Presentation is loading. Please wait.

Presentation is loading. Please wait.

Higher Order WP Security Hacks, attacks, and getting your site back Dougal Campbell.

Published byBethany Fletcher Modified over 8 years ago

Similar presentations

Presentation on theme: "Higher Order WP Security Hacks, attacks, and getting your site back Dougal Campbell."— Presentation transcript:

1 Higher Order WP Security Hacks, attacks, and getting your site back Dougal Campbell

2 HACKERS!

3 HACKERS! CRACKERS!

4 HACKERS! Everybody says “hackers” anyways.

5 WordPress Hacks Warning! Massive Number of GoDaddy WordPress Blogs Hacked! DreamHost: One Million Domains Hacked; WordPress Blogs Infected WordPress Sites on GoDaddy, Bluehost Hacked Reuters Hacked Again, Outdated WordPress Blog At Fault? InMotion Hosting Servers Hacked, Thousands of Web Sites Affected

6 WordPress Hacks History shows there have been very few “WordPress Hacks” “ In the vast majority of cases I see, attackers get in some other way, and then once already in the system, they go looking for WordPress installs.” -- Mark Jaquith

7 If WordPress isn’t the weak point, what is?

8 WordPress Hacks Most hacks that affect WordPress actually originate outside of WordPress Core. TimThumb (PHP library, many themes/plugins) Uploadify (jQuery plugin, many themes/plugins) Adserve (plugin) WassUp (plugin) Is Human (plugin)

9 We need to look at the bigger picture

10 The LAMP Stack

11 Other Services and Apps SMTP (email) FTP DNS Other web sites and utilities? Drupal, Joomla, forums PHPMyAdmin

12 Shared Hosting Shared hosting? Shared security! Other users on the same server as you can become a security risk that affects you What about your own users? Can you trust everyone who has a login for your site? Really trust them? “Nobody cares as much about the survival of your business as yourself.” -- Ron Cain, business owner

13 How do hackers get in? Known exploits in vulnerable software Brute-force password hacking Network scanners Firesheep Wifi vulnerabilities (WEP/WPA) Automated tools Rootkits

14 Staying Safe

15 Three Words Update

16 Three Words Update Core Update Plugins Update Themes

17 What Else? Hotfix Plugin WP Security Scanner Login Lockdown BulletProof Security Sucuri.net

18 What Else? Not using a plugin anymore? Deactivate DELETE! The same goes for themes

19 HACKED!

20 Now What? You can no longer trust any code files Nuke the site, start from trusted, fresh copies Save wp-config.php and wp-content/uploads Reinstall data from backups You do have backups, right? Right?

21 What do I back up? Database Uploaded media (wp-content/uploads) Custom themes and plugins wp-config.php Keep a list of your installed third-party plugins

22 How do I back up? Backup Buddy VaultPress WordPress Backup to Dropbox

23 It can happen to you It can happen to me It can happen to everyone, eventually -- Yes, It Can Happen, 90125

24 A Little Healthy Paranoia

25

26 Healthy Paranoia Use strong passwords Two-factor authentication -- Google Authenticator plugin Use separate WordPress logins for publishing day-to-day content and for site administration Limit who can login to your site, and what permissions they have Create temporary accounts for developers, if necessary

27 Healthy Paranoia Use secure protocols: SFTP, SCP, SSH -- not FTP If possible, enforce SSL on WordPress logins and dashboard access Ensure MySQL server is not accessible to other hosts Same goes for memcache (or any other data store)

28 What? I don’t know how!

29 Getting help Security is part of the cost of doing business, like insurance If you don’t know how to do all this, retain the services of someone who does Managed hosting: Page.ly WordPress.com WP Engine Zippykid

30 Security for Developers Settings API, nonces, validation handlers Data escaping functions: esc_*() esc_html() esc_attr() esc_sql() esc_url() & esc_url_raw() esc_js

31 Now, SECURE ALL THE THINGS!

32 Thanks! Dougal Campbell @dougal dougal.gunters.org

Download ppt "Higher Order WP Security Hacks, attacks, and getting your site back Dougal Campbell."

Similar presentations

WordPress Installation for Beginners Sheila Bergman

WordPress Installation for Beginners Sheila Bergman
WordPress from Start to Finish Day 1: Installing and Using WordPress Looking at the WordPress database.

WordPress from Start to Finish Day 1: Installing and Using WordPress Looking at the WordPress database.
Getting Set-up with Hosting and WordPress Gregory Young Alternative Hosting

Getting Set-up with Hosting and WordPress Gregory Young Alternative Hosting
Easy Website Creation Using WordPress Welcome and Thank You to our Sponsors.

Easy Website Creation Using WordPress Welcome and Thank You to our Sponsors.
Web Services Presentation. Site Management Console (SMC)

Web Services Presentation. Site Management Console (SMC)
Getting Started with Wordpress Install, Theming, Plugins & Security Simple steps to building with Wordpress.

Getting Started with Wordpress Install, Theming, Plugins & Security Simple steps to building with Wordpress.
Wordpress as a content management system Building a better website with content management systems | June 12, 2009.

Wordpress as a content management system Building a better website with content management systems | June 12, 2009.
+ Team Members Evaluation and Implementation of Web 2.0 Technologies in Support of CReSIS Polar and Cyberinfrastructure Research Projects at Elizabeth.

+ Team Members Evaluation and Implementation of Web 2.0 Technologies in Support of CReSIS Polar and Cyberinfrastructure Research Projects at Elizabeth.
INSTALLATION OF WORDPRESS. WORDPRESS WordPress is an open source CMS, often used as a blog publishing application powered by PHP and MySQL. It has many.

INSTALLATION OF WORDPRESS. WORDPRESS WordPress is an open source CMS, often used as a blog publishing application powered by PHP and MySQL. It has many.
Content Management, Working with WordPress Svetlin Nakov Telerik Corporation www.telerik.com.

Content Management, Working with WordPress Svetlin Nakov Telerik Corporation
Web Hosting Control Panel Always FREE to try for 30 days no obligation, our web hosting control panel has been created to provide you with all the tools.

Web Hosting Control Panel Always FREE to try for 30 days no obligation, our web hosting control panel has been created to provide you with all the tools.
About the CMS WordPress A brief overview of both Wordpress.org & WordPress.com WordPress is one of the most popular content management and blog publishing.

About the CMS WordPress A brief overview of both Wordpress.org & WordPress.com WordPress is one of the most popular content management and blog publishing.
The easy way to a nice looking website design By a total non-designer (Me!)

The easy way to a nice looking website design By a total non-designer (Me!)
The Quick Geek Fast Track with Wordpress Judy Wilson / site shack web design ____________________________ copyright 2012 Site Shack Web Design all rights.

The Quick Geek Fast Track with Wordpress Judy Wilson / site shack web design ____________________________ copyright 2012 Site Shack Web Design all rights.
Write2Learn-LATINA LATINA UGANDA 2013.  In this introductory course teaches you how to set up and use a Wordpress blog. Recent applications include teaching,

Write2Learn-LATINA LATINA UGANDA  In this introductory course teaches you how to set up and use a Wordpress blog. Recent applications include teaching,
Build a CMS Website. The topics this chapter covers are: What is CMS ? What you can do with CMS The benefits and disadvantages of using a content management.

Build a CMS Website. The topics this chapter covers are: What is CMS ? What you can do with CMS The benefits and disadvantages of using a content management.
Sahil Narang 9914515620. What is CMS? A content management system (CMS) is a computer application that allows publishing, editing and modifying content,

Sahil Narang What is CMS? A content management system (CMS) is a computer application that allows publishing, editing and modifying content,
Content Management Systems A content management system is software that loads on your web host’s server and manages all content on your web site dynamically.

Content Management Systems A content management system is software that loads on your web host’s server and manages all content on your web site dynamically.
By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.

By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Similar presentations

Ads by Google