Breaking WordPress

#WHOISDAVIDYARDE

•AKA Batman

•Co-founder @ Sevenality

•Twitter: @dsmy

The Web is HUGE!!!There are over 1.8 Billion active websites on the

web.

• 43% of the top 1 million websites are hosted in USA itself.

• 48% of the top 100 blogs/websites run on WordPress.

• 672 Exabytes - 672,000,000,000 Gigabytes (GB) of accessible data.

Today’s Challenges

•Administration

•Credentials

•End-users aka wildcards

•Education

•Core

•Themes*

•Plugins*

•End-users*

Today’s Problem*

Implications of a Hacked Site

•SEO rankings wrecked

•Loss of customer trust

•Visitors exposed to malware

•Hours of time wasted assessing & repairing damage

•Loss of sales/money

Types of Attacks

OpportunisticOpportunistic TargetedTargeted

•Web Trolls•Ability for mass exposure•Timthumb

•Big Enterprises•Wordpress.com•Woothemes•Usually worth the time and

energy invested to compromise•Done for bigger returns

Top 5 WordPress Infections•Backdoors

•Difficult to detect via http

•Good time to start crying

•Pharma Attacks

•Owners usually detect

•Now shamefully selling viagra or some other drug

• Injections

•Think fake Anti-virus downloads

•Defacements

•You’re now supporting a rebel army

•Malicious Redirects

Know Your Environment

•What kind of security does your host use?

•What will they do if your site gets hacked?

•Will they fix it?

•Will they shut it down?

If server management isn’t your thing, use a managed solution.

• WP Engine - http://wpengine.com/

• Flywheel - http://getflywheel.com/

• MediaTemple - http://mediatemple.net/

• GoDaddy - http://www.godaddy.com/

Managed WP Hosting Providers

HELP!! Everything is broken and I’ve been blacklisted!!!

•Don’t panic.

•Detect

•Remove

•Protect

•Submit

Recommended Resources• WP Security Checklist - http://wpsecuritychecklist.com

• Clef - https://getclef.com

• iThemes Security(Better WP Security) - http://ithemes.com/security

• WP Security Lock - http://wpsecuritylock.com

• VaultPress - https://vaultpress.com

• ManageWP - https://managewp.com

“An ounce of prevention is worth a pound of cure.”- Benjamin Franklin

Thank You

•David Yarde

•Co-founder @ Sevenality

•Twitter: @dsmy

•Email: david@sevenality.com