20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks

TRUE | MANAGED HOSTING

ATTACKING WORDPRESS

LOOKING BACK

PresentatorEddie BijnenSecurity Engineer

TRUE | MANAGED HOSTINGATTACKING WORDPRESS

Security engineer¿?!!

Penetratie testen

Ontwikkelen van security oplossingen

Opsporen van hacks

Abuse meldingen

TRUE | MANAGED HOSTING

My website isn’t that interesting

ATTACKING WORDPRESS

TRUE | MANAGED HOSTING

My website isn’t that interesting

DDoS

Cryptocoin-mining

Spam

Randsom

ATTACKING WORDPRESS

TRUE | MANAGED HOSTING

Admin Panel Available

https://www.my-website.nl

/wp-login.php

Unlimited login attempts

Lack of HTTPS

ATTACKING WORDPRESS

TRUE | MANAGED HOSTING

Password Reuse

Myspace

Linked-In

Adobe

Dropbox

220+ andere websites

ATTACKING WORDPRESS

TRUE | MANAGED HOSTING

Am In Now What?

A valid admin is by default allowed to change files on disk.

ATTACKING WORDPRESS

TRUE | MANAGED HOSTING

Backdoor in pirated software

ATTACKING WORDPRESS

TRUE | MANAGED HOSTING

I know what you didn’t do last summer

ATTACKING WORDPRESS

TRUE | MANAGED HOSTING

Vulnerable Plugins

ATTACKING WORDPRESS

TRUE | MANAGED HOSTING

What are the risks

ATTACKING WORDPRESS

“Meldplicht” and possible fine from the Dutch Autoriteit persoonsgegevens

Brand reputation

Additional data cost

Blacklisting of domains

TRUE | MANAGED HOSTING

https://haveibeenpwned.com/

https://premium.wpmudev.org/wp-checkup/

https://premium.wpmudev.org/blog/ultimate-wordpress-security-

checklist/

TITEL PRESENTATIE

Homework & Questions