Upload
dre-armeda
View
105
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Real Security for WordPress - Cut through the noise and the false sense of security. Dre Armeda presents a no nonsense approach to reducing risk with WordPress.
Citation preview
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Real Security for WordPress Life, Liberty, and the Pursuit of Risk Reduction
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Dre Armeda
CEO, Co-Founder of Sucuri Inc. – sucuri.net Co-Host of The DradCast – dradcast.com
@dremeda | dre.im
I wear many hats, and love tacos Harley enthusiast & Chargers fan
Infatuated with WordPress & web security. I hope hope to make the internet a safer place!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
The Internet Rocks
! Over 2 billion internet users today
! 480% growth in the last 11 years (Internet World Stats)
! 100k+ domains gained weekly (Global Domain Registry)
! 2 billion sites in 2015 (Tony Schneider – CEO, Automattic)
With adoption and growth comes innovation!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
It’s Not All Peachy
Malware – short for malicious software: A software designed to disrupt operations, gather information, or
gain unauthorized access.
! Monitor your website browsing & internet usage ! Forced Advertising
! Redirect Affiliate Marketing Revenue
Innovative thinking sparks risk
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
How Bad is it?
! 2 million+ new malware strings monthly (McAfee)
! Costs US consumers over $2bil yearly (Consumer Reports)
! Google issues 3mil+ warnings daily. (Google)
! Google blacklists 10k websites daily on avg. (Google)
Pretty bad, and getting worse.
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
How Does This Happen A new type of webmaster!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Am I At Risk?
The percentage of risk will never be zero!
Ever See a Dodo Bird?
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
What Can We do? Be smart. Be consistent. Cut out the noise!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Cut Out The Noise
! Keep Software Updated ! No Soup Kitchen Servers
! Reduce Access ! Password Management
! Backup Schedule
K.I.S.S.
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Keep Software Updated
! Leading cause for infection along with passwords ! Scared to upgrade because stuff breaks?
! Major vs. Point Release ! Run upgrade tests ! Do your homework
Information Security is everyone’s responsibility
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
No Soup Kitchen Servers
! WordPressers act like they forgot about DEV ! Cross-contamination is a big deal ! Segment by user and account ! Not active. Not good enough
If it’s not in use, get rid of it
Production is not your archive server!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Reduce Access
Give people enough access to do their job, nothing more; remove access when they complete their job!
! User Proper Roles
! This goes for WordPress, FTP, & DB’s, etc. ! Limit failed logins to thwart brute force ! Practice two form auth & layered login
Least privilege to some, no privilege for most.
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Lets Hack a Website All you need is a couple minutes.
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Password Management
! Password still top 5 actively used password ! Use unique passphrases
! Use different passwords across accounts ! Password Management Tools
Password is a password not to be used as your password, ever!
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Backup Schedule
! Create a schedule today! ! Backup outside of your production environment
! Multiple backups are awesome ! Talk to your host to see what they offer
! Various tools available
When they hack you, reduce downtime.
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Tools & Services
Backups ! Backup Buddy ! VaultPress
Great tools and services to help you reduce risk.
Password Management ! LastPass ! KeyPass Password
Safe ! 1Password
Malware Scanning ! Sucuri SiteCheck ! UnMask Parasites
Malware Cleanup ! Sucuri
Two Form Auth ! Google
Authenticator
Limit Failed Logins ! Limit Logon
Attempts ! Sucuri (WP
Plugin)
Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Thank You For Listening No go, reduce risk. Go!