Wordpress malware - What is it and how to protect your website.

18
WordPress Malware Owen Cutajar (@OwenC)

Transcript of Wordpress malware - What is it and how to protect your website.

Page 1: Wordpress malware - What is it and how to protect your website.

WordPress MalwareOwen Cutajar (@OwenC)

Page 2: Wordpress malware - What is it and how to protect your website.

Your lovely WordPress site …

Page 3: Wordpress malware - What is it and how to protect your website.

looking not-so-lovely …

Page 4: Wordpress malware - What is it and how to protect your website.

According to the FBI

“There are only two types of companies: those that have been hacked, and those that will be.”

Robert Mueller, FBI Director, 2012

Page 5: Wordpress malware - What is it and how to protect your website.

Why?

Profit or Propaganda

Wordpress is an attractive target

Outdated version of WordPress

Large surface of attack across plugins/themes

Page 6: Wordpress malware - What is it and how to protect your website.

Classes of attacks

Targeted attacks

Password cracking (brute force / dictionary attacks)

DDOS

Malware

Page 7: Wordpress malware - What is it and how to protect your website.

Some terminology

Virus

Worm

Trojan Horse

Botnet

Malnet

Page 8: Wordpress malware - What is it and how to protect your website.

Types of attacks

Defacing

Spam

Drive-by Downloads

Backdoors

Malicious redirects and embeds

Page 9: Wordpress malware - What is it and how to protect your website.

Defacing

Page 10: Wordpress malware - What is it and how to protect your website.

Spam

Page 11: Wordpress malware - What is it and how to protect your website.

Drive-By Downloads

Page 12: Wordpress malware - What is it and how to protect your website.

Backdoors

Page 13: Wordpress malware - What is it and how to protect your website.

Malicious Redirects and Embeds

Page 14: Wordpress malware - What is it and how to protect your website.

How?

Exploits and vulnerabilities

Outdated software

Insecure credentials

Compromised host

Page 15: Wordpress malware - What is it and how to protect your website.

Infection Demo

Local Samples

Tools:

Base64Decoder: https://www.base64decode.org/

Execute PHP: https://eval.in/

Page 16: Wordpress malware - What is it and how to protect your website.

Cleaning an infected site

Manually

Wordfence demo

Page 17: Wordpress malware - What is it and how to protect your website.

Protecting your siteAutomatic updates

Security plugins

External scanning

User education

Two factor authentication

Off-site Backups

SSL on login page

Page 18: Wordpress malware - What is it and how to protect your website.

References

Wordpress Vulnerability Database: http://wpvulndb.com

Wordfence: https://wordpress.org/plugins/wordfence/

Securi: https://sucuri.net/wordpress-security/

Cloudflare: https://www.cloudflare.com/

Me: @OwenC on Twitter, owencutajar on Skype