Hardening WordPress is An Art

E0ebe52a4d912582108eb93c10831141?s=47 Chathu Vishwajith
September 23, 2017
Technology
0
64

Hardening WordPress is An Art

My presentation for First-ever WordCamp Colombo 2017, Sri Lanka

#wccmb

E0ebe52a4d912582108eb93c10831141?s=128

Chathu Vishwajith

September 23, 2017
Tweet

More Decks by Chathu Vishwajith

See All by Chathu Vishwajith
E0ebe52a4d912582108eb93c10831141?s=48 iamchathu
0
24
E0ebe52a4d912582108eb93c10831141?s=48 iamchathu
0
74
E0ebe52a4d912582108eb93c10831141?s=48 iamchathu
0
25
E0ebe52a4d912582108eb93c10831141?s=48 iamchathu
0
83
E0ebe52a4d912582108eb93c10831141?s=48 iamchathu
0
54

Other Decks in Technology

See All in Technology
E9ce07196f470caff07053e98a88fa9e?s=48 10shi10ma
2
950
79c2f7db29ee6df3e1ceb85c6a0126d3?s=48 moriwaka
0
170
C732029414e4c194b34639341e5eb199?s=48 logico
2
160
9bf153d8c0ce36ba6d9d20c2914b70f4?s=48 shimastripe
11
970
B46a00cafe34a9437d3a5bc6afc5bee3?s=48 aditya45
0
490
8065fe5a0d33908c6f71c5ae28939dcd?s=48 ayatokura
0
120
F400611942a8b7a695f741f9a720fcf8?s=48 koooootake
9
1.3k
41088d50c95ab57359a3cb56988cfec7?s=48 ngyt
2
640
88964b936e864ca7d326272eaa70fa9a?s=48 hgsgtk
1
1.1k
C786d7772602b488a7972c38c143f61c?s=48 con_mame
3
1.8k
5059d3f370ad7e1f4d8de4be79ae1a2c?s=48 rvirus0817
2
370
3744945b353aca873f215d885310cc4c?s=48 meiradania
0
160

Featured

See All Featured
25c7c18223fb42a4c6ae1c8db6f50f9b?s=48 mojombo
356
62k
761be20b5ebd271008bcee1244fc5b52?s=48 matthewcrist
70
7k
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
18
920
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
436
28k
245cee81a9c424266e5e401d844ea881?s=48 lara
169
9.2k
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
205
9.9k
A415db3ac9e9668acbc1fb36eead84ac?s=48 mthomps
37
2.2k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
51
3.9k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
165
6.8k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
498
130k
Aebc2d07a50011e2a30d38435fde564a?s=48 jrom
113
7k
E43f8dfd01057f8304f5f8fb9a294d7d?s=48 jeffersonlam
325
14k

Transcript

  1. Hardening WordPress is an Art

  2. Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a

    startup

  3. Alex Proimos from Sydney, Australia

  4. Is WordPress is secure? → 52% are from WordPress plugins

    → 37% are from core WordPress → 11% are from WordPress themes

  5. Recent incidents

  6. Recent Incidents → Display Widgets → WooCommerce Product Vendors →

    WordPress Security Update 4.8.2 – Update Immediately!

  7. Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting

    (XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal

  8. So what is the Art

  9. Continuous improvements

  10. Find a secured hosting

  11. Don’t forget to update!

  12. Don’t forget to update! → Keep your WordPress up-to-date →

    Update your plugins and themes → Change passwords periodically → Keep yourself updated

  13. Use your own, not defaults!

  14. Use your own, not defaults! → Do not use ‘admin’

    as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix

  15. Stop directory indexing

  16. Prevent User emumaration

  17. Disable XML-RPC if not using

  18. Limit login failed attempts

  19. Backup regularly

  20. Remove unused plugins/themes

  21. Turn on Comments approval

  22. Use HTTPS! Atleast wp-admin area and wp-login.php

  23. Make sure Debugging is off!

  24. Apache, PHP, NGINX, SSL Vulnerabilities

  25. WordPress Vulnerability Database https://wpvulndb.com

  26. WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner

  27. None

  28. Summery → Don’t forget to update. → Use your own

    rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated

  29. From Sri Lanka !

  30. Thank you !