However, there’s always more to elaborate on. In a recent webinar, WP Engine invited Tony Perez<\/a>, CEO of Sucuri<\/a> to lead a webinar<\/a> to explore the topic even further.<\/p>\n Here\u2019s what we learned from this insightful session:<\/p>\n Hackers will take advantage of anything they can. Don\u2019t give them a reason to attack your site by having poor management of site configuration, improper configuration tools, lack of active administration or all around bad habits, like weak passwords.<\/p>\n \u201cThis makes their tactics highly effective. Because of these weaknesses, websites get compromised\u2014in mass\u2014through automation. There are targeted attacks, of course. But for the masses, I\u2019d say that approximately 95 percent of the attacks we see every day with website owners are \u2018Targets of Opportunity\u2019 or targeted attacks,\u201d said Perez.<\/p>\n Perez also mentioned security is one of the last priorities that website owners\u00a0neglect to address.<\/p>\n Types of attacks range from external<\/strong> to internal<\/strong> to reflective<\/strong>.<\/p>\n The types of external attacks hackers use are a \u201cshotgun-like approach,\u201d where they fire a lot of shots and see what works. For example, a \u201cBrute-Force Attack,\u201d is where an attacker sends a barrage of requests to the username and password fields to find the right combination.<\/p>\n Internal attacks can include a hosting misconfiguration\u00a0and cross-site contamination.<\/p>\n Lastly, reflective attacks are when an attacker compromises your site by not penetrating it. This happens when you trust your site too much and encompass malvertising and third-party integration.<\/p>\n The order of precedence in a security attack is exploitation of software vulnerabilities, brute-force attempts, users, security misconfiguration, and cross-site contamination.<\/p>\n \u201cA lot of the time, it\u2019s not what they will do with your audience as it is what they will do with your resources,\u201d said Perez. \u201cYour website is another connected device that can be added to a larger botnet that can be used to disseminate some traffic or otherwise used to abuse or confuse online visitors.\u201d<\/p>\n These resources include cross-site examination, your site\u2019s SEO, malware distribution, search engine poisoning, phishing, sending spam email, defacement of the site,\u00a0and so on.<\/p>\n Search engine poisoning is making use of your online authority and pushing their agenda. Say someone searches your site and clicks on a link, but instead of your site, they will be directed somewhere else. This is the fastest growing number of attacks in cyber security today.<\/p>\n Backdoors are also another issue to worry about. Perez said over 60 percent of infected sites we work on have some backdoor embedded within the system. For those who don\u2019t know, backdoors ensure the attacker is able to still have access to the site, even after the attack has been fixed.<\/p>\n Perez introduces the idea that he uses at Sucuri, which is \u201cDefense in Depth.”<\/p>\n \u201cIt\u2019s the idea that we deploy a series of overlapping, complementary defensive controls across our stack. This is all designed to work in unison with one another,\u201d said Perez. \u201cOne is not better than the other. The endpoint security is not better than cloud security. They have to work together.\u201d<\/p>\n Perez advised that to employ an effective “Defense in Depth” strategy, you must focus on the things you can control. You must stay ahead of the unknowns. Security is an ever-going process and not in a static state.<\/p>\n He emphasized that the people, process, and technology circle must all work together to make your site secure. For example, installing a plugin or tool and then forgetting to configure it is a huge security issue. Contrary to the principle of this circle is trying to find one golden thing to rely on to defend your site.<\/p>\n As Perez concluded his presentation, WP Engine Security Engineer, Justin Dailey, took the mic to discuss how we at WP Engine combat malicious attacks.<\/p>\n WordPress core upgrades, disk write protection, active intrusion detection, managed patching and updates, and malware remediation are some of the security features on WP Engine\u2019s WordPress hosting<\/a> platform.<\/p>\n \u201cAt WP Engine, security is a shared responsibility between us and our customers. We do as much as we can to take some of the burden off of our customers,\u201d said Dailey.<\/p>\n One of the biggest things to take away from the webinar is that website security is ever-changing. It must be managed by multiple security tools. Hackers will take advantage of any weakness your site has. Yet, there are many simple ways to further harden the security of your site.<\/p>\n You want to trust your hosting provider when it comes to website security. At WP Engine, we promote an open dialogue as well as our many secure WordPress hosting<\/a> features.<\/p>\nHuman errors are hacker\u2019s favorite target<\/h3>\n
![\"5](\"https:\/\/wpengine.com\/wp-content\/uploads\/2016\/11\/Screen-Shot-2016-11-15-at-10.21.36-AM-1024x549.png\")
<\/a><\/p>\n![\"5](\"https:\/\/wpengine.com\/wp-content\/uploads\/2016\/11\/website-security-landscape-graphic.png\")
<\/a><\/p>\nThere are many different kinds of attacks<\/h3>\n
![\"screen-shot-2016-11-15-at-1-37-24-pm\"](\"https:\/\/wpengine.com\/wp-content\/uploads\/2016\/11\/Screen-Shot-2016-11-15-at-1.37.24-PM.png\")
<\/a><\/p>\n![\"website-security-threats\"](\"https:\/\/wpengine.com\/wp-content\/uploads\/2016\/11\/website-security-threats.png\")
<\/a><\/p>\n![\"website-security-threats\"](\"https:\/\/wpengine.com\/wp-content\/uploads\/2016\/11\/website-security-threats-1.png\")
<\/a><\/p>\nOnce hackers have entered your site, they have the world at their fingertips<\/h3>\n
![\"website-security-actions\"](\"https:\/\/wpengine.com\/wp-content\/uploads\/2016\/11\/website-security-actions.png\")
<\/a><\/p>\nThere is no single best solution to cyber security<\/h3>\n
![\"screen-shot-2016-11-15-at-10-22-33-am\"](\"https:\/\/wpengine.com\/wp-content\/uploads\/2016\/11\/Screen-Shot-2016-11-15-at-10.22.33-AM-1024x569.png\")
<\/a><\/p>\nWP Engine\u2019s commitment to security<\/h3>\n
Conclusion<\/h3>\n