ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Real Security for WordPress

•
•
Dre Armeda
Dre Armeda

Real Security for WordPress - Cut through the noise and the false sense of security. Dre Armeda presents a no nonsense approach to reducing risk with WordPress.

1 of 17
Downloaded 26 times
Real Security for WordPress Life, Liberty, and the Pursuit of Risk Reduction Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Dre Armeda CEO, Co-Founder of Sucuri Inc. – sucuri.net Co-Host of The DradCast – dradcast.com @dremeda | dre.im I wear many hats, and love tacos Harley enthusiast & Chargers fan Infatuated with WordPress & web security. I hope hope to make the internet a safer place! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
The Internet Rocks With adoption and growth comes innovation! !   Over 2 billion internet users today !   480% growth in the last 11 years (Internet World Stats) !   100k+ domains gained weekly (Global Domain Registry) !   2 billion sites in 2015 (Tony Schneider – CEO, Automattic) Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
It’s Not All Peachy Innovative thinking sparks risk Malware – short for malicious software: A software designed to disrupt operations, gather information, or gain unauthorized access. !   Monitor your website browsing & internet usage !   Forced Advertising !   Redirect Affiliate Marketing Revenue Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
How Bad is it? Pretty bad, and getting worse. !   2 million+ new malware strings monthly (McAfee) !   Costs US consumers over $2bil yearly (Consumer Reports) !   Google issues 3mil+ warnings daily. (Google) !   Google blacklists 10k websites daily on avg. (Google) Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
How Does This Happen A new type of webmaster! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Am I At Risk? Ever See a Dodo Bird? The percentage of risk will never be zero! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
What Can We do? Be smart. Be consistent. Cut out the noise! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Cut Out The Noise K.I.S.S. !   Keep Software Updated !   No Soup Kitchen Servers !   Reduce Access !   Password Management !   Backup Schedule Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Keep Software Updated Information Security is everyone’s responsibility !   Leading cause for infection along with passwords !   Scared to upgrade because stuff breaks? !   Major vs. Point Release !   Run upgrade tests !   Do your homework Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
No Soup Kitchen Servers Production is not your archive server! ! WordPressers act like they forgot about DEV !   Cross-contamination is a big deal !   Segment by user and account !   Not active. Not good enough If it’s not in use, get rid of it Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Reduce Access Least privilege to some, no privilege for most. Give people enough access to do their job, nothing more; remove access when they complete their job! !   User Proper Roles !   This goes for WordPress, FTP, & DB’s, etc. !   Limit failed logins to thwart brute force !   Practice two form auth & layered login Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Lets Hack a Website All you need is a couple minutes. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Password Management Password is a password not to be used as your password, ever! !   Password still top 5 actively used password !   Use unique passphrases !   Use different passwords across accounts !   Password Management Tools Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Backup Schedule When they hack you, reduce downtime. !   Create a schedule today! !   Backup outside of your production environment !   Multiple backups are awesome !   Talk to your host to see what they offer !   Various tools available Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Tools & Services Great tools and services to help you reduce risk. Backups Password Management Malware Scanning !   Backup Buddy ! LastPass !   Sucuri SiteCheck ! VaultPress ! KeyPass Password ! UnMask Parasites Safe !   1Password Malware Cleanup Two Form Auth Limit Failed Logins !   Sucuri !   Google !   Limit Logon Authenticator Attempts !   Sucuri (WP Plugin) Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
Thank You For Listening No go, reduce risk. Go! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

More Related Content

Real Security for WordPress

  • 1. Real Security for WordPress Life, Liberty, and the Pursuit of Risk Reduction Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 2. Dre Armeda CEO, Co-Founder of Sucuri Inc. – sucuri.net Co-Host of The DradCast – dradcast.com @dremeda | dre.im I wear many hats, and love tacos Harley enthusiast & Chargers fan Infatuated with WordPress & web security. I hope hope to make the internet a safer place! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 3. The Internet Rocks With adoption and growth comes innovation! !   Over 2 billion internet users today !   480% growth in the last 11 years (Internet World Stats) !   100k+ domains gained weekly (Global Domain Registry) !   2 billion sites in 2015 (Tony Schneider – CEO, Automattic) Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 4. It’s Not All Peachy Innovative thinking sparks risk Malware – short for malicious software: A software designed to disrupt operations, gather information, or gain unauthorized access. !   Monitor your website browsing & internet usage !   Forced Advertising !   Redirect Affiliate Marketing Revenue Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 5. How Bad is it? Pretty bad, and getting worse. !   2 million+ new malware strings monthly (McAfee) !   Costs US consumers over $2bil yearly (Consumer Reports) !   Google issues 3mil+ warnings daily. (Google) !   Google blacklists 10k websites daily on avg. (Google) Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 6. How Does This Happen A new type of webmaster! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 7. Am I At Risk? Ever See a Dodo Bird? The percentage of risk will never be zero! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 8. What Can We do? Be smart. Be consistent. Cut out the noise! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 9. Cut Out The Noise K.I.S.S. !   Keep Software Updated !   No Soup Kitchen Servers !   Reduce Access !   Password Management !   Backup Schedule Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 10. Keep Software Updated Information Security is everyone’s responsibility !   Leading cause for infection along with passwords !   Scared to upgrade because stuff breaks? !   Major vs. Point Release !   Run upgrade tests !   Do your homework Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 11. No Soup Kitchen Servers Production is not your archive server! ! WordPressers act like they forgot about DEV !   Cross-contamination is a big deal !   Segment by user and account !   Not active. Not good enough If it’s not in use, get rid of it Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 12. Reduce Access Least privilege to some, no privilege for most. Give people enough access to do their job, nothing more; remove access when they complete their job! !   User Proper Roles !   This goes for WordPress, FTP, & DB’s, etc. !   Limit failed logins to thwart brute force !   Practice two form auth & layered login Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 13. Lets Hack a Website All you need is a couple minutes. Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 14. Password Management Password is a password not to be used as your password, ever! !   Password still top 5 actively used password !   Use unique passphrases !   Use different passwords across accounts !   Password Management Tools Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 15. Backup Schedule When they hack you, reduce downtime. !   Create a schedule today! !   Backup outside of your production environment !   Multiple backups are awesome !   Talk to your host to see what they offer !   Various tools available Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 16. Tools & Services Great tools and services to help you reduce risk. Backups Password Management Malware Scanning !   Backup Buddy ! LastPass !   Sucuri SiteCheck ! VaultPress ! KeyPass Password ! UnMask Parasites Safe !   1Password Malware Cleanup Two Form Auth Limit Failed Logins !   Sucuri !   Google !   Limit Logon Authenticator Attempts !   Sucuri (WP Plugin) Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security
  • 17. Thank You For Listening No go, reduce risk. Go! Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security