Security is a process – @vitalethomas #wcldn
Published on
Coolest graphic of the day!
Kapersky global real time threat map
Know your enemy
“I’m just a small blog”. Bots don’t care.
Why do they attack?
Is your domain clean? Spam sending is then easy.
Attackers can earn money by stealing data and resources.
Why is security vital?
Legal issues include GDPR.
What are security goals?
Security is a continuous process
5 security principles to follow:
1 Manage security risks
Vulnerabilities
Threats
Risk = likelihood a threat will exploit a vulnerability
Nothing is 100% secure.
2 Be reluctant to trust
Supply-chain attack on plugins on WordPress repository. Can infect masses of installs at once.
Apply a trust boundary.
3 Defence in Depth
Include your own (client) devices in your website’s security model.
Security is not static. Security is not binary.
4 Stay up to date
Update software. Preserve security by using monitoring. Always have a backup plan.
Is WordPress secure?
Security is not binary!
This is ambiguous. What does WordPress mean. See the software stack photo above.
People are usually the problem.
5 Secure the weakest link
People are the weakest link.
It is a shared responsibility.
Take care of users and the web.