Wordpress malware - What is it and how to protect your website.
-
Upload
owen-cutajar -
Category
Technology
-
view
77 -
download
1
Transcript of Wordpress malware - What is it and how to protect your website.
WordPress MalwareOwen Cutajar (@OwenC)
Your lovely WordPress site …
looking not-so-lovely …
According to the FBI
“There are only two types of companies: those that have been hacked, and those that will be.”
Robert Mueller, FBI Director, 2012
Why?
Profit or Propaganda
Wordpress is an attractive target
Outdated version of WordPress
Large surface of attack across plugins/themes
Classes of attacks
Targeted attacks
Password cracking (brute force / dictionary attacks)
DDOS
Malware
Some terminology
Virus
Worm
Trojan Horse
Botnet
Malnet
Types of attacks
Defacing
Spam
Drive-by Downloads
Backdoors
Malicious redirects and embeds
Defacing
Spam
Drive-By Downloads
Backdoors
Malicious Redirects and Embeds
How?
Exploits and vulnerabilities
Outdated software
Insecure credentials
Compromised host
Infection Demo
Local Samples
Tools:
Base64Decoder: https://www.base64decode.org/
Execute PHP: https://eval.in/
Cleaning an infected site
Manually
Wordfence demo
Protecting your siteAutomatic updates
Security plugins
External scanning
User education
Two factor authentication
Off-site Backups
SSL on login page
References
Wordpress Vulnerability Database: http://wpvulndb.com
Wordfence: https://wordpress.org/plugins/wordfence/
Securi: https://sucuri.net/wordpress-security/
Cloudflare: https://www.cloudflare.com/
Me: @OwenC on Twitter, owencutajar on Skype