real wordpress security - kill the noise

Real Security for WordPress Dre Armeda @dremeda Sucuri.net @sucuri_security

Real WordPress Security

Kill the noise!


Dre Armeda

Co-Founder of Sucuri Inc. – Sucuri.netCo-Host of DradCast – DradCast.com

@dremeda | dremeda.com | drejitsu.com

• Softball Dad• Proud Navy Veteran• Brazilian Jiu-Jitsu Player• Chargers & Angels Fan• Harley Enthusiast• Taco Lover


The Internet Rocks

With adoption and growth comes innovation!

Over 2 billion internet users today(Internet World Stats)

566% growth in the last 12 years (Internet World Stats)

861,379,000 registered hostnames - Jan14 (Tech Made Easy)

180,000,000 active websites (Tech Made Easy)


It’s Not All Peachy

Malware – short for malicious software

DoS/DDoS - Denial of Service

Brute Force

SPAM Links

SEO Poisoning

XSS

SQL Injections

Blacklisting

DNS Poisoning

Innovative thinking sparks risk


Malware Type Distribution

SiteCheck numbers don’t lie!

Remote iF

rame Inclu

des

Remote Ja

vaScript In

cludes

SPAM In

jections

Obfuscate

d / Enco

ded JavaScri

pt

Conditional Redire

cts

Defacements

Other

26%

19%16%

14%11%

4%

10%

9 Million Unique Domains Scanned19 % Infected


Trends


How Bad is it?

An explosion in web malicious links!

Malicious Links

20112012

600%


What Are Malicious Links?

Oh you’ve seen them. You’ve seen them everywhere!

Malicious Links

Social Media

Email Links Website

Text Messages


Increase in PhishingAll is not what it seems!

55% of Companies have fallen victim


Search Engine Poisoning (SEP)

Get Payday Loans or Cheap Pills.


Brute Force


Denial of Service (DoS)


Why Is This Happening?

Awesome spawns not so awesome situations!


Almost always for the $$$


How Does This Happen

A new type of webmaster!


The Worlds Biggest Weakness


Am I At Risk?

The percentage of risk will never be zero!

Ever See a Dodo Bird?


Everyone is a Target!

Even you!


What Can We do?

Be smart. Be consistent. Cut out the noise!


Things You May See

Your users saying they are being redirected

Spam links in your HTML or even visible

Google SERP shows Viagra for your keywords

Google Blacklists you

Sharp traffic decreases for no reason

If your site is infected


Quick Steps

Scan for malware – http://sitecheck.sucuri.net

Kill WordPress sessions by resetting Salts - http://wordpress.org/support/topic/set-up-a-secret-key-in-wordpress-

25

Reset ALL passwords (WP, FTP, SSH)

Replace WordPress Core

Update ALL Software

Look for out of place files

Hire someone to audit the site and perform full server-side scan & cleanup

If you think your site is infected

http://sitecheck.sucuri.net/

http://wordpress.org/support/topic/set-up-a-secret-key-in-wordpress-25

http://wordpress.org/support/topic/set-up-a-secret-key-in-wordpress-25


Proactive Defenses!


Keep Software Updated

Leading cause for infection along with passwords

Scared to upgrade because stuff breaks?

Major vs. Point Release

Run upgrade tests

Do your homework

Information Security is everyone’s responsibility


Use Trusted Sources!


No Soup Kitchen Servers

WordPressers act like they forgot about DEV

Cross-contamination is a big deal

Segment by user and account

Not active. Not good enough

If it’s not in use, get rid of it

Production is not your archive server!


Reduce Access

Give people enough access to do their job, nothing more; remove access when they complete their job!

User Proper Roles

This goes for WordPress, FTP, & DB’s, etc.

Limit failed logins to thwart brute force

Practice two form auth & layered login

Disable PHP Execution!

Least privilege to some, no privilege for most.

<Files *.php>Deny from all</Files>


Password Management

Complex – Long - Unique

Password still top 5 actively used password

Use unique passphrases

Use different passwords across accounts

Password Management Tools

Password is a password not to be used as your password, ever!


Backup Schedule

Create a schedule today!

Backup outside of your production environment

Multiple backups are awesome

Talk to your host to see what they offer

Various tools available

When they hack you, reduce downtime.


Tools & Services

Website Firewall

Sucuri CloudProxy

Great tools and services to help you reduce risk.

Password ManagementLastPassKeyPass Password Safe1Password

Malware ScanningSucuri SiteCheckUnMask Parasites

Malware CleanupSucuri

BackupsSucuri BackupsVaultPress


Notable ResourcesName Tool

Sucuri Blog http://blog.sucuri.net

Sucuri TV http://sucuri.tv

Malware Scanner http://sitecheck.sucuri.net

Malware Scanner http://unmaskparasites.com

Badware Busters https://badwarebusters.org

Google Forums http://productforums.google.com/forum/#!categories/webmasters/malware--hacked-sites

Google Webmaster Tools http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633

Secunia Security Advisories http://secunia.com/community/advisories/search/?search=wordpress

Exploit-DB http://www.exploit-db.com/search/?action=search&filter_description=Wordpress&filter_platform=31

Joomla! Security and Performance FAQs http://docs.joomla.org/Security_and_Performance_FAQs

Joomla! Security Checklist http://docs.joomla.org/Security_Checklist/Getting_Started

http://blog.sucuri.net/

http://sucuri.tv/

http://sitecheck.sucuri.net/

http://unmaskparasites.com/

https://badwarebusters.org/

http://productforums.google.com/forum/%23!categories/webmasters/malware--hacked-sites

http://productforums.google.com/forum/%23!categories/webmasters/malware--hacked-sites

http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633

http://secunia.com/community/advisories/search/?search=wordpress




http://www.exploit-db.com/search/?action=search&filter_description=Wordpress&filter_platform=31

http://www.exploit-db.com/search/?action=search&filter_description=Wordpress&filter_platform=31

http://docs.joomla.org/Security_and_Performance_FAQs

http://docs.joomla.org/Security_Checklist/Getting_Started


Thank You For Listening

Now go, reduce risk. Go!

real wordpress security - kill the noise

Technology