Practical WordPress Security 2018

Slide 1

Slide 1 text

Don’t be scared - Practical security tips Psychological harm, paranoia, distrust in humanity, fear of toasters, mild language In Person Classified just like your porn… Imagine how much rubbish these folks watch *Warning this presentation hasn’t formally been classified by the BBFC or any organisation for age rating. It was however seen by my mother who said it was very pretty. She however wasn’t wearing her glasses.

Slide 2

Slide 2 text

Practical Security Tips Twitter: @tnash A totally different talk

Slide 3

Slide 3 text

WARNING This is not a GDPR talk or a talk on information governance. So relax!

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

Watford

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

WordPress Platform Lead @34SP.com Former Pentester Ran a small dev agency Co run WPLeeds for 10 years Worked with PayPal, Cabinet Ofﬁce, Orange and WFP Once nearly screwed up the British Soap Awards

Slide 13

Slide 13 text

DevSecOps

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

Estimated $2Trillion cost to business in 2019

Slide 16

Slide 16 text

Relax everything will be ﬁne...

Slide 17

Slide 17 text

Bad Actors

Slide 18

Slide 18 text

State Actors

Slide 19

Slide 19 text

Fighting drive by hacks

Slide 20

Slide 20 text

Installing a plugin

Slide 21

Slide 21 text

User Roles/Permissions

Slide 22

Slide 22 text

PassPhrases

Slide 23

Slide 23 text

No content

Slide 24

Slide 24 text

Password Manager

Slide 25

Slide 25 text

Two Factor Authentication

Slide 26

Slide 26 text

No content

Slide 27

Slide 27 text

Limit Logins

Slide 28

Slide 28 text

Update WordPress Core

Slide 29

Slide 29 text

Update Plugins

Slide 30

Slide 30 text

Update themes (meet a child theme)

Slide 31

Slide 31 text

Buy from reputable sources

Slide 32

Slide 32 text

Monitoring

Slide 33

Slide 33 text

Integrity Checking

Slide 34

Slide 34 text

Logging and Audit trails

Slide 35

Slide 35 text

No content

Slide 36

Slide 36 text

HTTPS://everything

Slide 37

Slide 37 text

Good hosting

Slide 38

Slide 38 text

TRUST ME “I work in hosting”

Slide 39

Slide 39 text

Have a disaster recovery plan

Slide 40

Slide 40 text

Two-Factor Plugin What I use… PassPhrases Keepass (KeepassXC, Keepassdroid) updown.io Let’s Encrypt / Code Guard Visual Ping/CodeCeption 34SP.com WordPress Hosting WP Fingerprint

Slide 41

Slide 41 text

Photo credits: Siobhan Hancock Daniel Foster David Goehring Found Art Photography Gratisography Negativespace unsplash Caio xkcd comicvine.com Christopher Geary  Mary Alex

Slide 42

Slide 42 text

Tim Nash @tnash timnash.co.uk @34SP  34SP.com Slides & bits: https://timnash.co.uk/security/

Slide 43

Slide 43 text

WordPress Hosting Experts 3 MONTHS FREE TIMNASHWP