Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Hardening WordPress is An Art

Avatar for Chathu Vishwajith Chathu Vishwajith
September 23, 2017
Technology
0
150

Hardening WordPress is An Art

My presentation for First-ever WordCamp Colombo 2017, Sri Lanka

#wccmb

Avatar for Chathu Vishwajith

Chathu Vishwajith

September 23, 2017
Tweet

More Decks by Chathu Vishwajith

See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
Avatar for Chathu Vishwajith iamchathu
0
67
Properly Securing Node.js APIs
Avatar for Chathu Vishwajith iamchathu
0
60
Hardening WordPress is kind of Art
Avatar for Chathu Vishwajith iamchathu
0
130
It's Someone Else's Servers
Avatar for Chathu Vishwajith iamchathu
0
46
Speed Up Your WordPess
Avatar for Chathu Vishwajith iamchathu
0
110
CMBJS Meetup: Securing NodeJS APIs with JWT
Avatar for Chathu Vishwajith iamchathu
0
110

Other Decks in Technology

See All in Technology
今年のデータ・ML系アップデートと気になるアプデのご紹介
Avatar for Nayuta S. nayuts
1
510
年間40件以上の登壇を続けて見えた「本当の発信力」/ 20251213 Masaki Okuda
Avatar for SHIFT EVOLVE shift_evolve
PRO
1
140
Database イノベーショントークを振り返る/reinvent-2025-database-innovation-talk-recap
Avatar for emi emiki
0
230
生成AI活用の型ハンズオン〜顧客課題起点で設計する7つのステップ
Avatar for Nakao Yushin yushin_n
0
240
Bedrock AgentCore Memoryの新機能 (Episode) を試してみた / try Bedrock AgentCore Memory Episodic functionarity
Avatar for hoshi7_n hoshi7_n
0
170
Haskell を武器にして挑む競技プログラミング ─ 操作的思考から意味モデル思考へ
Avatar for Naoya Ito naoya
7
1.6k
AI駆動開発の実践とその未来
Avatar for Ikko Eltociear Ashimine eltociear
1
250
AWSを使う上で最低限知っておきたいセキュリティ研修を社内で実施した話 ~みんなでやるセキュリティ~
Avatar for maimyyym maimyyym
2
1.8k
「図面」から「法則」へ 〜メタ視点で読み解く現代のソフトウェアアーキテクチャ〜
Avatar for Satoshi Kobayashi scova0731
0
340
まだ間に合う! Agentic AI on AWSの現在地をやさしく一挙おさらい
Avatar for みのるん minorun365
12
630
Databricks向けJupyter Kernelでデータサイエンティストの開発環境をAI-Readyにする / Data+AI World Tour Tokyo After Party
Avatar for GENDA genda
1
560
Amazon Bedrock Knowledge Bases × メタデータ活用で実現する検証可能な RAG 設計
Avatar for Tomoaki tomoaki25
2
230

Featured

See All Featured
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
370
20k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
791
250k
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
Avatar for Beat Signer signer
PRO
0
3.1k
Tips & Tricks on How to Get Your First Job In Tech
Avatar for Honza Javorek honzajavorek
0
390
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
710
HDC tutorial
Avatar for Michiel Stock michielstock
0
250
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
Avatar for konakalab konakalab
0
300
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
17k
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
Avatar for AKADEMIYA2063 akademiya2063
PRO
0
25
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
38
3k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
273
27k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
10
740

Transcript

  1. Hardening WordPress is an Art

  2. Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a

    startup

  3. Alex Proimos from Sydney, Australia

  4. Is WordPress is secure? → 52% are from WordPress plugins

    → 37% are from core WordPress → 11% are from WordPress themes

  5. Recent incidents

  6. Recent Incidents → Display Widgets → WooCommerce Product Vendors →

    WordPress Security Update 4.8.2 – Update Immediately!

  7. Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting

    (XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal

  8. So what is the Art

  9. Continuous improvements

  10. Find a secured hosting

  11. Don’t forget to update!

  12. Don’t forget to update! → Keep your WordPress up-to-date →

    Update your plugins and themes → Change passwords periodically → Keep yourself updated

  13. Use your own, not defaults!

  14. Use your own, not defaults! → Do not use ‘admin’

    as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix

  15. Stop directory indexing

  16. Prevent User emumaration

  17. Disable XML-RPC if not using

  18. Limit login failed attempts

  19. Backup regularly

  20. Remove unused plugins/themes

  21. Turn on Comments approval

  22. Use HTTPS! Atleast wp-admin area and wp-login.php

  23. Make sure Debugging is off!

  24. Apache, PHP, NGINX, SSL Vulnerabilities

  25. WordPress Vulnerability Database https://wpvulndb.com

  26. WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner

  27. None

  28. Summery → Don’t forget to update. → Use your own

    rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated

  29. From Sri Lanka !

  30. Thank you !