Hardening WordPress is An Art

Transcript

1. Hardening WordPress is an Art

2. Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a

   startup

3. Alex Proimos from Sydney, Australia

4. Is WordPress is secure? → 52% are from WordPress plugins

   → 37% are from core WordPress → 11% are from WordPress themes

5. Recent incidents

6. Recent Incidents → Display Widgets → WooCommerce Product Vendors →

   WordPress Security Update 4.8.2 – Update Immediately!

7. Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting

   (XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal

8. So what is the Art

9. Continuous improvements

10. Find a secured hosting

11. Don’t forget to update!

12. Don’t forget to update! → Keep your WordPress up-to-date →

    Update your plugins and themes → Change passwords periodically → Keep yourself updated

13. Use your own, not defaults!

14. Use your own, not defaults! → Do not use ‘admin’

    as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix

15. Stop directory indexing

16. Prevent User emumaration

17. Disable XML-RPC if not using

18. Limit login failed attempts

19. Backup regularly

20. Remove unused plugins/themes

21. Turn on Comments approval

22. Use HTTPS! Atleast wp-admin area and wp-login.php

23. Make sure Debugging is off!

24. Apache, PHP, NGINX, SSL Vulnerabilities

25. WordPress Vulnerability Database https://wpvulndb.com

26. WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner

27. None

28. Summery → Don’t forget to update. → Use your own

    rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated

29. From Sri Lanka !

30. Thank you !