neo word press meetup ehermits - how to keep your blog from being hacked 2012
DESCRIPTION
TRANSCRIPT
![Page 1: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/1.jpg)
HOW TO KEEP YOUR BLOG FROM BEING HACKED, STOLEN
OR OTHERWISE VIOLATED
Brian Layman
North East Ohio WordPress Meetup
#NEOWP
![Page 2: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/2.jpg)
Introduction
Who I am. What I do. What I see. What software do your blogs run on? Who here has had a blog hacked, defaced, stolen or
taken down? Is your site safe? (No one would ever want to hack
my blog about _____.) The title is a lie…
![Page 3: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/3.jpg)
Well Known Blog Hacks
Go Daddy Blue Host Network Solutions
• PayPal’s Blog• CorneliaMarie.com• ClimateCrisis.net• Twilight Lexicon
• Twitter• Gawker• PhotoMatt• Problogger
• DreamHost• Bizland
![Page 4: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/4.jpg)
Antivirus Campaign
http://bit.ly/AVCampaign
![Page 5: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/5.jpg)
Define “hacked”
Content or uploads destroyed Hidden hyperlinks added to your site Redirect to another site Content edited Hijacked website Defacement Bank fraud
![Page 6: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/6.jpg)
Definition of TermsHow attacks happen…
CSRF/XSRF – Cross Site Request Forgery XSS – Cross Site Scripting SQL Injection DDOS – (Distributed) Denial of Service DNS Hijacking – Spoofing or Poisoning Malvertising – Malicious Advertising Stolen Password Bad Code
![Page 7: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/7.jpg)
Open source Responses to Vulnerabilities
WordPress http://codex.wordpress.org/Hardening_WordPress [email protected]
Drupal http://drupal.org/security-team [email protected]
Joomla http://developer.joomla.org/security.html [email protected]
![Page 8: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/8.jpg)
Security Through Obscurity
What is it? You tell me… Who is right? My thought:
Any steps that may eliminate a large subset of attacks on your blog should be taken.
![Page 9: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/9.jpg)
Tactics YOU can use no matter what platform you are on
The basics Passwords Communication (Plain Text vs. SSL) Updates Watch what you add to your sites
(plugins/themes/add-ons) Backups Google Webmaster Tools
![Page 10: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/10.jpg)
Passwords
Use strong passwords Make them unique in high value situations
![Page 11: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/11.jpg)
Communication
Pay attention to how you are sending your passwords Wireless Networks = Risk FTP – Use SFTP instead Email – Use SSL Ports 587,995,993 vs 25,110,143 Skype – Syncs history upon connect, never send
secure passwords – EVER CPanel/WHM/Admin pages – if it is http not https, your
password can be scraped
![Page 12: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/12.jpg)
Updates
Keep your blog, plugins, themes, & operating system current – yes, even Linux
Security and attacks improve over time2005 – Admin operations required a referrer
2006 – Admin operations required a NONCE
2007 – Plugin pages forced to check security
2008 – Randomized keys and salts & upgrades
2009 – Security escalations issues – full review
2010 – Automated plugin and theme upgrades
2011 – Sniffing, upload, clickjacking, file cleanup
![Page 13: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/13.jpg)
Watch what you add…
Every plugin or theme is a security risk “Free Theme” sites are a very high risk Less popular & highly specialized plugins have had
less eyes on them and are riskier Older plugins used older security standards - we
simply knew less and had fewer tools You are responsible for your site. Learn how to
identify problems or make a friend who can.
![Page 14: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/14.jpg)
Backups
Both files and database Keep the files offline If you have files online keep them out of public_html As important as having the backups…
Know how to restore them! Before you restore – delete the files and directories
to remove the hack files
![Page 15: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/15.jpg)
Google Webmaster Tools
How do you know you are hacked? Google will email you when they consider you a risk
http://www.google.com/webmasters/ http://www.google.com/webmasters/checklist/ https://www.google.com/webmasters/tools/reconsideration
You can configure multiple owners
![Page 16: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/16.jpg)
Coding Practices
EVERYTHING that is displayed on the screen must be filtered. WordPress provides: esc_html esc_url esc_*
http://codex.wordpress.org/Data_Validation EVERYTHING that you send to the database must
be filtered. WordPress provides: $wpdb->prepare
TRUST NOTHING Try to use your text instead of user input
![Page 17: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/17.jpg)
Servers
Permissions - The 755 myth chmod -R 755 * Generic: Directories Should be 755 Files 644 Reality: The least privileges provides the most access
VPS vs Shared Hosting vs Managed Hosting Flexibility, Access, Less risk = More $ Harden your own server or let someone do it suPHP – Isolates your installation
![Page 18: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/18.jpg)
WordPress Specific Security Techniques
Create a “Editor” user for posting Create a new “Administrator”, delete the old one, then
only use it for maintenance Never use wp_ as your table prefix Look at wp-config-sample.php now and then and
update your wp-config.php Force Secure password logins
http://codex.wordpress.org/Administration_Over_SSL
![Page 19: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/19.jpg)
WordPress Techniques(Expected Answers)
Move wp-config.php Remove version Info Rename the admin user Move your wp-content directory – Possibly worth
doing but will break many plugins and themes Use .htaccess to white list IP addresses or add an
extra password layer
![Page 20: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/20.jpg)
WordPress Techniques
Free Plugins http://wordpress.org/extend/plugins/ exploit-scanner wp-security-scan wordpress-file-monitor
Paid Plugins
http://pluginbuddy.com/purchase/backupbuddy/
![Page 21: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/21.jpg)
Who can help?
Site Rescue, Securing & Code Review Sucuri.net WebDevStudios.com WebDevStudios.com CoveredWebServices.com
Managed Hosting WPEngine.com Page.ly WPSecuritylock.com
And of course doing it all: eHermitsInc.com
![Page 22: Neo word press meetup ehermits - how to keep your blog from being hacked 2012](https://reader035.vdocuments.mx/reader035/viewer/2022081414/54c916c44a79591a728b45b6/html5/thumbnails/22.jpg)
Brian Laymanhttp://eHermitsinc.com
http://thecodecave.com
http://www.slideshare.net/brianlayman
http://twitter.com/brianlayman
@eHermits
Text ehermits to 50500