Security is a process – @vitalethomas #wcldn

Coolest graphic of the day!

Kapersky global real time threat map

Know your enemy

“I’m just a small blog”. Bots don’t care.

Why do they attack?

Is your domain clean? Spam sending is then easy.

Attackers can earn money by stealing data and resources.

Why is security vital?

Legal issues include GDPR.

What are security goals?

Security is a continuous process

5 security principles to follow:

1 Manage security risks

Vulnerabilities

Threats

Risk = likelihood a threat will exploit a vulnerability

Nothing is 100% secure.

2 Be reluctant to trust

Supply-chain attack on plugins on WordPress repository. Can infect masses of installs at once.

Apply a trust boundary.

3 Defence in Depth

Include your own (client) devices in your website’s security model.

Security is not static. Security is not binary.

4 Stay up to date

Update software. Preserve security by using monitoring. Always have a backup plan.

Is WordPress secure?

Security is not binary!

This is ambiguous. What does WordPress mean. See the software stack photo above.

People are usually the problem.

5 Secure the weakest link

People are the weakest link.

It is a shared responsibility.

Take care of users and the web.