⛺️ WordFest Live - The Festival of WordPress Catch Up Now
The festival of WordPress
March 4th 2022
Brought to you by

Breath in, breath out… The Checklist and Guide to recover your site and reputation after a hack

Session overview

What to expect:

I know, the heart start pumping hard, your mind starts running wild and the anxiety appears. This is normal once you face a successful hacking attempt. OK, now let’s act and correct, let’s apply what we call Incident Response.
First of all, let’s put the case in perspective, this will help to understand the dimension and will help to calm down ourselves with the tranquility that the taking actions towards the recovery gives.

Edit Transcript

Néstor Angulo de Ugarte – Breath in, breath out. The Checklist and Guide to recover your site and reputation after a hack

Yoast: Do you know, the Yoast SEO, plugin, they’re red, orange, and green feedback bullets that help you optimize your posts for the web. It runs on millions of websites. We tried to make SEO understandable and accessible to everyone.

Bluehost: Who says building an online store has to be hard with Bluehost website builder. It’s more than just easy. It’s tell us your thing in smart AI. We’ll take it from there. Easy it’s WooCommerce friendly. So you can add one of these or swap this for that. It’s set up shop in minutes with unlimited products.

Easy. Whether you sell boots, books or bowls, it’s create an online store with Bluehost, easy build beyond boundaries with Bluehost.

Nexcess: Oh, great. My website crashed again. I give up, don’t give up on your dreams, Jordan, who are you? It’s me. You from the future. Your professional website is not at a breach. You just need Nexcess with Nexcess managed hosting, you get lightning fast load times built-in performance monitoring and updates, and always awesome support. 24 7 365. For all your props. Whoa. Yeah.

Discover Weglot the simple translation solution for your website. All you have to do is add Weglot to your website, select the languages that you need. And that’s it. Your website is now available in multiple languages.

Michelle: Well Hello?

Olamide Egbayelo: Hello, Michelle.

Michelle: How are you?

Olamide Egbayelo: I’m very well, thank you. The second session that I’m very excited.

Michelle: Very good. Well O’Neil is having all kinds of problems. The internet is, um, given trouble right now in the Philippines. So I jumped in and said, I would be more than happy to co-host with you this time. How are you doing?

Olamide Egbayelo: I’m very well, thank you for joining in.

Michelle: Oh, of course. Do you mind if I introduce our next speaker?

Olamide Egbayelo: Okay. Yeah, that’s good. Okay.

Michelle: Great. Um, so our next speaker is Néstor Angulo de Ugarte. I hope I said that, right? Presenting Breathe in, breathe out the checklist and guide to recover your site and reputation after a hack, Néstor is a technology enthusiasts, computer science engineer, and web security geek.

He loves to travel and although he’s based in Spain, you can find him learning from other cultures and meeting people wherever and internet connection is available Néstor has been with security and GoDaddy web security since 2015, and learns a ton about hackers, malware, and strange cases to study kind of like a CSI for security analysts.

So we will listen to Néstor and then go back and we’ll be asking him a ton of questions.

Olamide Egbayelo: Yeah. Looking forward to this session. Me too.

Néstor Angulo de Ugarte: Hey. Hi. How are you guys? Thank you very much for the presentation for introductions. Sorry, Michelle and Ola. Um, here we are so sorry, because it’s really early here. It’s 6am am in the morning, so let’s do our best. Um, okay. Let’s talk about hacking, security and so on and how to recover after a hack.


I hope that you guys were up up already. Um, but, uh, one of the questions, uh, important here is have you been hacked already? Uh, just please raise your hand. Oh, yeah, I see a lot of hands there. No, I was kidding. We are digital. This isn’t possible, but probably, a lot of you guys has, uh, suffer a hack, uh, in one moment or another, uh, in your digital world and your digital life.

And if not, you will. So this guy is important. Let me share with you so on my impression, because I suffered in that. And um, uh, in first person, uh, this kind of hack, uh, and I feel, I felt all the answer to the older, all the, what I have to do. And so on just before, before I came, I joined, uh, security and GoDaddy, eh, and it was just a.

It was an er it was a nightmare because, uh, you know, uh, you don’t know what to do. You don’t know where to go. You don’t know what to find. And the customers are yes. Uh, ringing you and so on. So then let me share with you some tricks. You can do some, uh, uh, again, a little guide. To help you with, uh, you know, to help you with your anxiety and your, or your feelings, uh, with the power of action right now.

So let’s just, uh, let’s just put in the situation that you have being hacked. For example, you have been defaced with a skin like this one, uh, yeah. Or, or you get all your files encrypted and so-on. Yeah. I know. It’s pretty tough. Okay. So let’s scream. You can, yes. Let’s your feel out? Um, um, this, and is accepted also to be down a little bit, uh, but the important part is after that, when you get all your feelings out, let’s act.

Okay. So this is the guide of the things that should you should do before that. Uh, normally I am, uh, share some kind of concepts because we should put some care. Uh, things clear before, um, uh, troubleshooting these kind of scenarios, right? So those of you that, uh, has, uh, seen any of my presentation, you will see that this slide is appearing in all of them, this guy is a CIA, a C E O of Cisco, which is a very big company of global communications around the world.

And he says that there are two types of companies, those who has been hacked and those who don’t yet know they have been hacked. So, you know, dealing with, uh, cyber security or with the internet could be a little bit of stress, right. They used to have a lot of, um, uh, threats are out there. There is a lot of terms and there is a lot of things to know.

Um, yeah, it could be a little bit of a warning. So, let me put some things clear. For example, I normally talk about hackers, the difference between hackers and cyber terrorists hackers, a curious person who will be your limits and convention. I always say that, um, if you are a little bit sleepy and you just, take a coffee, you are just

hacking yourself. You are, uh, what we call bio-hacking. Right. Um, even if you use a part of a bottle for all the thing or something like that, you are hacking as well. So it’s important to not. Uh, take wrong this, this term, right? So as cyber terrorist is a one kind of hackers, a computer hacker, which is, um, whose mission is to enrich himself, right?

Yes. Uh, we always say that the bad guy, right or the bad hacker. Also it’s important to understand that security is not a whole list is component of the layers, right? Is, um, uh, this is a simplified model in, in the web security part, but the, you know, Cyber security. There has a lot of fields and we are talking right now about, uh, WordPress sites or web security.

So let me just pull it up in the screen, the layers more or less. I mean, it’s, I mean, this is a simplified model, uh, the layers we have to take care on just to, uh, decrease the risk of being hacked. Right? So at the end, we are users. It doesn’t matter if you are the admin, you are the customer or you are a hosting provider.

Uh, uh, Operator or whatever, there’s a person, you know, we can be, eh, eh, can be cheated. Right? So we are, we always say that the, that the persons, the human being is weakest today. Right? So there is a device we use to connect. We use the connection, things just goes through, uh, We have, you know, the traffic that hits your website, there is the use of credentials, password for authorization, for the different tasks you will like to do in a website.

There’s a, some kind of layer of where security website security. There is some kind of layer in the server security and also the database. Keep in mind that the web model has also. separated, the presentation part and the information part information in the database and the presentation is all the files, design and so on.

So the counter measures or, um, the, the things we have to, uh, work in for protecting these layers of course in the, in the part of persons of, of human beings, uh, isn’t knowledge, we should. Learn things. So we should just attend to this kind of lectures and so on to know what is going on. I where to, uh, where to look, right.

And again, if you are using a device, you can start antivirus or you’re using a connection. Keep also keep in mind to use a SSL certificate so you can use. Eh, S no, it’s the HTTP protocol is the HTTPS, the secure one. So if you’re talking about traffic, you can install a WAF, for me is the best protection.

So it’s a web application firewall. Yeah. So then outside of there, um, in the kind of authorisation and so on, you got to use strong passwords, second factor authentication on in the part of the website, both side on the server and the database. The important is just to monitor it closely. And install the updates, but there’s another layer.

This is important. This is not a once in lifetime checklist. This is something we have to check continuously, continuously. That’s why I put another layer, which is the maintenance. So we have to do this. and check this every time. So this is important. Other part importantly, how WordPress is infected. So we have.

Yeah. If we get infected, these are the parts of the infection, right? So to get a WordPress infected, there should be a vulnerability somewhere when there is a piece of software that, uh, exploits that vulnerability and then happens to the injection. The injection could be just final code. They just put the spam, I guess, the deface, your website, I just, put it down and remove the fires or whatever.

Or the worst scenario if we brought the up backdoor, which is a piece of software that allows me to access to the website, even if the vulnerability is black. Right? So when you have a backdoor inside, you can do all the final code things also. Uh, but whenever you want, not only when they went brevity, sorry.

So facts, I would love also to share with you guys, normally, uh, hacking is not easily is not client oriented. So if you, when you get hack, normally the first question is why me? Why me? I half a kitty, uh, feed the shop online. So why they attack me normally they are. don’t care, what you are, what you are a using you WordPress, how you are using the word purpose.

If you are using this state, just enroll. There were the website using the vulnerabilities in their, uh, vulnerable sites so they can hack whatever they need something. It always, almost always happens because of that lack of maintenance. Right. So that’s why it’s important. Uh, keeping also keep in mind also that SSL certificate is not an anti-hacking shield.

So you should, uh, understand that having SSL certificate is not going to protect you from getting hack. It’s going to protect the communications between that entity or user your wherever and the server. So the communications here is a secure channel. If you hope put here as an entity, . an, er, bad hacker, which is trying to hack your website.

So there’s a certificate when I made this hacking attempts secure, right? So it’s, it’s a important part, but it’s not an anti-hacking shield. Also keep in mind, this is very important that patches and security updates appear, uh, after an exploit discover. So if you find that you see there is an update, like with a security patch.

Be sure or almost sure that there is an exploited, uh, being used on the wild out there also, but hackers or bad guys, uh, are always checking them their patches because when they say that there is a patch of the security, uh, That’s a good patch inside. Uh, they try to figure it out. The why has been, uh, uh, deployed so they can leverage all of the older sites that haven’t been updated.

So that’s why it’s important to update, uh, Very quickly, right. And the other part is er, assuming that we are human we’ve failed. So that’s why it’s a security is never, nor will never is. And nor will be in the future 100% effective. We have to reduce the risk of being hacked. So going into, into the, into the mother, if you get hacked.

Well, uh, what’s um, what are the steps? Right. So let me put here the agents in bold, if that happens, it’s you at your site, but also your customers. So if you are, uh, under. Uh, country, which has data, privacy, law, uh, law, or something like that. You have to be aware of that. So if there is a leak of information of sensitive information from your website, you have to know the law that is applied to you and to your customer, because maybe you have to, uh, mega worry that the authorities about that.

And we were going to talk about this later. There’s another layer, which is the hosting providers. After these parts of this taking care of this part, we can’t just contact hosting providers. Majority of securities can be, uh, can be solved digitally with the by, the hosting providers support department. And also you can apply as a backup or something like that with their help.

And if those agents are not able and not able to solve the security issue, This is the moment when you have to hire, or you have to get in touch with security expert, that can be internal, your hosting provider or external services, but this talk, going to be in this part, right? So what can you do if you get a hack on what are the first aids you will, er should do.

So it’s important that mission, we can take our two kind of measures fire up fair. The first of one is the reactive one. Whereas this is when something already happened. Something bad already happened. It’s a pain, mitigation or damage mitigation. And this is what we call incident response. And there is a proactive, uh, set of, uh, actions we can take before.

Anything bad happens, but this still going up, but going to center, we’re going to focus in the react part because we put in this scenario that you have been hacked already. So The response. Here’s the response is the effort to quickly identify, minimize the effects and contain the damage, uh, or the, these adverse events.

Right? So reactive measure, as we normally as interim response, it starts with it’s scan of your site. So the first of the fault is. Don’t do a blind hits. Just let’s try to figure out what happened. Right? So scan your site. We’ll be keeping in mind that normally with separate sites in two, in two ways, in three ways.

Really the first one is the front end is what they use or receive in their browsers. The second one is the backend is what happened in the server. You are, you have higher. And the third one is we’re happening the database, right? The last two is difficult to scan if you are not skilled, but the front end is easy.

You can use, for example, site check, uh, from Securi, free a scanner that you’re going to take a snapshot of. What is the scene in your website and analyze it, the checking for patterns. And so on. Also you have, uh, uh, plugins in your website. Some of them yesterday includes some scanners. Uh, I normally, I normally, I assume that we are talking the, we are, we are assuming he has will have a big budget of security.

So that’s why I recommend the free tail free trial plugins scanners, like the Wordfence one. Okay. So update everything, including service. Are we going to get to this point later is this is just a. Yes, uh, uh, quickly checklist and then the CRC check remove or change, which is the most boring part, but this is important as well.

And if any of these is not working, or, you need to restore a backup. Keep in mind that after restoring a backup, we’ll have to back to the first part. Okay. So scanning as a, as a. Uh, told before is yes. Let’s, uh, figure it out what happened? Uh, the site check, we don’t have talking about that. And eh, the use of any file plugins can answer.

And if you have, uh, access to the server and you have skill enough, you can use ClamAV or something like that. So these kinds of things going to give some information, for example, this is a screenshot for, from a site check. And in this case, are you going to see here? There’s a jQuery.js uh, infected, right? So yeah, we can, in this way, we can know that there is something in the BP includes, which is a core file or a folder.

Sorry. So this is a file infected is infected inside of the core files of WordPress. And this is invaluable information. So the update, why I say that to update we should today, everything right. And keep in mind that this patches a security world is, but the most important part for me in this talk is study.

When you update, you will override compromised and corrupt code with a trustworthy code from official repository, which means that if you are, they were, for example, they be being closed on. VPN in, all the files that are needed is get over-written with the, uh, good ones. Right? So if there is malware, as we saw, so in the previous example, inside of the core file of of folders, uh, in this way, you just get rid of them.

It is a very easy way, eh, to troubleshoot this kind of thing. So as I mentioned, just go to wordpress.org download the WordPress, eh, uh, separate file the exact version you have. And then just remove, uh, when, when you extract, uh, what is inside of this secret file, remove the wp-content, wp-config.PHP file because those are important for our website and we don’t want.

Uh, you know, uh, accidentally overwrite them. So removing those are highlighted, the wp-content folder and wp-config.php. We can just go and. Uh, take all these files and folder and just over-writ, override what we have in our website, doing this. We just get a fresh and updated WordPress version that we know that the all, all the core files and folders are clean.

The most more important, which is check, remove, and change, which is yeah. Check for undeeded admin users, plugins that we don’t need themes that are themes that we don’t need. Keep in mind that themes should be only two always in your list. There should be only two themes. The theme that you are actually using and at the default one only one default one, because it’s going to, uh, you got to work as a fail over themes.

If something bad happened with the other theme. You’re going to start with a default one, remove with any updated backups, uh, any defin, uh, under development or test sites in your brochure and started. But you should understand that, um, a website secure, uh, mostly secured website in internet should have. The finest WordPress final version in our production server are all the experiments, all the tests, all under-development themes in a separate server.

Okay. This is boredom. Change all the password of the admin users, all the password, including the database, including the cPanel FTP, SSH

because if a hacker a bad hacker gets into your website. Reading the BB config PHP you have, for example, the password to expose your database. So it’s important to review all of the, and also it’s a good habit to periodically change. them. So this is an example that you can see in the left. Do we have a lot of default themes in style?

They shouldn’t be like this. Just keep one and update it. And in the right, you can see a lot of means, which maybe they add mean for a user. And the janitor on the levy, the docent in the red tapes, uh, are probably legit, but the admin is not one. Let’s see the email and the other ones could be just, you know, leftovers or, uh, outdated.

So check this from time to time. And that’s the last option restore a backup. Keep in mind, as you restore a backup, it shouldn’t be the first option because you can lose information. And with us always, we don’t always know what, sorry. When will the infection began? We can restart then the malware. About backups is important to check that we have a good backup strategy.

Uh, if you you don’t know how to do this, It’s better if you just rely in the hosting provider ones. So invest in a good hosting, which has, uh, backups, a good backup strategy, never restore the backups in the production server. As I mentioned before, we can, we can infect the backup. And then from there we can infect from inside the real sites.

So, eh, any, any security rule you may have going to be useless if the infection comes from. That’s it. That’s why also way we recommend all to have the approach and server to have there only there the production, the final WordPress in that server check that their backup is functional. Okay.

So let me remain functional. So sometimes we just do backups, but the, they don’t work or they are not completed or something like that. So check their backups are complete in a separate environment. So something like that is a good habit. So remember scan, there was updates CRC. And if you had to restore a backup, just go back to one.

I understand again. So this is the checklist. So what happens with reputation, uh, is important that, uh, we should understand that internet is constantly being crawled by boats, not only searching giants bots, we know, you know, for example, Google ones and so on, but also bots for. Uh, other entities are just crawling internet.

So certain, certain Jina and security vendors have normally have their block list. Right? So those are minds that they don’t re they don’t trust on them. So the blocks is hard, hard linkage with the reputation because eh, the most, the far most block list, the more widely accepted and the more actions take uh, So where’s your post or your domain, or is your customer so on if you are, uh, under their, their network?

Right? So as what they mean is if you are, for example, posting something in Facebook and Google or Facebook, Facebook, I don’t think if they will have a block-list, but the, for example, Google has a block list, block list at your domain. Uh, Uh, Facebook is just going to put that your domain, has been blacklisted, so they don’t allow you to post or they going to add something like, okay, decide maybe, uh, having hack or something like that.

So you’re going to affect your reputation, but keep in mind that the reputation link to the, uh, To their black list is not an immediate process. Okay. So the inclusions in the black list takes time. So if you are in a black list is because your infection hasn’t been a detected. And there’s time that it has been in your website.

So that’s why it’s important to detect faster, uh, any intrusion and the de-listing also, it takes time. So normally there are reconsiderations is a manual process normally, so it could take three to five business days. So it’s important. Even more, if you are talking about ads companies, um, some normally they don’t give you information why they had your site.

well have been is included in our block list. Well, sometimes not always, but sometimes just for giving you an example, I remember social networks block or worry about your post. If you are in a. In a blocked company, but ads company can block a whole campaigns. And this is very interesting because for example, I know the example of Google ads, because it’s pretty, pretty funny.

Even if Google says it clear every blacklist vendor out there says it’s clear, eh, they normally take a lot of time to, to. To allow your campaigns going and going live again. So they talk normally around two weeks or sometimes even a month. So don’t delay. That’s why it’s important to not get into any block lists.

And that’s why it’s important to get, uh, uh, to get to detect faster, your intrusion and your site before this hits this step. Oh, so if someone’s search giants remove some of you results

and some of them also just to remove or resets your ranking, so it could be very damage. There’s another important thing to mention, I mentioned it before. It’s, according to data protection it might be mandatory to report the personnel data breached to supervisory authorities. For example, in Europe, GDPR, give 70 72 hours after a breach is detected.

So check the law. Uh, which can be applied to the person who is affected for a breach. I say, know, there are some laws and not from ASIA. Uh, I’m not sure about that, but there is some examples I collected for you. There’s a, you know, the New Zealand privacy act 2020, the APPI for in Japan. So it’s called a P IPA, eh, PA uh, Thailand PDPA, and so on.

So. Just be aware of this is not only your site. It’s also, uh, the applicable law in the country. You are operating on the country of your customers who suffer a leak. So the troubleshooting you know, now what happened with the reputation and the, these kind of things. Uh, so once the site is cleared, Go to VirusTotal.

total.com puts your URL of your domain there, and you can get a huge list,, a huge list of black list of vendors out there. So every one of these points that says anything else done clear that clean, sorry. You have to submit individually to them for a reconsideration, but only once the site is clean. Because if not, they’re going to just say something.

I don’t get your, your domain from the black list. And maybe you can put yourself in a . Uh, More, uh, time list, right on the last part. Then the reputation part is just to give a post-mortem report is hard because sometime exposes your management, but. It should be something like, okay guys, I have, uh, I have, um, suffer a hack attack and this is more or less what’s happening.

How I did discover when I covered this is the lessons learned one where you have what I going to apply to not letting this happen. Again, this is important because you can learn from these situations. You can recover users trust because at the end. You going to take all of us, uh, in one moment and also shows your company has a transparency.

Advocated. This is something I recommend is not mandatory, but I recommend that is you suffer a major leak or a hack. Especially, if you have density formation, do a post mortem sensitive public. Okay. So not that it’s not important to, to give, uh, you know, secrets in this post-mortem, but just to transmit to people that, Hey, okay, we have this, we have suffered these transparency abrogated, so, okay.

So at this moment we have. Covered the checklist cover the reputation point and you know, I always talk house out loud practice measure what we can do to avoid that this happens. And anytime again, so just the CRC applied the same yesterday. This admins, plugins and themes apply the least privileged. Use password manager check periodically strong ones back ups.

Validate them. Please updates apply. Always, as I said is important because it overrides any, eh, malware in the core files, folders, monitor your site. You can use WPSane.com for example. your site or use a file integrity scanner. Normally the final stage, the scanner is included in any security plugin, like Wordfence or Securi or all in one themes.

Themes. . But install a WAF, this is important as well. WAF is probably the best proactive measures. You can start in your website. It’s something like if you go out and it’s raining, you’re going to take a umbrella. That’s why I put the red icon there. So the WAF is the same as you go online, put that in front of your website.

So you can , it’s going to act as an umbrella. And remember to invest in hosting as security. So, uh, we should have this in our mind when we design a site that we have to invest some money in hosting of security, always by default in the beginning, so I was saying, see everybody in a hacker. I think hackers just improve the curiosity of the human being and they are obligated to.

make things always better in the, in the world is not a lift the same as a bad hacker person, curious, which will help a lot in the progress of the human being. That’s all guys. Thanks a lot. Hope, uh, this, uh, has of, up to you guys and I open to questions.

Michelle: Yeah.

Néstor Angulo de Ugarte: Okay. Well, thank you very much.

Michelle: It’s a good to have you.

Yeah, your presentation was wonderful. Uh, I’m not seeing a ton of questions. I’m seeing everybody agreeing with you, which was wonderful. I think lots of people are saying yes, functional backups, functional backups.

Néstor Angulo de Ugarte: I have faced this. I have faced this that lots of times the customers say no, I have a backup. Okay. Share with me when I check it is corrupt that, oh, it’s only one half.

This is a pain, is a pain.

Michelle: I have it on a thumb drive somewhere.

Néstor Angulo de Ugarte: Yeah. That happened. That happened to me as well, a customer I would say something like, Hey, I have a memory flash with a backup somewhere. Yes. Give me some days to look at it and say, okay,

Michelle: I was speaking at WordCamp Montreal one year, maybe five years ago.

And I was free. This was back in my freelance days. When I didn’t know better and made so many mistakes. And as I’m driving to Montreal, I’m getting all of these phone calls from customers because I was using the same hosting space for everybody. So one customer got hacked and it bled into 23 other websites. And I’m in the middle of a six hour drive and can do nothing, nothing to like, and I didn’t know what to do.

And so I, I went through and cleaned up like 1300 files overnight. And by the next day it was hacked again, because I had no idea that they just created their own users. And I had to go in and delete the, oh my gosh, it was the worst experience. And I wish that on nobody.

Néstor Angulo de Ugarte: I will there that will bear this. Uh, that’s what we call cross site contamination.

That’s why I mentioned the two to remove all the backups. And if you can also get all the websites, separating insulate in your, in your own server is the best way to avoid this cross’ site contamination. Because even as you have a WAF, you have, uh, any security thing or whatever. It er it into her in a cross site contamination situation.

They, they are useless because they contamination goes from in. So it’s, it’s impossible to stop that, that you can guess monitor. And you can just see the, the, you know, the reports, if you have a file triggered the scanner or something like that saying, oh, there’s a lot of files that has been changed in the last hour.

Why then that’s the only part that you can just only expect that be a spectator.

Michelle: And they usually wait until after 30 days until it fires so that you don’t have the backups on the host. So you have to look for backups someplace else, which is never, never fun. And for this case, it was the CGI bin. Like nobody looks in their CGI bin.

Right? So like, it was, that’s where the, the original file was. It’s like I went through and deleted all of that. It was terrible.

Néstor Angulo de Ugarte: So I was saying, damn not.world. When the SSL certificates gets in, but inside of that folder, there is a lot of malware sometimes as well, because it’s a typical one that you don’t know, you don’t check, but also because in their file managers, you don’t have activated the dot visability files.

So the dot well known folder is not visible, visible, so you don’t check it and get infected.

Michelle: It’s not fun when that happens and your customers do not like it.

Néstor Angulo de Ugarte: And especially if you are in the middle, right. and so on something like, oh, come on, I have to deal with my anxiety with the customer anxiety, and then you have to deal with any, any security team or something like that to recover your, your status.

Michelle: But, but only a person who works at a place like Securi ends their presentation with everybody needs a hacker.

Néstor Angulo de Ugarte: Yeah. It’s, it’s something like, uh, you know, personal campaign I would like to, to doing, to encourage people to these curious right. To, to go beyond, but the problem is, are they going to beyond the laws is not the, is not the point I’m trying to force. Right. That’s why I made a distinction, but the yes, I don’t know.

I don’t know. I super fan of this kind of video of five minutes of hackings something and you know, they, they, they take the cap of the bottles to do some funny stuffs or they’re using another. totally blow your mind, uh, situations, uh, something like that. That for me, that’s hacking as well and, and I don’t know, it’s something personal

Michelle: having a good, um, a good security plugin is good, but you also have to make sure the security plugin stays up to date. So if you’re not updating your plugins and things like that, you’re running those risks as well. Yeah.

Néstor Angulo de Ugarte: And the people listen, understand why? Because the, you know, Brian’s updates because they, they get new signature Neo techniques discovered just recently discovered to hack websites or the most updated, the plugin you have, uh, more able to get there.

The, you know, the, the intrusion and faster to avoid that. For example, the reputational harm.

Michelle: Yeah. It’s like shutting all the windows, but leaving the front door open.

Néstor Angulo de Ugarte: I always say that you can close everything in your and yours and your house, but if you leave her one, one window open? It’s useless.

Michelle: It doesn’t matter. That’s right. Ola, do you have any questions for Néstor before I let let him go.

Olamide Egbayelo: All right. Just the mean, I think my favorite part of the favorite part of the session was, um, what you said about. You know, there are two types of companies, those who have been hacked, and those who don’t know they have been hacked. I mean, how will you not know that you have been hacked? So I, my question will be, I mean, you you’ve said you you’ve said so much about, um, updating plugins and all of that. What, how often should.

The company, I mean, maybe small organizations who can’t really afford the retainer services or the hackers. How do they check? You know, so is that, is that a checklist or a timeline they should check, um, security of dates or functions of their websites?

Néstor Angulo de Ugarte: It depends. There are some people that just check it daily, some say you can use, for example, this, site check to to check, uh, if there’s something wrong or you have a hosting provider that makes these.

Performed these daily scans in your website and so on, but it’s nothing fixed. It’s something that’s depending on you. For me, it’s important to have a good maintenance and a good maintenance includes. For example, how to have scan your website. Eh, very often. The faster, you, you, the detect, these kind of things, the faster you recover and the less harms, what I always say, but, uh, for small companies just using, for example, site check scanner, a have a Wordfence plugin

um, something like that. If you are a skill enough, has the WPSCAN running in your server? It’s with that part, you, uh, Ready? High, you have higher possibilities to get the infection or intrusion, or vulnerability a faster enough.

Michelle: Uh, Jenna had a question for you from the or from the, um, from the chat there she says, would you recommend storing a copy of the latest backup, both in the cloud and on a physical device.

Néstor Angulo de Ugarte: I think from my point of view, this is a little bit, uh, uh, depending on the person, right? Of the need, that’s the needs of the company. Uh, I recommend having it in the cloud, not the physical device, uh, because the, the physical device can just, uh, You know, can get damaged, can get lost or whatever on the end, if you get lost, for example, you are sharing with others.

Uh, what happened even if you have, for example, a NAS network access, storage or something like that in your, in your network. If it got, if it get hacked, it gets all information as well of the backups. So I normally recommend, I prefer to rely in a cloud services and this is my, my, from my part. Truly, it’s very redundant to have to do this kind of backups, but it depends.

If you have a big company, you have a lot of access. It’s very, very costly. Uh, your needs to do assure that they are working and. So on you have in both places. It’s okay.

Michelle: Not too long ago. I actually found one of the first websites that I built on three and a half inch floppy disks. What do you think of that?

Néstor Angulo de Ugarte: Floppy disks, come on? How many, how many floppy disks?

Michelle: This for like four or five?

Néstor Angulo de Ugarte: Well, I would say not to put your mobile phone near to them, something like that because the end is magnetized, right?

Michelle: Yeah. Three and a half inch floppy. It was I, yes, I’m old, but also very funny. It was from my classes 20 years ago. Yeah,

Néstor Angulo de Ugarte: Probably, if we know about that, there are probably people in the, in the audience that they don’t know actually, but the floppy disks is what the problems we had with those floppy disks.

Michelle: And you don’t know what they are. Go Google. We’re not going to explain any more.

Néstor Angulo de Ugarte: Yeah, for sure. I remember the big ones. The 3.5, not the dead second, 2.5. Yeah.

Michelle: The five inch, five and a half inch or five and a quarter.

Oh, that’s so funny. Well, thank you so much for being with us. It was wonderful, especially to hear you talk live and to have the great conversation with you. Um, Ola you want to read our thanks for our sponsors.

Olamide Egbayelo: Um, thank you. Thank you.

So thank you, please make sure that I’m well, thanks. Well, thank all. Thanks to our sponsors. Bluehost, Cloudways, GoDaddy Pro, Nexcess, Yoast , Weglot. Please be sure to visit their tents and chat with them. We might event have have some giveaways, some prizes. Yeah.

I’m all for the prizes. But also don’t forget to get photo snapped, I just shared mine on Twitter.

So make sure you engage, get your photo snaps in the portal booth and share tweet it at us with the WordFest live, hashtag. And also thank you to our media partners and our micro sponsors. We’re grateful to everyone of you and also in the community. The community tent is up for the next hour. So make sure you go there, network, meet other people, check sites and news and cloudways

have their hourly giveaway would associate with a special guest activity. You don’t want to miss that. So we’re right back, Michelle, is there anything you want to add or is there that,

Michelle: yeah. And so on the next hour, so as we hit the next, at the top of the next hour, we’re going to be into our lightning talks for this round, with Imran Sayed.

And Suresha N, and, and so he will see you back here on a stage two at that point in time.

Share this session