Real Security for WordPress



Real Security for WordPress - Cut through the noise and the false sense of security. Dre Armeda presents a no nonsense approach to reducing risk with WordPress.

Citation preview

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

Real Security for WordPress Life, Liberty, and the Pursuit of Risk Reduction

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

Dre Armeda

CEO, Co-Founder of Sucuri Inc. – Co-Host of The DradCast –

@dremeda |

I wear many hats, and love tacos Harley enthusiast & Chargers fan

Infatuated with WordPress & web security. I hope hope to make the internet a safer place!

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

The Internet Rocks

!   Over 2 billion internet users today

!   480% growth in the last 11 years (Internet World Stats)

!   100k+ domains gained weekly (Global Domain Registry)

!   2 billion sites in 2015 (Tony Schneider – CEO, Automattic)

With adoption and growth comes innovation!

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

It’s Not All Peachy

Malware – short for malicious software: A software designed to disrupt operations, gather information, or

gain unauthorized access.

!   Monitor your website browsing & internet usage !   Forced Advertising

!   Redirect Affiliate Marketing Revenue

Innovative thinking sparks risk

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

How Bad is it?

!   2 million+ new malware strings monthly (McAfee)

!   Costs US consumers over $2bil yearly (Consumer Reports)

!   Google issues 3mil+ warnings daily. (Google)

!   Google blacklists 10k websites daily on avg. (Google)

Pretty bad, and getting worse.

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

How Does This Happen A new type of webmaster!

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

Am I At Risk?

The percentage of risk will never be zero!

Ever See a Dodo Bird?

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

What Can We do? Be smart. Be consistent. Cut out the noise!

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

Cut Out The Noise

!   Keep Software Updated !   No Soup Kitchen Servers

!   Reduce Access !   Password Management

!   Backup Schedule


Real Security for WordPress Dre Armeda @dremeda @sucuri_security

Keep Software Updated

!   Leading cause for infection along with passwords !   Scared to upgrade because stuff breaks?

!   Major vs. Point Release !   Run upgrade tests !   Do your homework

Information Security is everyone’s responsibility

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

No Soup Kitchen Servers

! WordPressers act like they forgot about DEV !   Cross-contamination is a big deal !   Segment by user and account !   Not active. Not good enough

If it’s not in use, get rid of it

Production is not your archive server!

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

Reduce Access

Give people enough access to do their job, nothing more; remove access when they complete their job!

!   User Proper Roles

!   This goes for WordPress, FTP, & DB’s, etc. !   Limit failed logins to thwart brute force !   Practice two form auth & layered login

Least privilege to some, no privilege for most.

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

Lets Hack a Website All you need is a couple minutes.

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

Password Management

!   Password still top 5 actively used password !   Use unique passphrases

!   Use different passwords across accounts !   Password Management Tools

Password is a password not to be used as your password, ever!

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

Backup Schedule

!   Create a schedule today! !   Backup outside of your production environment

!   Multiple backups are awesome !   Talk to your host to see what they offer

!   Various tools available

When they hack you, reduce downtime.

Real Security for WordPress Dre Armeda @dremeda @sucuri_security

Tools & Services

Backups !   Backup Buddy ! VaultPress

Great tools and services to help you reduce risk.

Password Management ! LastPass ! KeyPass Password

Safe !   1Password

Malware Scanning !   Sucuri SiteCheck ! UnMask Parasites

Malware Cleanup !   Sucuri

Two Form Auth !   Google


Limit Failed Logins !   Limit Logon

Attempts !   Sucuri (WP


Real Security for WordPress Dre Armeda @dremeda @sucuri_security

Thank You For Listening No go, reduce risk. Go!