WordPress Security Presentation by Tony Perez

Tomorrow I will be flying to my hometown (Miami) to give a Website Security presentation to a bunch of enthusiastic online professionals at an event called WordCamp. If you’re not familiar with these events, they are global events put together by the local populace to focus on a specific platform – WordPress. The event is called WordCamp Miami 2013, if you plan to be there definitely look me up.

I will be presenting at 1400 (EST), also known as 2:00 pm to most.

I will be volunteering at the Happiness Bar right after my talk at 1445 (EST), 2:45 pm.

If you’re interested, they are going to be live-streaming the event and you’re more than welcome to watch.

WordPress Security – Cutting Through The BS

I recently spoke at WordCamp Chicago 2012 on WordPress Security. In this post I’ll share my presentation but also provide context such that it allows the reader to better digest the presentations content.

Let me know how I do!!!

When putting the presentation together I found myself between a rock and hard spot, I felt as if all the presentations given to date are always about the same stuff. And maybe that’s necessary, repetitiveness is key they say, but is it?

Read More

Secure Website Development – Importance of Developing Securely

We clean hundreds of sites every day and often their problems are associated with the same issues: outdated and sometimes unnecessary software, weak passwords and so on. But sometimes the issue is not as superficial, sometimes it goes a bit deeper than that. You know your server is updated, your CMS is also (ie., WordPress, Joomla, Drupal), yet you still get infected! How is that possible?!

That’s the question we hope to address in a series of posts related to developing with security in mind. This unfortunately is not something tailored for end-users, unless as an end-user you’re responsible for the development of your website. It is however good for end-users to read as it’ll help better understand other possible vectors affecting their infection or reinfection scenarios.

Read More

Ransomware Malware on the Web?

As the week comes to a close I wanted to take a minute to talk about something we haven’t yet – Ransomware Malware.

The idea came from a case this week where a client was defaced. Instead of engaging the host or malware professional she took it upon herself to to plead with the attacker via the provided email (you have to love egos). What was most amusing though was the attacker finally gave in and restored her site in an attempt to get her off his back.

Obviously not something we recommend, but an amusing story none the less. She turned his defacement and retaliated with a little something we like to call, “Begware.”

And so this got us thinking about something that has predominantly been isolated to the notebook and desktop environments – Ransomware malware.
Read More

Lockdown WordPress – A Security Webinar with Dre Armeda

We had the opportunity to do a webinar about WordPress security with the guys from iThemes yesterday. Here’s the video for those of you who missed out on the fun:

Dre Armeda from Sucuri Security presented on various WordPress related areas that help reduce risk for website owners and administrators. The webinar includes a high level discussion about the growth of the internet, he goes over some of the more popular malware attacks affecting WordPress users, then offers various tips, tools, and resources to help you reduce risk.

Hope you enjoy!


If you have any questions, feel free to email us at info@sucuri.net

Ask Sucuri: What should I know when engaging a Web Malware Company?

We work in a business in which it is always chaos. In most situations the client is often distraught, vulnerable, and is plagued with this feeling of being out of control. It is the business of web malware cleanup. The last thing any website owner wants is to delay the cleanup process because of silly things that could have been easily prevented.

In our mind, there are three things you must know before engaging with any web malware company:

  • Know Your Host
  • Know How to Access Your Server
  • Have a Backup

As simple as they may appear, they still remain allusive to many.
Read More