Presentation is loading. Please wait.

Presentation is loading. Please wait.

8/1/2015. Please Ask Questions! 2 Hacks In The News Office of Personnel Management (OPN) Flash vulnerabilities Sony Heartbleed iCloud Leaked Pictures.

Published byWesley Green Modified over 9 years ago

Similar presentations

Presentation on theme: "8/1/2015. Please Ask Questions! 2 Hacks In The News Office of Personnel Management (OPN) Flash vulnerabilities Sony Heartbleed iCloud Leaked Pictures."— Presentation transcript:

1 8/1/2015

2 Please Ask Questions! 2

3 Hacks In The News Office of Personnel Management (OPN) Flash vulnerabilities Sony Heartbleed iCloud Leaked Pictures Home Depot/Target Credit Card Loss NSA Metadata 3

4 Security x Convenience = Constant 4

5 Some security issues are out of your hands

6 Why Does WordPress Get Hacked? Widely Used Thousands plugins which are unmonitored from a single source Same reasons Windows gets hacked more 6

7 What Happens When Your Site Gets Hacked Spam links Infect other sites Political messages 7

8 Security Helps SEO 8

9 9

10 Keep WordPress And Plugins Updated 10 Also remove plugins and themes you’re not using

11 Protect Your Login Weak or common passwords Brute force attack 11

12 Adobe Password Leak Last summer, Adobe lost 150 million passwords The passwords had flaws in their encryption that let hackers easily reverse engine the password list 12

13 Top 100 Most Common Passwords 13 http://stricture-group.com/files/adobe-top100.txt

14 Improve Password Security Use a password with upper case, lower case, numbers and symbols Use at least 9 characters Do not use a word that is found in a dictionary Use a separate password for all of your sites 14

15 Protect Your Login Do not use “admin” as your admin name Use a password manager like LastPass or Roboform to generate and store passwords Use SFTP and not FTP 15

16 Be Aware of Insecure Access 16

17 Increase Password Security Use Two Factor Authentication Google Authenticator 17

18 Use A VPN (Virtual Private Network) 18 Check your home router to see if it has this functionality built in

19 Keep Your Sites Up To Date 19

20 Google Webmaster Tools Early Warning System Will also give you SEO tips 20

21 Include Security Plugin Stop brute force password attacks Scan for core code changes Notification of out of date WP and plugins Block entire countries Takes care of a lot of manual blocking 21

22 Other Quick Tips Change default database table prefix from wp_ Change your authentication keys in wp-config.php (https://api.wordpress.or g/secret-key/1.1/salt/)https://api.wordpress.or g/secret-key/1.1/salt/ 22

23 23

24 What Is SSL https://www.youtube.com/watch?v=dsuVPxuU_hc Paid Cheap-Comodo Expensive-Verisign Free Comdo (for 90 days) EFF's https://www.eff.org/encrypt-the-web Out in Septemberhttps://www.eff.org/encrypt-the-web startssl.com (free for personal use) Self signed just for security 24

25 Make Sure WordPress Knows To Use SSL Force SSL login directive in wp-config.php WordPress HTTPS (SSL) Hasn't been updated in a while but it is a pretty simple plugin 25

26 Brief Overview Of WordPress File Structure / (the root) /wp-admin/ /wp-includes/ /wp-content/ /themes /plugins /uploads /upgrade 26

27 Check Your Permissions Only allow the web server to read and write, everyone else can only read Files 664 Directories 755 27

28

29 Stop Key Files From Executing.htaccess deny from all 29 /wp-content/uploads /wp-includes

30 Stop Key Files From Executing.htaccess order allow,deny deny from all 30 wp-config.php

31 Restrict Dashboard And Posting To Specific IP Address.htaccess order deny,allow deny from all Allow from xx.xxx.xxx.xxx order deny,allow deny from all Allow from xx.xxx.xxx.xxx WhatIsMyIP.com 31 wp-admin

32 32

33 Use A CDN Content Distribution Network Speeds up your site Visitors get something even if your site is down 33

34 Revert To Backup Hosting Provider BackUpWordPress VaultPress WP-DB-Backup 3-2-1 Strategy 34

35 Cleaning Up Back up what you have including the database and move it offline. Completely replace wp-admin and wp- include. Re-install all plugins from the source. Check all of the files in your theme. Delete everything else. 35

36 Questions? 36

37 collin@bluezoocreative.com Twitter.com/ccondray 9/26/2012 collin@bluezoocreative.com Twitter.com/ccondray 479-966-9575 8/1/2015

Download ppt "8/1/2015. Please Ask Questions! 2 Hacks In The News Office of Personnel Management (OPN) Flash vulnerabilities Sony Heartbleed iCloud Leaked Pictures."

Similar presentations

WordPress Installation for Beginners Sheila Bergman

WordPress Installation for Beginners Sheila Bergman
WordPress from Start to Finish Day 1: Installing and Using WordPress Looking at the WordPress database.

WordPress from Start to Finish Day 1: Installing and Using WordPress Looking at the WordPress database.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Getting Set-up with Hosting and WordPress Gregory Young Alternative Hosting

Getting Set-up with Hosting and WordPress Gregory Young Alternative Hosting
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Easy Website Creation Using WordPress Welcome and Thank You to our Sponsors.

Easy Website Creation Using WordPress Welcome and Thank You to our Sponsors.
A WordPress Business Website Checklist THE CHECKLIST MANIFESTO AS APPLIED TO WORDPRESS AND YOUR BUSINESS.

A WordPress Business Website Checklist THE CHECKLIST MANIFESTO AS APPLIED TO WORDPRESS AND YOUR BUSINESS.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
About the CMS WordPress A brief overview of both Wordpress.org & WordPress.com WordPress is one of the most popular content management and blog publishing.

About the CMS WordPress A brief overview of both Wordpress.org & WordPress.com WordPress is one of the most popular content management and blog publishing.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Higher Order WP Security Hacks, attacks, and getting your site back Dougal Campbell.

Higher Order WP Security Hacks, attacks, and getting your site back Dougal Campbell.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
MAKING GOOD PASSWORDS (AND HOW TO KEEP THEM SAFE).

MAKING GOOD PASSWORDS (AND HOW TO KEEP THEM SAFE).
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
1-19-2012www.ursamajorconsulting.com1 Avoid Getting Hacked Joomla! Web Security Northern Virginia Joomla Users Group January 2012 Dorothy Firsching, Ursa.

www.ursamajorconsulting.com1 Avoid Getting Hacked Joomla! Web Security Northern Virginia Joomla Users Group January 2012 Dorothy Firsching, Ursa.

Similar presentations

Ads by Google