WP security-wordcamp2016-vitalykarasik
-
Upload
vitaly-karasik -
Category
Internet
-
view
259 -
download
0
Transcript of WP security-wordcamp2016-vitalykarasik
![Page 1: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/1.jpg)
Intro to WordPress SecuritySecurity for smart people
or
Vitaly KarasikDevOps Consultantwww.vitalykarasik.com
WordCamp 201627.03.2016 12135
![Page 2: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/2.jpg)
![Page 3: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/3.jpg)
Hacks Cost You More Than Money
• SEO rating
• Blacklisting
• Reputation - “It can take years to build, and minutes to lose.”
• Customer’s data leak
![Page 4: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/4.jpg)
Attack Types
Exploit Vulnerabilities Brute Force DoS
![Page 5: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/5.jpg)
![Page 6: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/6.jpg)
How to prevent – Concepts
• Security is a process, not a task
• Limiting Access
• Containment
• Preparation and Knowledge
• Trusted Sources
![Page 7: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/7.jpg)
How to prevent – Methods• Updates, Updates, Updates• WordPress Plugins – only trusted, delete unused• Credentials – usernames, passwords, dual-factor• Limiting Access to WP Admin
• Server Hardening• Database User Privileges• FileSystem permissions
![Page 8: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/8.jpg)
Tools and Services
• WP Plugins – WordFence, Sucuri
• DoS Protection, WAF – CloudFlare, Incapsula
• Security Scanners – LMD Scanner, WPScan
• WP Managed Hosting – WPEngine
![Page 9: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/9.jpg)
WordFence Firewall and Brute Force Protection
![Page 10: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/10.jpg)
WordFence Real-time Monitoring
![Page 11: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/11.jpg)
WordFence Reports
![Page 12: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/12.jpg)
Backups and Deployment
• Offsite Backup – UpdraftPlus
• Revision Control – Github, Bitbucket
• Automatic Deployment – Beanstalk
![Page 13: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/13.jpg)
Monitoring – be the first to know!
• Server Monitoring – Anturis, CloudWatch
• Website Monitoring – Anturis, Pingdom
• Logs Monitoring – Logz.io, Loggly
![Page 14: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/14.jpg)
Monitoring – Anturis Screenshot
![Page 15: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/15.jpg)
Resources• WordPress Codex – http://codex.wordpress.org/Hardening_WordPress• WordFence Blog – http://wordfence.com/blog• Sucuri Blog – https://blog.sucuri.net/category/wordpress-security/• WPScan – http://wpscan.org/• LMD Scanner – https://www.rfxn.com/projects/linux-malware-detect/• Security Plugins – http://researchasahobby.com/?p=1915• Hack Target – https://hackertarget.com/wordpress-security-scan
![Page 16: WP security-wordcamp2016-vitalykarasik](https://reader035.fdocuments.in/reader035/viewer/2022070512/588af5bd1a28abf8548b5655/html5/thumbnails/16.jpg)
Thanks for listening!Any Questions?
Vitaly KarasikDevOps Consultantwww.vitalykarasik.com
WordCamp 2016
Scan this code to view presentation and links: