My Year on the Front Line, Cleaning Infected Sites

This block can’t be used inside a Session post. It’s intended to be used in a page or post.

Stephen joined the Wordfence Site Cleaning team part-time at the start of 2017, having virtually no experience with WordPress, Wordfence, or cleaning infected websites. His only real credentials were a love of PHP development, a keen interest in security, and the crazy idea that cleaning infected sites would be fun. After a year in that role, Stephen stepped back from site cleaning and joined the Wordfence team full time as a developer, so now it’s time for him to tell his story.

In this talk he will share stories from the more memorable sites he cleaned (names changed to protect the innocent), including revealing his all-time favourite WordPress malware, and the epic tale of the persistent attacker that almost thwarted the Wordfence team completely. Scattered throughout will be tips and ideas to help protect your site from compromise and keep everyone (except the bad guys!) happy.

  • Stephen Rees-Carter

    Stephen is a senior developer at Wordfence, where he tries to frustrate attackers by helping to secure WordPress sites. During his time cleaning infected websites, he gained an appreciation for clever malware, layered obfuscation, and Harry Potter passages. When he’s not writing code or looking at malware, he can be found practising lock-picking and studying …

Speaker

Categories ,

Published by

Stephen Rees-Carter

Stephen is a security consultant and crusted-on PHP developer who spends his days hacking into his clients websites (and telling them how he does it), and teaching Laravel and PHP developers how to think like a hacker through his talks, course, and mailing list. His conference talks have been described as "terrifying magic tricks", that show just how easy it is to hack into a vulnerable site and cause mayhem.