 All right, we're going to go on with the last talk of the day. Our next talk is going to be from Ben Martin, and he's going to be doing a talk about, from vulnerable to viable, enhancing your WordPress security posture. A round of applause. Thank you. So thank you for coming to my presentation. Can everyone hear me OK? Awesome. So my presentation is called From Vulnerable to Viable, Enhancing Your WordPress Security Posture. Before I get too much into this, I just want to give big ups to the organizers of this event. This has been a really awesome work camp. I really enjoyed myself, and I think everything was really well executed. And I'm just really happy to be here. So that being said, my name is Ben Martin. I hail from Victoria, British Columbia. And I have been working with WordPress Security and WordPress Malware for almost 10 years. This December is actually my 10-year anniversary working at Sucuri. I'm a senior incident response remediation analyst. I also do some research. I contribute to the blog. And I've contributed to multiple annual threat reports that we do. And I would like to take the next 45 minutes or so to share with you some things that I've learned over the years that I've been at Sucuri to try to help you improve your security posture and help essentially keep the hackers at bay. And I hope that you leave WordCamp and leave my presentation feeling better equipped to deal with online threats than when you enter. That is my goal. So that being said, what we're going to be looking at is we're going to start at the beginning, of course, looking at what exactly is WordPress Malware. We are going to discuss why security is important in the first place. We're going to look at some of the most common types of malware and security threats that we deal with on a daily basis. When we're dealing with compromised WordPress environments, we are going to take some time to explore default configurations in WordPress and why they can be very problematic. And to bring it all home, we're going to go into some defense in depth. And I am going to do my best to ensure that you leave this presentation with some actionable things that you can actually do with your WordPress site once you get home to make it more secure and give you maybe a little to-do list to keep the hackers at bay. So that being said, as I said, let's start at the beginning and let's define exactly what we're talking about when we say security. What is WordPress Malware? What does it do? What is it for? So essentially, most of you probably know, but just to bring everybody up to speed, Malware is malicious software. It is software designed to intentionally cause harm or, in some cases, maybe redirect people to a tech support scam or steal their credit card information from the checkout page of an e-commerce store. There is a whole rainbow of awful malware out there. And we deal with it every day, five days a week at work cleaning up compromised environments. So often is the question asked, Ben, why did the hackers attack me? I just have a cat blog that gets like 200 views a month. I just post pictures of cats for Christ's sake. Like, why would they hack me? Why would they be interested in my site? And the thing is that hackers don't care about the content of the website. They care that it's the resources that they can use to their own ends. So when they see, like, oh, this site only gets 200 views per month, hey, well, that's 200 potential victims for me. That's 200 potential redirects to a tech support scam that I'm going to get. That's 200 potential pockets I can pick. They don't care about the content. So that being said, common types of malware are spam, of course, malicious redirects to sketchy or malicious sites, drive by downloads with the intention of infecting an endpoint device with a Trojan, for example. Credit card scamming and phishing are all very, very common threats that we deal with. And these are the sorts of things that attackers misuse the resources of your website for. So it doesn't matter how big your website is. It doesn't matter how many views. It doesn't matter what the content is. And also, the media always gives the portrayal of a hacker as a guy wearing a bella clava in a basement somewhere, like trying to hack you and your family and do evil deeds. But these attacks are all just automated. They're opportunistic. They're not targeting you. They're rarely targeting anybody. They will just exploit whatever vulnerability they can to get their hands on whatever resources they can to spread their malware and phishing, redirects, whatever they want to do. So that brings us to our next topic is let's ask, and maybe let's explore, why security is important. Obviously, nobody wants to deal with malware. It's a nuisance. But let's maybe explore a little bit more why it really matters. So I think I want to start this section off by stating that as website owners, it's our responsibility to be good stewards, to help keep the web a safe place to be for everyone. And as more and more of our lives are conducted online, more of our commerce and our shopping is done online, it becomes the responsibility of the website owners to help facilitate a safe environment for people to exist in and to be good stewards of keeping the online communities safe to be. And even if it's just going into your WP admin area and getting your plugins updated every week, keeping the web a safe place to be and maintaining that safety is the responsibility of every single person in this room. And I think that's something that we need to reflect on and keep in mind as we go about our daily business with our websites. So I think it's also important to mention that website owners, for the most part, do not consider security a priority until they get hacked and then it becomes the most important thing in the world. Google's blacklisted my site. My website is belching out malware. Nobody's visiting my site anymore. The sky is falling. Oh, my God, what do I do? I deal with situations like this pretty much every single day at work. And I'm not trying to tut-tut website owners here. I totally get it. Why would you want to worry about security? You want to post your cat videos. You want to post your recipes, right? That's why we make websites in the first place. Or maybe we have a small business and we want to sell our wares online. We have websites because we want to make websites or because we need to. We don't make websites because we want to deal with hackers. That's the last thing anybody wants to do. So why would they think of it? Like, when they're getting it set up, right? It makes sense. I'm not blaming anyone. But the only thing that's more difficult than having to worry about a whole bunch of security stuff when you're setting up your website is not doing it and then having to deal with the fallout after the fact. Website malware can be expensive, time-consuming, labor-intensive to get rid of, and annoying, to say the very least. So I think it's very important for website owners to consider security a priority from day one and that's gonna make your life a lot easier down the road and it's gonna help maintain that trust that people have in existing in the web and surfing the web and buying your company's products on your e-commerce website or whatever. So with that being said, I would like to go over some of the very, some of the common malware campaigns that we've been dealing with and observing for multiple years just so we can actually kind of get our eyes on exactly what does this malware look like? What are their goals? What are they doing? I mentioned that they are opportunistically hacking all their websites, all these websites, but what do they actually do with it when that happens? Like, what's their modus operandi? What makes them tick? What are their objectives? So I'm gonna go into three main ones. Obviously there are a lot more than this, but these are some of the three most common and oftentimes most detrimental types of malware campaigns that we at Sikuri kind of keep track of. So the three I'm gonna go over are Balada Injector, Sokulish, and Credit Card Skimmers. So essentially these types of malware are used to allow the attackers to make a profit because at the end of the day, their goal is to make money. It is quite literally their job to hack websites and to figure out ways to hack websites and make a financial return on it. For the most part, attackers aren't really doing this for fun. It's a business. I read recently, it's fascinating in the black market where a lot of these ransomware groups operate or cybercriminal groups operate. It mirrors the real economy. Like they have HR departments. They have employee of the month awards. Like they have paid vacation. It's just a business to them. They don't care. It's like their career because they're operating in a space where they can act with legal impunity essentially. And so these are just means to an end for them. They're not nefarious people doing evil things for evil reasons. They are threat actors. They do cause harm and they do evil things but it's just to make money. Just like anybody else is doing essentially. So let's start with the Bellata injector. This is named because of the directory in which it dumps its malware on your desktop if you fall for the scam. So essentially you have this malicious obfuscated JavaScript right here and what it does is it injects code like this into your database or your files and usually what happens is it redirects you to a page that has a friendly looking robot and sometimes an upstanding looking fellow wearing a suit and it asks you to click to allow that to verify that you are a human. Of course most people if they have good browsing habits are gonna be like, yo, what is this? I'm not clicking on this but oftentimes people do. And what they don't realize is that they are infecting their, essentially if infecting their computer with spyware. We have been tracking this malware for roughly five years and at this point we estimate that this ongoing campaign has infected over a million websites and it's basically associated with bogus redirects, rogue ad networks, adware potentially unwanted programs, nothing that you really want on your computer. These threat actors are very, very aggressive. So essentially whenever there's a new vulnerability in a plugin or theme that gets disclosed online within 24 hours these guys are exploiting it and hacking thousands of websites. They're really on the ball so to speak. For this reason people that have automatic plugin and theme updates enabled in their WordPress environment are best suited to dealing with these types of threats but I will get into that a little bit more later. Next is Saakulish. Saakulish is a little bit more nefarious. It's not just annoying spam and spyware but it tends to be the first stage in targeted ransomware attacks. So again this is a campaign that's been going on for well over five years. They've infected many, many websites. It's one of the most common types of malware and again it's a JavaScript injection typically and what you'll see if you're a visitor to an infected website with this type of malware tends to be what you see here. It alerts you that you're using an old version of Chrome and it gives you a handy dandy zip file that you can download and update your Chrome and make sure that you're using the most recent version. Now of course we all know that that's a lie and what they're actually doing is a drive-by download for a remote access Trojan and once they have gained control over an endpoint device, usually a Windows box, they detonate a ransomware and demand a ransom be paid in Bitcoin most of the time. So this fake browser update malware is super common and the implications and the consequences of it can be quite devastating. As a website owner, it's more just a nuisance and it's a real kind of a pain to clean up and remove the malware but if you're a victim of the actual ransomware attack that can be financially devastating to you. Even more so if you happen to detonate one of these things on your corporate network at work and so a lot of the ransomware attacks that have been popping up in the news over the last few years starts with this and it begins when someone mistakenly at work visits one of these infected sites and doesn't have good browsing habits and ends up downloading a rat remote access Trojan on their machine. So last, our credit card scammers. This has been increasingly common on infected websites particularly WordPress over the last few years. So a credit card skimmer is exactly what it sounds when an attacker is able to compromise a website, they take control of the checkout page or they meddle with the files in the back end so that when a purchase is conducted on the website they are surreptitiously picking people's pockets at the same time. So this is usually called mage cart malware because it started roughly in the year 2015 when attackers started attacking Magento CMS platform websites. Magento is a dedicated e-commerce platform and so it was kind of a foregone conclusion that they would start with attacking that. However, starting at the end of 2019 beginning of 2020, give or take, we started noticing that the malware that was previously infecting Magento environments to steal credit card details was being repurposed to target WordPress, usually using WooCommerce. Like literally copy and pasted the malware into a different environment and that trend has continued. So this type of malware is not the most severe in terms of numbers because most websites are not e-commerce websites. However, if you do own and operate an e-commerce website, this is the last thing that you want to happen to you because you might find yourself on the phone with Visa in very hot water being informed that your website was identified as a common point of purchase for multiple stolen credit cards, like bro, you're hacked. You have to figure this out and you can end up paying kind of thousands of dollars in fines. And just to really hammer home how much the attackers are targeting WooCommerce environments is this graph on the right hand side here. This is a summary from our 2022 threat report which shows the most common file paths and names of known credit card skimming malware. And you can see the top four are all WooCommerce. Magento doesn't even appear until number five and it's just over 5% of the total. So to further hammer this home is the next graph that I made some time ago. And this is an analysis of sites with known credit card skimmers by our site check tool which you can use at sitecheck.secure.net and we can see that in basically the middle of 2021 is when WordPress overtook the other CMS platforms dedicated to e-commerce platforms like Magento and OpenCart. And then by the end of the year it was eclipsing the rest of them. Credit card theft, this will shock you, tends to happen the most during the holidays when people are spending their money online and visiting a lot of e-commerce websites. In fact, at Secure the summer is usually like the slow season because the attackers are on vacation I assume and then they whip out their malware in September, October, and November just to get ready for the holidays. So if you are an e-commerce website owner I would recommend that you pay special attention to your security posture. That being said, let us explore some default configurations in WordPress and why they are problematic. So default configurations of software tends to be insecure in general. This is not anything that's unique to WordPress. This is a problem across the board. So for example, if you get a new internet service provider they're gonna send you a router in the mail and it comes with a default username and password which they recommend that you change because it's usually public knowledge what those credentials are and you don't want any intruders on your Wi-Fi network at home, right? Another one is for like wireless network attached security cameras. A lot of the people that buy those from Costco or whatever or Best Buy they don't change the password on them and then they end up getting infected and getting part of a botnet. So this is a problem with security or with software just in general. And WordPress is no exception to this. In general, one of the reasons why WordPress has had such a meteoric success over the last 20 years and why it has become the most popular and most widely used CMS is because of its ease of use. It's convenient, it's easy, it's friendly, it's very user friendly. And so why wouldn't you want to use it, right? But I think it's very important to keep in mind that and this is something I'd like to stress as being one of the core ideas of my presentation is that there is a constant tug of war between convenience and security. And one of those often comes at the expense of the other. Again, that's not anything that's unique to WordPress. That's just a general truth, right? And one of those things, those things that are convenient but perhaps insecure is what you're looking at right now, the WordPress login screen, which I'm sure all of you are very familiar with. If I go to some random WordPress website.com slash wp-login.php, this is probably what I'm gonna see. Why should I be able to see that? I shouldn't be able to see a authentication prompt for a website that I don't own. So that's one of those things that makes it really easy to use. But also on the flip side, it makes the platform vulnerable to brute force attacks, right? Unless you take additional measures to mitigate that. And I do wanna stress right here that all the points that I'm gonna bring up, all the shortfallings of default configurations can be fixed, they can be mitigated with security plugins and firewalls and other such measures that WordPress site owners can take. But the onus is on the site owner to do that themselves. It's not anything that's gonna happen out of the box, it's not gonna happen automatically. And as I stated before, WordPress website owners or site owners in general, don't tend to care about security until after they've get hacked. So it's not exactly something that they're going to think of when they're getting their site set up, right? Generally speaking, the access control measures on a default out of the box WordPress website are quite poor. It's just the admin username and password, that's it. There is no limit on authentication failures. There's like limit on login attempts. The admin URL is WP admin, it's the same on virtually all sites. And like there's no two-factor authentication by default. Again, all things that can be fixed, but not there by default. Another thing that's quite insecure by default is that you have the ability to directly edit files from your WP admin dashboard. So if you're an attacker, what do you do? Well, if I'm able to compromise an admin panel in a WordPress website and I successfully brute force my way in, the first thing I'm going to do is I'm going to go to the theme editor, theme editor, then I'm going to go to WP content slash themes slash active theme slash 404.php and I'm going to edit that file and I'm going to put a backdoor at the very top of it. And that way, if the website owner discovers he's been hacked and changes his passwords, well, I still got my foot in the door, right? Again, that's one of those there by default things that can be changed, but needs to be changed. So, defense in depth. I would like, this is the part where I leave you feeling inspired and capable to make your site more secure. So I'm going to give you some actionable steps that you can take to fix these default configurations if they may be there in your environment and make things a little bit more secure. So, defense in depth is the concept of making, anticipating what your enemy is going to do and making their life as difficult and miserable as possible while they're trying to do it. So, at every single step of the way that the attackers are going to try to compromise your environment, just make it really annoying for them. Make it time consuming for them or better yet, make it impossible for them to do it. It's taking every measure that you can to secure your website. So, the very first one that I want to mention, of course, is two factor authentication on your WP admin panel. If there is one thing that you remember from my talk today, it's that I want you to go home and enable 2FA on your WP admin panel. That is the best thing that you can do. And in fact, you can put 2FA on your bank login, on your Facebook account, on all of your social media accounts. Basically anywhere and everywhere you can possibly enable 2FA, you should do it. Because it's unlikely that the hacker is going to have access to your mobile device, right? Limiting the number of login attempts, rather failed login attempts on your WP admin page is very effective. That's going to mitigate brute force attacks, right? IP access control is one of my favorite because like I said, why do I go to some random WordPress website.com slash WP login and there is an authentication prompt. I shouldn't be able to see that. So if you restrict who can view that page only to your home IP, maybe your work, maybe your friend's house, maybe the Starbucks down the street that you like to sip coffee and blog from and everyone else should get a 403 forbidden. That's very, I think you can do that with an HG access file or some security plugins or you can use something like our security firewall to do that very easily. Also the fact that the login URL is the same across all websites is a little janky. Like maybe if you go to WP admin, it should return a 404 unless you know the secret login URL that you yourself have specified. There's also a plugin in the WordPress repository that can allow you to do that. Or even something really basic like a CAPTCHA or the secondary password. This goes without saying, but I'm gonna say it anyways, obviously you should be using strong, robust passwords everywhere on WP admin, C panel hosting, FTP, if you have an SSH service with your hosting provider, you should use a key authentication. Basically make it as difficult as possible for your environment to be brute forced. There are some additional security rules that you can add to WP-config.php, like disallow file edit, which removes the possibility of the attackers editing that backdoor into one of your theme files that I mentioned earlier, or disallow file mods, which is on the more extreme end of the spectrum, which basically locks down the environment entirely. And you'll definitely want to use a security plugin, but don't install everything under the sun because you're gonna lock yourself out of your own website. All that being said, on the Securi blog, I do actually have a fairly detailed blog post that I released some months ago that go into all this stuff in really granular detail. I forgot to include it in my slides, but if you search up blog, Securi, Ben Martin, WordPress, hardening, then it'll probably be the first result. And to close up here, always keep your website patched. And by that, I mean, keep your plugins up to date, keep your WordPress core up to date, keep your themes up to date. Vulnerable software is the number one cause of infection, and the best way that you can mitigate that is by enabling automatic updates because there's a very short window in time between when a vulnerability is released and it starts to get exploited, usually under 24 hours. And not all website owners are gonna be available 24 seven all the time to issue these emergency patches, right? If you have auto updates enabled, the work is done for you. There's, many people don't like having that enabled because sometimes updates break things. That's a very valid concern. And so you'd want to pair that with a daily backup service to make sure that you have something, if something breaks. File integrity monitoring is very important. We have one called the server side scanner that we offer with our services and it basically goes through your files once per day and tells you if any files were added or modified. It's a exceedingly helpful and diagnostic tool. And I think it's important to just continue to stress the fact of this constant battle between convenience and security. Not everyone is gonna wanna enable every single one of these security measures because it's gonna make working with your site just nightmarishly inconvenient so I can understand why you wouldn't. So you need to decide as a website owner what level of inconvenience you want to deal with for the sake of keeping your website secure. And that's gonna vary from website to website. If you got the cat blog, maybe you just wanna put a capture on your WP admin page and have a strong password and call it a day. And if you operate a rather large e-commerce website, you might wanna take some more additional measures. I'm getting told that we need to start Q&A so just one final note. If you do have an e-commerce website, I would strongly recommend disabling guest checkout and putting a capture on your checkout page. Otherwise, your site can be used to test stolen credit card numbers before they go in the black market. And that's that. Thank you for coming to my talk. All right, let's have it. Give me some questions. Yeah, real quick question. Usually when I see hacked websites, I work on a lot of, you know, people come to me with distressed sites. It's almost always just code that's hacked. And typically it's the like word fences an example. They look at the files, but what about the database? Are do people, don't people add malware, you know, very malware in the database as well? And do you scan, does security scan for it? Absolutely, yes. It's very common. Like with credit card skimmers, as I mentioned before, the database, I know this is a word camp, but with like Magento sites, for example, one of the most common ways is just throwing a JavaScript injection in there. That Bellata injector that I mentioned earlier, very frequently we'll just put thousands and thousands of like JavaScript entries in the database. I haven't worked with word fence enough to know what extent they check with the database, but with Sakura, when we do like perform a cleanup, we absolutely do scan the DB. And usually if there's something nefarious in the database, it's gonna display externally on the website somewhere, you know, that's kind of the whole point. And so our external site check monitoring will typically flag that. But yeah, it is a crucial component that sometimes gets overlooked and it's very important to check it. Hello. So I basically have two questions. So one is on the hardening word press slide, you told that I have to add CAPTCHA on the checkout. So if my site already has Google recapture and I will do I need to add any additional CAPTCHA on the checkout? And another question is for our website, for example, we use a payment getter called Paddle who process all the payment gateways on behalf of us. So we don't store any credit card details, they do it for us. So is there any risk of credit card schemers in this case as well? For the first option, the goal of putting a CAPTCHA on your checkout page is to prevent automated card testing. So as long as at some point in the checkout process, they bump into a CAPTCHA that they can't do automatically or sequentially, then your issue should be safe from that. Because they have like tens of thousands of stolen credit card numbers, they write a script to just find another site to test them on and they just do thousands and thousands and thousands at a time. As long as you can break their automation, that's what counts. What was the payment game way that you said you were using? Pendulum. Pendulum? Pendulum, it's PA. So it's PA double DLE. So what they do is basically they provide the payment gateways like PayPal, credit card, Apple Pays. So we don't have to worry about, so we just integrate it within WooCommerce and they process all the payments on behalf of us and all the data basically stored in there, data is not us. So they store all the credit card data. So in that case, is there any issue of data being stolen if someone coming from our website and buying things? Yeah, and it's a WooCommerce environment as well? Yeah. So what's interesting about some of these card skimmers is that you can design a perfect e-commerce plugin like WooCommerce or something that works really effective that handles payment information in a very secure fashion. But the malware is not designed to do that. The malware is designed to do the opposite. And if you simultaneously have a malicious plugin installed in your WooCommerce environment that's designed to harvest those card details, it doesn't matter how secure your e-commerce plugin is, the malware is just picking their pockets anyway. So I don't know specifically, I've not worked with that specific payment gateway. Perhaps they've managed to kind of transcend that contradiction, I don't know. But yeah, the malware is designed to harvest the data no matter how it's handled in the legitimate fashion. So when I've seen credit card theft happen on payment gateways and platforms that claim to be bulletproof, the hackers, if they have to go to the moon and back, they'll find a way to do it, right? So I would certainly not consider anything to be bulletproof. And I would certainly, obviously you'll want to use the most secure payment gateway that you can find, but I would not let your guard down. These are quite literally organized crime groups that are figuring out ways to exploit payment gateways and steal card details. They're fairly sophisticated threat actors, so I wouldn't put it past them. Definitely keep your security posture up. Anyone else? Just a quick question, do you think or do you think that's a blog or you're in a tribal? Yeah, oh, so what was the title of the blog post? Okay, so it's on the Securi blog, which is blog.securi.net. The title is I think WordPress hardening and I'm the author. So just search up blog, Securi blog, Ben Martin, WordPress hardening. That should do the trick. Or you can go to my author page, which is blog.securi.net slash author or authors one of the two, then Ben Martin and all my stuff will be there. Any other takers? Oh, there we go. Got another one. One thing I always run into was we would get randomly, we would get just a huge spike in our database connections. And we'd get up to something like, I think it was 256 was, well, I think about 80 or so was about where our website started to really slow down. I was wondering what, if you had an idea about something that causes that. I don't think it was someone trying to hack our site. So I think it was probably something that was wrong in our code that would cause some kind of looping structure to happen or something like that. But I just wanted to get your take on that. Yeah, I mean, stuff like that often gets blamed on malware and totally could be. But in my experience, it's more often misbehaving code or just like a plugin going haywire or making a bunch of like logging a bunch of stuff when it shouldn't be or just behaving in generally unexpected ways. As far as like database connections, I don't know, maybe crypto miner, mining cryptocurrency or something, it's like maxing out the resources on the server could be related to that. That's the only thing that really comes to mind as far as like a malware standpoint. But I would hesitate to blame things on malware right away, because quite often there's a more likely cause and more often than not, if your like resources are being maxed out in your environment, it could just be a misconfiguration. I wouldn't jump to conclusions necessarily, although I wouldn't also completely dismiss it. Hi. So I use a security plugin and there is a, you know, you can hide the login. So I've done that. But I've often wondered if hackers can just bypass that or if they have a script to look for the login page. And so I, it was hardening to hear to do that, but I've often wondered, you know, if that works. Well, that's actually a great question. It's one of those like changing the admin URL is one of those security through obscurity things. It's something that I wouldn't necessarily rely upon to, you know, sleep soundly at night. I'm invincible from the hackers now that they'll never guess my login page. Like I've outsmarted them, but it will help, right? It's not going to hurt your security of your website. Absolutely do it. I would probably, it's sort of like changing the port on an SSH connection for your VPS, right? Like the standard port is 22, but I'm going to change it to 129, they'll never guess. But of course there are like tools that you can just do a port scan. And it's like, oh, he's using port 129. Like I've outsmarted him. But it's one added step that they have to do. So from a defense in depth strategy, you're making the attackers life slightly more difficult. And that is part of the goal, right? I wouldn't, again, I wouldn't completely rely on it, but absolutely, employ it, employ whatever measures that you can take to make their lives difficult. And often I like to say that like attackers go for low hanging fruit, right? As long as you're not one of the people at the bottom of the tree, you're much safer, you're much better off, right? You don't want to be a low hanging fruit. You want to be one of the ones that where they have to reach up really high to get it. So the attackers, maybe if they get a 404 on wplogin.php, they might be like, oh, it's not a WordPress site, why bother? Or if they get like a connection refused from port 22 and they try to brute force, you know, an SSH password, they might be like, oh, it's too much trouble and they don't bother with it, right? So you've definitely done a great job in like making your website more difficult to hack, but there are also other ways, other things that you can do in addition to that for sure. Like there's no limit really. Hi, is there a combination of like security plugin and firewall that you would recommend or are you obligated to recommend security products? This will shock you, but I would recommend using the Sikuri scanner plugin with the Sikuri firewall, but I do work for Sikuri, so you know, full disclosure there, I'm half kidding. You know, honestly, word fence is great. Word fence is an awesome plugin. It's really effective. We have tons of clients that use it, you know, they have a great blog, they have a great vulnerability research team, like big ups to them for real, like they're good. I think as far as firewall goes, that's not really my expertise. I'm like more on the malware analysis and remediation side of things, so I'm not like, you know, super informed about that, but I know Cloudflare allows you to like draft up your own rules sometimes. I mean, there's a whole bunch of choices under the sun, right? But of course, I'm most familiar with Sikuri and I'm obligated to recommend our own services. But yeah, you know, I will just give word fences, big ups here, like they're good, they're solid. As far as I know, they're not gonna conflict with any of ours either, so that's also good. Nice. Anybody else? All right, well we've just started to receive the first influx of everyone else into the room. So cool, well thank you for your great questions. Thank you for coming to my talk. I appreciate the audience and thank you for giving me the opportunity to share some of my experience for the last 10 years with you and I hope you leave this word camp feeling entertained and empowered and educated, so thanks again.