Moving to Endpoint Security for WordPress
You’ve probably seen the term ‘endpoint’ talked about in the press recently in the context of information security. Lets discuss what a network endpoint is, why securing endpoints can dramatically strengthen your overall security posture and why big vendors like Intel Security (formerly McAfee) and a number of startups are launching products that focus on endpoint security.
What is an Endpoint?
An endpoint traditionally is a device on a network that a human interacts with, as opposed to the network itself. In the old days of PC’s and floppy disks, the PC was the endpoint attached to a local area network or modem. Since then we’ve added networkable printers, managed switches and routers, and the Internet of Things (IoT) has arrived. Many of these connected devices don’t provide direct human interaction, but they are all points of termination on a network that need to be protected.
The old definition of an endpoint would fit into: “Something networked that a human interacts with”
Today I would change the definition of an endpoint to the following: “Something networked that can be attacked, contains valuable data, resources, or a target, and may be usable for further reconnaissance and attacks of a network.”
What Makes WordPress an EndPoint?
WordPress, our favorite publishing platform, is a great example of an endpoint, both in the traditional and contemporary sense. It is networked and provides a broad attack surface because it is complex and provides many methods an attacker can interact with it.
WordPress has useful data in the form of it’s database and files. This includes personally identifiable data (PII), hashed and salted passwords which are crackable and may have been used elsewhere, all unpublished posts, all site comments with the poster’s email, and much more.
WordPress also provides valuable resources in the form of a fully functional PHP application platform that can be used to launch other attacks, send spam email and it even includes a back-end database that malware can use to perform malicious tasks. Those resources include CPU, memory, disk for storage and of course a fast network connection that is usually at least 10 megabits per second.
WordPress also provides many targets. This includes the website administrator themselves and the users of the site. An attacker may infect a WordPress site with the goal of cracking a particular user’s password in the hope they’re using it on other systems like GMail. They may want to fool the administrator into visiting a malicious website, or they may want to see draft posts hours or days before they are published to gain intelligence about the site admin as a human target.
Moving from Traditional IDS to Endpoint Threat Detection and Response (EDR)
There are several ways to secure your network without securing endpoints directly. These may include a network intrusion detection system (NIDS) that monitors all traffic flowing on the network, looking for known attack patterns. You might use a cloud provider to filter your website traffic before it reaches your web server e.g. an external cloud based WAF or Web Application Firewall. You might also use external scanners to regularly scan your network for vulnerabilities and signs of a hack.
All of these are not endpoint security because they execute away from your network and they lose some of the advantages that security on the endpoint includes.
In 2013, Anton Chuvakin from Gartner coined the phase “Endpoint Threat Detection and Response” to describe a new paradigm in how we approach protecting devices and networks. Anton had defined a concept that the industry was moving towards where endpoints are secured directly and are able to gather data and respond to the threat directly.
Intel Security (formerly McAfee) and Symantec have recently launched next generation EDR solutions which detect unpatched bugs, suspicious events, can remediate the problems they find and share attack data with the rest of the security network. They’re able to provide this kind of advanced security because their products executes directly on the endpoint and have access to much more data and can interact at a deep level with the endpoint during remediation.
There are also a slew of startups with significant VC investment that have emerged in the EDR space hoping to capitalize on this new approach to security.
We Pioneered EDR for WordPress
In 2012, our approach with Wordfence started by securing WordPress as an endpoint. We started by providing tools to detect if you have been hacked.
We knew we could do better than just blocking attacks and we realized that successful attacks are inevitable, so remediation is needed. We added the ability to see changes in affected WordPress files if a hack occurs and to repair those files using Wordfence.
A few months after our initial release of Wordfence, we added the Wordfence Security Network that shares sources of attacks among our WordPress sites to help protect those sites before an attack starts.
Wordfence today is a full EDR or Endpoint Threat Detection and Response solution for WordPress. We stop attacks, detect compromise, remediate in the case of compromise and all endpoints get smarter as attack data is shared.
What’s Next?
When we launched Wordfence, we realized that providing these features and using this approach would do a better and more efficient job of protecting our customers. We continue to think about WordPress security in this objective way. We keep asking the question “How can we make our customers more secure while reducing their workload and making their systems run faster and more efficiently?”
To this end our team has been working on ambitious projects to help achieve these goals. They’re not ready for announcement yet, but they are a product of this thought process and we think you’ll be as excited as we are about them.
Comments
10:45 am
Thanks for all your work and your education. I was a complete novice to Word Press when I began in March, so there's a lot to learn. According to Askimet, I was recently a victim of brute force attacks (over 3000) but everything seems ok. Thanks, Wordfence.
11:04 am
I don't know or understand about edr or any other security. But, I do know that the 3-4 days i have used your Wordfence and upgraded to paid, I have not had a single hit from a bot or bad website. I was using over 125GB's with 6 websites. My hosting even supended my sites for going over the bandwith. I don't even know how I got your plugin, but since i installed your plugin I am on pace for 50GB's for the month on all 6 sites.
Thank you verry much,
Chuck
11:09 am
Before I found Wordfence my websites were hacked and my account shut down twice. Since I installed it however, I haven't been. I'm very happy about that believe me! The last attack planted 1500 malicious files in 15 websites.. NOT fun.
One thing that I would love to see you guys add to the plugin though is a way to change the wp-login name like you can do with All In One Security. That prevents brute force attacks completely because the bots can't find the login. Thanks again for the great work you guys are doing. It is very much appreciated!
Sincerely,
Dr John Michael Christian
1:45 am
Hi John Michael
If you search for change WP user name there are lots of documents that show how to do this. I have changed my Login name by creating a new user with a different name to "admin" with administrator privileges.
Log in to that user id and then delete the admin user. Please check that you have all the right privileges and it all works OK first for your new name. You should be set to stop most of the admin attacks via bots trying to break your password since they cannot even get the user name right in the first place. Cheers.
11:17 am
WordFence is a great value to any WordPress based website. We implemented on all our WP projects. This give us the peace of mid that our customers sites are protected and the up-time stay close to the 99.9%.
Thank you,
Jorge Carbwood
CEO Bitsdesigns.com
11:57 am
Since I used your plugin, I sleep peacefully at night?
Thanks
If you add a translation option for Wordfence that would be great?
12:35 pm
Awesome! Yes, you guys have done many a WordPress user a great service with your plugin and your platform. The features you provide for free are simply top-notch! =D
12:40 pm
I am also a WordFence user but previous comments seemed fake to me
1:07 pm
Thank you so much for your efforts.
Your plugin is truly the best plugin available for wordpress of all time!
Keep up the good work
Cheers
1:50 pm
Hi guys, thanks for the interesting post and thanks for creating an immensely useful plugin that really does a great job in protecting sites and helping secure all the bits and pieces in WordPress as it becomes more complex and more of a target for hackers. Good stuff and look forward to hearing about the exciting new products!
4:42 pm
Thank you for the informative article and for your efforts in keeping us informed on the ever changing IT security world. I support and maintain over 70 websites in California for a NPO and after numerous sites were attacked and infected with malware over the last two years I have begun loading WordFence on every one of my remaining sites. In the preceding months it has been a real eye opener regarding the number of false login attempts and outright bash attempts which I get notified of by your Plugin. Please keep up the good work and thank you again.
4:50 pm
Thank you this is one of the best plugins I have ever installed on my site. I started with the free version and quickly realized the benefits of the premium version. It has been worth every penny spend (and I thought it was very reasonably priced for the peace of mind I now have.)
Every time I receive a notification that an admin login was blocked or a crawler exceeded the time restrictions I say thank you! Keep up the great work. Cheers
7:40 pm
Equipo de Wordfence, agradecida por la defensa real, precisa y concisa que le dan a todos los sitios, archivos y lo relacionado con nuestras webs. Pregunto, cómo podemos obtener lo del PUNTO FINAL con la versión gratuita de su Wordfence? Gracias de nuevo!
11:58 pm
I use wordfence on every site i design, it's a great security tool, as it protects websites from several attacks. I am proud of you guys, Keep up the good work!
Thank you for the great product!
12:25 am
I am AMAZED at the number of sites I get to work on where there is no security installed whatsoever - and some of those were created by web professionals (no doubt since out of business!!) Word fence is the first plugin I install on any new instance of WordPress and it is extraordinary how quickly (normally within days) I start to see data on blocked attempts to access the admin area.
Just goes to show how vulnerable you are without proper security especially as the "hackers" systems find sites virtually as soon as they go live.
I'm never complacent but I'm really pleased to have experts updating my security - thank you guys.
1:19 am
Is this a religious meeting? It seems so. We use Wordfence on some sites and iThemes Security on others and they both work well. Present Wordfence is not the holy grail but not bad either.
3:54 am
Thanks for explaining what endpoint is and your definition for what it has become. I think you guys are providing an excellent and essential role in helping keep WordPress safe, much appreciated - keep it up!
2:08 pm
Hello Mark,
I also want to add my voice of thanks for your work. Not only on the sophisticated yet elegant service that is Wordfence, but for your broader contributions to the domain of security education.
Education/awareness and the ability to perceive and understand a threat is the very first defence. Your contributions in this realm further set you and the Wordfence team apart from the field.
I have now been a customer for over 12 months and have added another site to the service today. Whilst only small, my three sites are very important to me and the security provided Wordfence is specific, concrete and practical on a daily basis.
The work of Wordfence genuinely adds value to what I do and this is sincerely appreciated. Keep up the great work
6:02 pm
Thank you for the great product!