Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hardening WordPress is An Art

Chathu Vishwajith
September 23, 2017
Technology
0
76

Hardening WordPress is An Art

My presentation for First-ever WordCamp Colombo 2017, Sri Lanka

#wccmb

Chathu Vishwajith

September 23, 2017
Tweet

More Decks by Chathu Vishwajith

See All by Chathu Vishwajith
Properly Securing Node.js APIs
iamchathu
0
28
Hardening WordPress is kind of Art
iamchathu
0
86
It's Someone Else's Servers
iamchathu
0
27
Speed Up Your WordPess
iamchathu
0
98
CMBJS Meetup: Securing NodeJS APIs with JWT
iamchathu
0
60

Other Decks in Technology

See All in Technology
C向けサービスで 使われている認証方式と安全な使い方
ritou
5
360
DX_開発管理課
iketomo1207
1
150
OCI技術資料 : ロード・バランサー 概要 / Load Balancer 100
ocise
3
7.8k
OCI技術資料 : ロード・バランサー 詳細 / Load Balancer 200
ocise
2
6k
Swift 5.7で変わる正規表現を試してみよう
ainame
2
1.4k
Roslyn とその活用法
nenonaninu
2
240
Instant Payments: moving money at (almost) light speed
_aitor
0
150
Ideas for introducing new methods
teyamagu
0
350
「いちユーザーがPHPに新機能を追加するまで/PHPConference 2022」
colopl
0
450
ユーザー体験を毀損せず収益は向上させる広告を実現したい
line_developers
PRO
1
250
「家族アルバム みてね」を支えるビルド環境の改善
hicka04
2
330
自然言語可視化ライブラリ 「nlplot」のご紹介
takapy
3
970

Featured

See All Featured
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
213
20k
Producing Creativity
orderedlist
PRO
334
37k
Large-scale JavaScript Application Architecture
addyosmani
499
110k
Happy Clients
brianwarren
89
5.7k
Fontdeck: Realign not Redesign
paulrobertlloyd
73
4.2k
Learning to Love Humans: Emotional Interface Design
aarron
261
37k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
196
9.6k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
656
120k
Building an army of robots
kneath
300
40k
Stop Working from a Prison Cell
hatefulcrawdad
262
18k
Rebuilding a faster, lazier Slack
samanthasiow
62
7.3k
Designing Experiences People Love
moore
130
22k

Transcript

  1. Hardening WordPress is an Art

  2. Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a

    startup

  3. Alex Proimos from Sydney, Australia

  4. Is WordPress is secure? → 52% are from WordPress plugins

    → 37% are from core WordPress → 11% are from WordPress themes

  5. Recent incidents

  6. Recent Incidents → Display Widgets → WooCommerce Product Vendors →

    WordPress Security Update 4.8.2 – Update Immediately!

  7. Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting

    (XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal

  8. So what is the Art

  9. Continuous improvements

  10. Find a secured hosting

  11. Don’t forget to update!

  12. Don’t forget to update! → Keep your WordPress up-to-date →

    Update your plugins and themes → Change passwords periodically → Keep yourself updated

  13. Use your own, not defaults!

  14. Use your own, not defaults! → Do not use ‘admin’

    as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix

  15. Stop directory indexing

  16. Prevent User emumaration

  17. Disable XML-RPC if not using

  18. Limit login failed attempts

  19. Backup regularly

  20. Remove unused plugins/themes

  21. Turn on Comments approval

  22. Use HTTPS! Atleast wp-admin area and wp-login.php

  23. Make sure Debugging is off!

  24. Apache, PHP, NGINX, SSL Vulnerabilities

  25. WordPress Vulnerability Database https://wpvulndb.com

  26. WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner

  27. None

  28. Summery → Don’t forget to update. → Use your own

    rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated

  29. From Sri Lanka !

  30. Thank you !