Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hardening WordPress is An Art

Avatar for Chathu Vishwajith Chathu Vishwajith
September 23, 2017
Technology
0
150

Hardening WordPress is An Art

My presentation for First-ever WordCamp Colombo 2017, Sri Lanka

#wccmb

Avatar for Chathu Vishwajith

Chathu Vishwajith

September 23, 2017
Tweet

More Decks by Chathu Vishwajith

See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
Avatar for Chathu Vishwajith iamchathu
0
71
Properly Securing Node.js APIs
Avatar for Chathu Vishwajith iamchathu
0
61
Hardening WordPress is kind of Art
Avatar for Chathu Vishwajith iamchathu
0
140
It's Someone Else's Servers
Avatar for Chathu Vishwajith iamchathu
0
49
Speed Up Your WordPess
Avatar for Chathu Vishwajith iamchathu
0
120
CMBJS Meetup: Securing NodeJS APIs with JWT
Avatar for Chathu Vishwajith iamchathu
0
110

Other Decks in Technology

See All in Technology
AIエージェント×GitHubで実現するQAナレッジの資産化と業務活用 / QA Knowledge as Assets with AI Agents & GitHub
Avatar for Hitsuji tknw_hitsuji
0
240
TUNA Camp 2026 京都Stage ヒューリスティックアルゴリズム入門
Avatar for terry-u16 terryu16
0
520
やさしいとこから始めるGitHubリポジトリのセキュリティ
Avatar for Yuta Matsumura tsubakimoto_s
2
1.7k
Kiro Meetup #7 Kiro アップデート (2025/12/15〜2026/3/20)
Avatar for Katz Ueno katzueno
2
250
Phase09_自動化_仕組み化
Avatar for overflow ,Inc overflowinc
0
1.8k
AIエージェント勉強会第3回 エージェンティックAIの時代がやってきた
Avatar for Y.Miyado ymiya55
0
130
Change Calendarで今はOK?を仕組みにする
Avatar for tommy tommy0124
1
110
Sansanの認証基盤を支えるアーキテクチャとその振り返り
Avatar for SansanTech sansantech
PRO
1
100
Phase08_クイックウィン実装
Avatar for overflow ,Inc overflowinc
0
1.9k
スピンアウト講座01_GitHub管理
Avatar for overflow ,Inc overflowinc
0
1.5k
Phase06_ClaudeCode実践
Avatar for overflow ,Inc overflowinc
0
2.1k
Phase12_総括_自走化
Avatar for overflow ,Inc overflowinc
0
1.6k

Featured

See All Featured
Heart Work Chapter 1 - Part 1
Avatar for Lake Fama lfama
PRO
5
35k
We Are The Robots
Avatar for Honza Javorek honzajavorek
0
200
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
31
5.9k
Utilizing Notion as your number one productivity tool
Avatar for Mfonobong Umondia mfonobong
4
270
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
32
2.8k
Claude Code のすすめ
Avatar for schroneko schroneko
67
220k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
378
71k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
Avatar for Tammy Everts tammyeverts
2
250
Stewardship and Sustainability of Urban and Community Forests
Avatar for Eric Wiseman pwiseman
0
160
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
133
19k
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
463
34k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
17k

Transcript

  1. Hardening WordPress is an Art

  2. Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a

    startup

  3. Alex Proimos from Sydney, Australia

  4. Is WordPress is secure? → 52% are from WordPress plugins

    → 37% are from core WordPress → 11% are from WordPress themes

  5. Recent incidents

  6. Recent Incidents → Display Widgets → WooCommerce Product Vendors →

    WordPress Security Update 4.8.2 – Update Immediately!

  7. Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting

    (XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal

  8. So what is the Art

  9. Continuous improvements

  10. Find a secured hosting

  11. Don’t forget to update!

  12. Don’t forget to update! → Keep your WordPress up-to-date →

    Update your plugins and themes → Change passwords periodically → Keep yourself updated

  13. Use your own, not defaults!

  14. Use your own, not defaults! → Do not use ‘admin’

    as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix

  15. Stop directory indexing

  16. Prevent User emumaration

  17. Disable XML-RPC if not using

  18. Limit login failed attempts

  19. Backup regularly

  20. Remove unused plugins/themes

  21. Turn on Comments approval

  22. Use HTTPS! Atleast wp-admin area and wp-login.php

  23. Make sure Debugging is off!

  24. Apache, PHP, NGINX, SSL Vulnerabilities

  25. WordPress Vulnerability Database https://wpvulndb.com

  26. WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner

  27. None

  28. Summery → Don’t forget to update. → Use your own

    rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated

  29. From Sri Lanka !

  30. Thank you !