Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hardening WordPress is An Art
Search
Chathu Vishwajith
September 23, 2017
Technology
0
140
Hardening WordPress is An Art
My presentation for First-ever WordCamp Colombo 2017, Sri Lanka
#wccmb
Chathu Vishwajith
September 23, 2017
Tweet
Share
More Decks by Chathu Vishwajith
See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
iamchathu
0
67
Properly Securing Node.js APIs
iamchathu
0
57
Hardening WordPress is kind of Art
iamchathu
0
130
It's Someone Else's Servers
iamchathu
0
43
Speed Up Your WordPess
iamchathu
0
110
CMBJS Meetup: Securing NodeJS APIs with JWT
iamchathu
0
110
Other Decks in Technology
See All in Technology
組織全員で向き合うAI Readyなデータ利活用
gappy50
4
1.4k
パフォーマンスチューニングのために普段からできること/Performance Tuning: Daily Practices
fujiwara3
2
140
re:Inventに行くまでにやっておきたいこと
nagisa53
0
680
AI機能プロジェクト炎上の 3つのしくじりと学び
nakawai
0
130
OTEPsで知るOpenTelemetryの未来 / Observability Conference Tokyo 2025
arthur1
0
310
【SORACOM UG Explorer 2025】さらなる10年へ ~ SORACOM MVC 発表
soracom
PRO
0
170
生成AI時代のPythonセキュリティとガバナンス
abenben
0
150
頭部ふわふわ浄酔器
uyupun
0
230
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
2
100
QA業務を変える(!?)AIを併用した不具合分析の実践
ma2ri
0
160
仕様駆動開発を実現する上流工程におけるAIエージェント活用
sergicalsix
6
2.1k
コンパウンド組織のCRE #cre_meetup
layerx
PRO
1
280
Featured
See All Featured
Rails Girls Zürich Keynote
gr2m
95
14k
The Pragmatic Product Professional
lauravandoore
36
7k
Gamification - CAS2011
davidbonilla
81
5.5k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
The Illustrated Children's Guide to Kubernetes
chrisshort
49
51k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
46
7.7k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
253
22k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
30
2.9k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Optimising Largest Contentful Paint
csswizardry
37
3.5k
Music & Morning Musume
bryan
46
6.9k
GraphQLとの向き合い方2022年版
quramy
49
14k
Transcript
Hardening WordPress is an Art
Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a
startup
Alex Proimos from Sydney, Australia
Is WordPress is secure? → 52% are from WordPress plugins
→ 37% are from core WordPress → 11% are from WordPress themes
Recent incidents
Recent Incidents → Display Widgets → WooCommerce Product Vendors →
WordPress Security Update 4.8.2 – Update Immediately!
Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting
(XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal
So what is the Art
Continuous improvements
Find a secured hosting
Don’t forget to update!
Don’t forget to update! → Keep your WordPress up-to-date →
Update your plugins and themes → Change passwords periodically → Keep yourself updated
Use your own, not defaults!
Use your own, not defaults! → Do not use ‘admin’
as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix
Stop directory indexing
Prevent User emumaration
Disable XML-RPC if not using
Limit login failed attempts
Backup regularly
Remove unused plugins/themes
Turn on Comments approval
Use HTTPS! Atleast wp-admin area and wp-login.php
Make sure Debugging is off!
Apache, PHP, NGINX, SSL Vulnerabilities
WordPress Vulnerability Database https://wpvulndb.com
WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner
None
Summery → Don’t forget to update. → Use your own
rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated
From Sri Lanka !
Thank you !