KISS Security

Keep it Smart, Silly!

Created for WordCamp Los Angeles 2014

https://slides.halfelf.org/wcla2014

Mika Epstein

aka Ipstenu

WordPress.org:

Support Forum Moderator
Plugin Reviewer
Core Contributor
Beta Tester
Trainer
... Half Elf

DreamHost

WordPress Specialist
... and Manager
WordPress Trainer
De-Hacker
Dedicated WP Resource
... Half Unicorn

A bit about me, really fast. I'm Mika, and I do WordPress for a Web Host. What I don't list here is that my father is a risk analyst. When I say that, I don't mean my dad's a six-sigma guy or any of those 6-week courses to become an expert, what I mean is he is a mathematician who developed risk software, specializes in nuclear power, and works in Japan on exactly what you're thinking right now. From him I learned an innate understand of what risk MEANS. Even if I can't keep up with is math and proofs, I understand that everything we do is a risk, and the choices we make need to reflect that. I also spent fourteen and a bit years working for a major bank in Chicago, and that time taught me a lot about exactly how ignorant we all are about risks. Seriously, I know a lot of us joke that to understand risk, just watch kids doing extreme sports, but post-mortems at the bank were far more horrifying and enlightening to me.

Philosophy

"My mother is one of the few people I know who has almost completely conquered the will to be stupid."

Miles Vorkosigan on his mother, Cordelia Naismith Vorkosigan
Brothers in Arms by Lois McMaster Bujold

Reality

Dilbert relating to a date how the internet is dangerous

Credit: Dilbert - Jan 11, 1996

Over-Exaggerated Myths

Upgrade or be hacked
You must use a security plugin
You have to hide the version of the code you use
Be afraid of plugins and themes!
Strong passwords or die!

The Tripod Theory

Shadow of a man with a camera on a tripod, standing on a golf course

Website Security relies on three legs:

Your Webhost (server)
Your software's developers (WordPress)
YOU (everything else)

Educate Yourself

Read
Listen
Ask questions
Think
Be aware

Practical Tips

Is the developer active?
What ELSE do they do?
Are all their answers super technical?
Do they speak/write your native language?
How often is the code updated?

Trust Your Gut

THE END

Questions?

My tech blog: https://halfelf.org

These slides: https://slides.halfelf.org/wcla2014