos Harley enthusiast & Chargers fan Infatuated with WordPress & web security. I hope hope to make the internet a safer place! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
The Internet Rocks With adoption and growth comes innovation! !   Over 2 billion internet users today !   480% growth in the last 11 years (Internet World Stats) !   100k+ domains gained weekly (Global Domain Registry) !   2 billion sites in 2015 (Tony Schneider – CEO, Automattic) Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
It’s Not All Peachy Innovative thinking sparks risk Malware – short for malicious software: A software designed to disrupt operations, gather information, or gain unauthorized access. !   Monitor your website browsing & internet usage !   Forced Advertising !   Redirect Affiliate Marketing Revenue Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
How Bad is it? Pretty bad, and getting worse. !   2 million+ new malware strings monthly (McAfee) !   Costs US consumers over $2bil yearly (Consumer Reports) !   Google issues 3mil+ warnings daily. (Google) !   Google blacklists 10k websites daily on avg. (Google) Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
How Does This Happen A new type of webmaster! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Am I At Risk? Ever See a Dodo Bird? The percentage of risk will never be zero! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
What Can We do? Be smart. Be consistent. Cut out the noise! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Cut Out The Noise K.I.S.S. !   Keep Software Updated !   No Soup Kitchen Servers !   Reduce Access !   Password Management !   Backup Schedule Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Keep Software Updated Information Security is everyone’s responsibility !   Leading cause for infection along with passwords !   Scared to upgrade because stuff breaks? !   Major vs. Point Release !   Run upgrade tests !   Do your homework Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
No Soup Kitchen Servers Production is not your archive server! ! WordPressers act like they forgot about DEV !   Cross-contamination is a big deal !   Segment by user and account !   Not active. Not good enough If it’s not in use, get rid of it Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Reduce Access Least privilege to some, no privilege for most. Give people enough access to do their job, nothing more; remove access when they complete their job! !   User Proper Roles !   This goes for WordPress, FTP, & DB’s, etc. !   Limit failed logins to thwart brute force !   Practice two form auth & layered login Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Lets Hack a Website All you need is a couple minutes. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Password Management Password is a password not to be used as your password, ever! !   Password still top 5 actively used password !   Use unique passphrases !   Use different passwords across accounts !   Password Management Tools Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Backup Schedule When they hack you, reduce downtime. !   Create a schedule today! !   Backup outside of your production environment !   Multiple backups are awesome !   Talk to your host to see what they offer !   Various tools available Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Tools & Services Great tools and services to help you reduce risk. Backups Password Management Malware Scanning !   Backup Buddy ! LastPass !   Sucuri SiteCheck ! VaultPress ! KeyPass Password ! UnMask Parasites Safe !   1Password Malware Cleanup Two Form Auth Limit Failed Logins !   Sucuri !   Google !   Limit Logon Authenticator Attempts !   Sucuri (WP Plugin) Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Thank You For Listening No go, reduce risk. Go! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

More Related Content

PDF
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
StuartJDavidson.com
 
ODP
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
ThreatReel Podcast
 
PPTX
Professional WordPress Security: Beyond Security Plugins
Chris Burgess
 
PPTX
What Are the Most Common Types of Hacks?
Sucuri
 
ODP
BSides Columbus: Active Defense - Helping threat actors hack themselves!
ThreatReel Podcast
 
PPTX
Webinar: Personal Online Privacy - Sucuri Security
Sucuri
 
PDF
WordPress Security Essential Tips & Tricks
Faraz Ahmed
 
ODP
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
ThreatReel Podcast
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
StuartJDavidson.com
 
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
ThreatReel Podcast
 
Professional WordPress Security: Beyond Security Plugins
Chris Burgess
 
What Are the Most Common Types of Hacks?
Sucuri
 
BSides Columbus: Active Defense - Helping threat actors hack themselves!
ThreatReel Podcast
 
Webinar: Personal Online Privacy - Sucuri Security
Sucuri
 
WordPress Security Essential Tips & Tricks
Faraz Ahmed
 
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
ThreatReel Podcast
 

Similar to Real Security for WordPress (20)

PDF
Lockdown WordPress
Dre Armeda
 
PDF
A Guide To Secure WordPress Website – A Complete Guide.pdf
Host It Smart
 
KEY
Higher Order WordPress Security
Dougal Campbell
 
PPT
Secure All The Things!
Dougal Campbell
 
PDF
Types of Security Threats WordPress Websites Face: Part-1
WPWhiteBoard
 
PPTX
WordPress End-User Security - Orange County WordCamp 2011
Dre Armeda
 
PDF
WordPress Security Guide
Trainings Webversity
 
PPTX
WordPress Security Best Practices
Zero Point Development
 
PPTX
Scouts-Internet-Safety.pptx
SujayJadhav16
 
PPT
WordPress End-User Security - WordCamp Las Vegas 2011
Dre Armeda
 
PPTX
Understanding word press security wwc-4-7-17
Nicholas Batik
 
PPTX
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
Elsner Technologies Pvt Ltd
 
PDF
Intro to Wordpress Security
Chris Dodds
 
PPT
WordCamp Philly WordPress End-User Security
Dre Armeda
 
PPT
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
PDF
How to boost your website engagement
MIK Web Solutions
 
PDF
Why is password protection a fallacy a point of view
Yury Chemerkin
 
DOCX
The malware (r)evolution
ITrust - Cybersecurity as a Service
 
PPT
Chapter No 20- Network and Security-by-MIT.ppt
KamranHussainAwan
 
PDF
Beefy WordPress Security Wordcamp 2012 by Tammy Lee
Top Draw Inc.
 
Lockdown WordPress
Dre Armeda
 
A Guide To Secure WordPress Website – A Complete Guide.pdf
Host It Smart
 
Higher Order WordPress Security
Dougal Campbell
 
Secure All The Things!
Dougal Campbell
 
Types of Security Threats WordPress Websites Face: Part-1
WPWhiteBoard
 
WordPress End-User Security - Orange County WordCamp 2011
Dre Armeda
 
WordPress Security Guide
Trainings Webversity
 
WordPress Security Best Practices
Zero Point Development
 
Scouts-Internet-Safety.pptx
SujayJadhav16
 
WordPress End-User Security - WordCamp Las Vegas 2011
Dre Armeda
 
Understanding word press security wwc-4-7-17
Nicholas Batik
 
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
Elsner Technologies Pvt Ltd
 
Intro to Wordpress Security
Chris Dodds
 
WordCamp Philly WordPress End-User Security
Dre Armeda
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
How to boost your website engagement
MIK Web Solutions
 
Why is password protection a fallacy a point of view
Yury Chemerkin
 
The malware (r)evolution
ITrust - Cybersecurity as a Service
 
Chapter No 20- Network and Security-by-MIT.ppt
KamranHussainAwan
 
Beefy WordPress Security Wordcamp 2012 by Tammy Lee
Top Draw Inc.
 
Ad

Real Security for WordPress

  • 1. Real Security for WordPress Life, Liberty, and the Pursuit of Risk Reduction Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 2. Dre Armeda CEO, Co-Founder of Sucuri Inc. – sucuri.net Co-Host of The DradCast – dradcast.com @dremeda | dre.im I wear many hats, and love tacos Harley enthusiast & Chargers fan Infatuated with WordPress & web security. I hope hope to make the internet a safer place! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 3. The Internet Rocks With adoption and growth comes innovation! !   Over 2 billion internet users today !   480% growth in the last 11 years (Internet World Stats) !   100k+ domains gained weekly (Global Domain Registry) !   2 billion sites in 2015 (Tony Schneider – CEO, Automattic) Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 4. It’s Not All Peachy Innovative thinking sparks risk Malware – short for malicious software: A software designed to disrupt operations, gather information, or gain unauthorized access. !   Monitor your website browsing & internet usage !   Forced Advertising !   Redirect Affiliate Marketing Revenue Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 5. How Bad is it? Pretty bad, and getting worse. !   2 million+ new malware strings monthly (McAfee) !   Costs US consumers over $2bil yearly (Consumer Reports) !   Google issues 3mil+ warnings daily. (Google) !   Google blacklists 10k websites daily on avg. (Google) Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 6. How Does This Happen A new type of webmaster! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 7. Am I At Risk? Ever See a Dodo Bird? The percentage of risk will never be zero! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 8. What Can We do? Be smart. Be consistent. Cut out the noise! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 9. Cut Out The Noise K.I.S.S. !   Keep Software Updated !   No Soup Kitchen Servers !   Reduce Access !   Password Management !   Backup Schedule Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 10. Keep Software Updated Information Security is everyone’s responsibility !   Leading cause for infection along with passwords !   Scared to upgrade because stuff breaks? !   Major vs. Point Release !   Run upgrade tests !   Do your homework Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 11. No Soup Kitchen Servers Production is not your archive server! ! WordPressers act like they forgot about DEV !   Cross-contamination is a big deal !   Segment by user and account !   Not active. Not good enough If it’s not in use, get rid of it Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 12. Reduce Access Least privilege to some, no privilege for most. Give people enough access to do their job, nothing more; remove access when they complete their job! !   User Proper Roles !   This goes for WordPress, FTP, & DB’s, etc. !   Limit failed logins to thwart brute force !   Practice two form auth & layered login Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 13. Lets Hack a Website All you need is a couple minutes. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 14. Password Management Password is a password not to be used as your password, ever! !   Password still top 5 actively used password !   Use unique passphrases !   Use different passwords across accounts !   Password Management Tools Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 15. Backup Schedule When they hack you, reduce downtime. !   Create a schedule today! !   Backup outside of your production environment !   Multiple backups are awesome !   Talk to your host to see what they offer !   Various tools available Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 16. Tools & Services Great tools and services to help you reduce risk. Backups Password Management Malware Scanning !   Backup Buddy ! LastPass !   Sucuri SiteCheck ! VaultPress ! KeyPass Password ! UnMask Parasites Safe !   1Password Malware Cleanup Two Form Auth Limit Failed Logins !   Sucuri !   Google !   Limit Logon Authenticator Attempts !   Sucuri (WP Plugin) Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 17. Thank You For Listening No go, reduce risk. Go! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security