1. Detection & Recovery
1.1. Logging is the most important
1.1.1. 1. you can't fix it if you don't know
1.1.2. 2. helps you spot activity that indicates a breach
1.1.3. 3. allows you to asses damage
1.1.4. 4. aides in repair
1.2. Security events to watch out for
1.2.1. Invalid login attempts
1.2.2. user devices
1.2.3. bot activity
1.2.4. vulnerabilities
1.2.5. file changes
1.2.6. user activity
1.3. Have I been hacked?
1.3.1. Defaced home page
1.3.2. Website performance dip
1.3.3. Malicious/Spam pop up ads
1.3.4. Decrease in web traffic
1.3.5. Unexpected file changes
1.3.6. Unexpected new users
1.3.7. Admin users are removed
1.4. Backups
1.4.1. Hack recovery
1.4.2. Roll back after broken updates
1.4.3. Accidental deletion
1.4.4. Data corruption
2. Prevention
2.1. WP Login
2.1.1. Limit login attempts
2.2. Users
2.2.1. Only give people the capabilities they need - this is something we have done incorrectly in the past.
2.2.1.1. High threat level = Administrator, Editor
2.2.1.2. Medium threat level = Author
2.2.1.3. Low threat level = Contributor, Subscriber
2.2.2. Strong passwords - non negotiable
2.2.2.1. See chart
2.2.3. Refuse compromised passwords
2.2.4. 2FA - stop 100% of automated bot attacks
2.2.4.1. 1. Something you know - security question 2. Something you have - phone 3. Something you are - biometirc authentication
2.2.5. Safe devices (prevents session hijacking)
2.2.6. Security user groups - useful tool
2.3. Bad Bots
2.3.1. Bot = software programmed to perform specific set of tasks (repetitive and mundane)
2.3.1.1. Monitoring, Audit, SEO, Feeder, Security = good
2.3.1.2. Content scrapers, Spam, Brute force = bad
2.3.1.2.1. Simple solution - Google reCaptcha
2.4. WP Software Security
2.4.1. Trusted sources
2.4.2. Remove unused software
2.4.2.1. every pice of code is an entry point, so if you don't need it, lose it
2.4.3. Updates
2.4.3.1. Keep track of vulnerabilities