Tony Perez and Dre Armeda of Sucuri Security will be our special guests on this weeks edition of WordPress Weekly. We’ll spend the majority of the episode talking about WordPress security and what users can do to protect themselves against the bad guys. We’ll also figure out why the company was founded and what trends they’ve noticed over the past year when it comes to attacks on sites powered by WordPress.
I asked Perez to come up with three areas that website owners need to pay particular attention to. He responded with access control, software vulnerabilities, and layered defenses.
Access Control – There are two key issues in today’s attack. Access and vulnerabilities. For the everyday website owner, access is by far the most important to me. We are seeing too many attacks exploiting weak credentials, leaving website owners vulnerable to attacks. It’s why we continue to see a spike in Brute Force attacks.
Software Vulnerabilities – This one isn’t as actionable as access control for most website owners which is why it’s second to me. Today’s website owners are not developers, they are your uncles, moms and dads, starting online businesses or learning to write about their daily experiences. Either way, many are not technical, leaving them susceptible to the world of vulnerabilities. Untrusted sources continue to be leveraged, attackers continue to find ways to circumvent systems in place to keep users safe, and this has the potential to be catastrophic for website owners.
It’s time website owners start looking beyond their existing plugin architectures and start leveraging Software as a Service based services that provide them a perimeter defense, or website firewall. Every network has it, every desktop should have one, and every website will require it in the future.
Layered Defenses – We have learned from our desktop and network predecessors, and we do this by thinking in the form of layers. Too many website owners are looking for one solution that will cure all its problems, but the problem is too big for that. They have been putting controls and layers in place that keep them in tune with what is going on with their website. Who is logging in? Who is changing what? Are things changing? Should they be? Website owners have to learn how to administer their website again. This idea of “set and forget” is harming us as much as it is helping.
Leave Your Questions In The Comments
This is a small sample of what we’ll be discussing this Friday at 3P.M. Eastern. If you have any questions about Sucuri or WordPress security in general, leave them in the comments and we’ll ask them near the end of the show.