Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hardening WordPress is An Art

Chathu Vishwajith
September 23, 2017
Technology
0
100

Hardening WordPress is An Art

My presentation for First-ever WordCamp Colombo 2017, Sri Lanka

#wccmb

Chathu Vishwajith

September 23, 2017
Tweet

More Decks by Chathu Vishwajith

See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
iamchathu
0
32
Properly Securing Node.js APIs
iamchathu
0
53
Hardening WordPress is kind of Art
iamchathu
0
110
It's Someone Else's Servers
iamchathu
0
38
Speed Up Your WordPess
iamchathu
0
100
CMBJS Meetup: Securing NodeJS APIs with JWT
iamchathu
0
84

Other Decks in Technology

See All in Technology
日本におけるデータエンジニアリングのこれまでとこれから
foursue
14
3.9k
JAWS-UG Bedrock Claude Night
yamahiro
3
400
MySQL の SQL クエリチューニングの要所を掴む勉強会
andpad
2
4.7k
エンジニアのキャリアをちょっと楽しくする3本の軸/Three Pillars to Make an Engineer's Career More Enjoyable
kwappa
0
2.4k
マルチアカウント環境への発見的統制の導入
ch1aki
1
1.3k
検証を通して見えてきたTiDBの性能特性
lycorptech_jp
PRO
6
3.7k
ChatworkのSRE部って実は 半分くらいPlatform Engineering部かもしれない
saramune
0
140
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
4
880
Azure Container Apps + Bicep 〜 こんな感じで運用しています
kaz29
2
340
**強い**エンジニアのなり方 - フィードバックサイクルを勝ち取る / grow one day each day
soudai
63
18k
生産性向上チームの紹介
cybozuinsideout
PRO
1
830
Tableau事例紹介 / Tableau Case Study of Eureka
kazuya_araki_tokyo
1
180

Featured

See All Featured
The Pragmatic Product Professional
lauravandoore
24
5.8k
Building Your Own Lightsaber
phodgson
98
5.7k
The Cost Of JavaScript in 2023
addyosmani
14
3.8k
RailsConf 2023
tenderlove
2
530
The Invisible Side of Design
smashingmag
294
49k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
356
22k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
Statistics for Hackers
jakevdp
789
220k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
12
1.5k
GitHub's CSS Performance
jonrohan
1023
450k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
220
21k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
124
32k

Transcript

  1. Hardening WordPress is an Art

  2. Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a

    startup

  3. Alex Proimos from Sydney, Australia

  4. Is WordPress is secure? → 52% are from WordPress plugins

    → 37% are from core WordPress → 11% are from WordPress themes

  5. Recent incidents

  6. Recent Incidents → Display Widgets → WooCommerce Product Vendors →

    WordPress Security Update 4.8.2 – Update Immediately!

  7. Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting

    (XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal

  8. So what is the Art

  9. Continuous improvements

  10. Find a secured hosting

  11. Don’t forget to update!

  12. Don’t forget to update! → Keep your WordPress up-to-date →

    Update your plugins and themes → Change passwords periodically → Keep yourself updated

  13. Use your own, not defaults!

  14. Use your own, not defaults! → Do not use ‘admin’

    as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix

  15. Stop directory indexing

  16. Prevent User emumaration

  17. Disable XML-RPC if not using

  18. Limit login failed attempts

  19. Backup regularly

  20. Remove unused plugins/themes

  21. Turn on Comments approval

  22. Use HTTPS! Atleast wp-admin area and wp-login.php

  23. Make sure Debugging is off!

  24. Apache, PHP, NGINX, SSL Vulnerabilities

  25. WordPress Vulnerability Database https://wpvulndb.com

  26. WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner

  27. None

  28. Summery → Don’t forget to update. → Use your own

    rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated

  29. From Sri Lanka !

  30. Thank you !