An Interview with a Wordfence Senior Security Analyst
Colette Chamberland is one of our two Senior Security Analysts who mentor and guide the rest of our team of analysts. She works closely with our site cleaning team to maintain our forensic investigation processes that ensure we deliver excellent and timely service to our customers while ensuring their data and credentials stay secure and their site is recovered and back in production as quickly as possible.
Colette is a Certified Ethical Hacker (CEH) and a Computer Hacking Forensic Investigator (CHFI). She brings many years of experience in forensic work and site remediation to the team and has worked for several notable companies and organizations prior to Wordfence including NASA.
The Wordfence Forensic Team produce much of the data that we use to improve our detection capability in Wordfence and our firewall rules. We rely on them to not only get our customer websites back up and running as fast as possible after an incident, but to produce research on an ongoing basis that informs our products and helps improve security for the whole WordPress community via the Wordfence Threat Defense Feed.
Tell us about your background, how did you become a WordPress security expert?
I started off developing nTier client/server applications and websites in the mid 90s and security was always more of a hobby for me. It wasn’t until after the early 2000s that people started getting concerned with the concept of computer and cyber security. This shift gave me a chance to turn something that I loved doing into a career. I’m the type of person though that doesn’t like the label “expert” – I feel there is always something more to learn and know. No one can ever truly be an expert in WordPress security. I know enough to know that I don’t know everything, and probably never will. There are always new ways to attack and defend and you have to continually be in learning mode.
Describe the emotional state of a typical site owner who has been hacked.
As you would expect, most site owners are frightened, scared and sometimes a bit panicky when they find out their site has been compromised and infected. They don’t think that attackers target their business or site because it’s so small. What they don’t know is that attackers don’t just go after the big guys like Target, Home Depot and big banks – they often use the little guys as an intermediary to carry out a large scale attack. No one is safe, everyone is a target.
What makes cleaning up a hacked website difficult? Why do people turn to experts for help?
In order to be able to identify what’s bad in a site, you have to understand the technology it’s built with and what attackers commonly use to hide their malicious activity. This often involves reading code, reverse engineering obfuscated payloads, reviewing log files and sometimes even reenacting the attack using the same vector as the attacker. This is far beyond the capabilities of most website owners. They usually hire a developer and designer to create their site and once that is done, they no longer have a relationship with them and no one on staff with the technical expertise required.
What makes your job rewarding?
Knowing that my knowledge can help someone get out of a tough spot and keep their business going.
With all of the advances in website security, why are hacks still happening?
I think the biggest misconception that people have about security is that once something is “secure” it’s no longer hackable. Nothing could be further from the truth. There is no guarantee in security. Security is about mitigating your risk and improving your security posture. It’s not a matter of “if” I will be hacked, it’s a matter of “when”.
To determine what to protect, you have to decide if the cost to recover is more than the cost to secure it in the first place. I think that’s why Wordfence makes so much sense for business owners. The cost of a compromised site far exceeds the cost of Wordfence Premium.
Attacks still happen because new methods are uncovered almost every day. Once you stop one type of attack, another surfaces. The only way to completely secure your site is to take it offline – but then what good does that do you?
What trends are you seeing with infected websites lately?
The biggest trend lately has been ransomware. Attackers inject code into unsuspecting sites that redirect users to malicious sites with payloads that are then downloaded based on what they have running on their system that is outdated. Then their system gets encrypted and requires them to pay a ransom to the attackers to get their data back. This really underlines the importance of good backups.
What advice would you give to site owners who want to improve security?
I think it’s been said many times but bears repeating: Make sure you have a good host, put preventative measures in place, like Wordfence and make sure you keep your site, plugins, themes, etc. up to date. Also, don’t forget the back-end that you rarely see and forget about entirely – your hosting account and your FTP/SSH credentials. All of these passwords should be changed on a regular basis, just like your underwear. Another “biggest issue” I see with most site owners is log retention & review. Many never look at their logs; they rely on things like Google Analytics because they are only concerned about their traffic, but they should also be reviewing their logs regularly for signs of potential issues, malicious activity and threats.
We’d like to thank Colette for taking the time out of her busy schedule to participate in this interview. If you would like apply to join the Wordfence team, visit our careers page – we’d love to hear from you. If you would like to learn more about WordPress or web security and how to spot vulnerabilities or perform your own forensic investigations into website intrusions, visit our Learning Center where you can find knowledge that we’ve shared about website security and secure application development.
If you have been hacked, visit this page to learn about how our team can help clean your site and get you back up and running.