Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Hardening WordPress is An Art

Avatar for Chathu Vishwajith Chathu Vishwajith
September 23, 2017
Technology
0
150

Hardening WordPress is An Art

My presentation for First-ever WordCamp Colombo 2017, Sri Lanka

#wccmb

Avatar for Chathu Vishwajith

Chathu Vishwajith

September 23, 2017
Tweet

More Decks by Chathu Vishwajith

See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
Avatar for Chathu Vishwajith iamchathu
0
67
Properly Securing Node.js APIs
Avatar for Chathu Vishwajith iamchathu
0
60
Hardening WordPress is kind of Art
Avatar for Chathu Vishwajith iamchathu
0
130
It's Someone Else's Servers
Avatar for Chathu Vishwajith iamchathu
0
45
Speed Up Your WordPess
Avatar for Chathu Vishwajith iamchathu
0
110
CMBJS Meetup: Securing NodeJS APIs with JWT
Avatar for Chathu Vishwajith iamchathu
0
110

Other Decks in Technology

See All in Technology
新 Security HubがついにGA!仕組みや料金を深堀り #AWSreInvent #regrowth / AWS Security Hub Advanced GA
Avatar for MasahiroKawahara masahirokawahara
1
1.9k
第4回 「メタデータ通り」 リアル開催
Avatar for データ横丁 datayokocho
0
130
IAMユーザーゼロの運用は果たして可能なのか
Avatar for Yuuki Yamashita yama3133
1
110
日本Rubyの会の構造と実行とあと何か / hokurikurk01
Avatar for Masayoshi Takahashi takahashim
4
1.1k
打 造 A I 驅 動 的 G i t H u b ⾃ 動 化 ⼯ 作 流 程
Avatar for Bo-Yi Wu appleboy
0
320
AWS Trainium3 をちょっと身近に感じたい
Avatar for Yasutaka OHMURA bigmuramura
1
140
Fashion×AI「似合う」を届けるためのWEARのAI戦略
Avatar for ZOZO Developers zozotech
PRO
2
400
AWS Bedrock AgentCoreで作る 1on1支援AIエージェント 〜Memory × Evaluationsによる実践開発〜
Avatar for Yusuke Shimizu yusukeshimizu
6
400
エンジニアリングをやめたくないので問い続ける
Avatar for estie | エスティ estie
2
1.2k
多様なデジタルアイデンティティを攻撃からどうやって守るのか / 20251212
Avatar for Ayokura ayokura
0
440
AWS re:Invent 2025で見たGrafana最新機能の紹介
Avatar for 濱田孝治 hamadakoji
0
370
年間40件以上の登壇を続けて見えた「本当の発信力」/ 20251213 Masaki Okuda
Avatar for SHIFT EVOLVE shift_evolve
PRO
1
130

Featured

See All Featured
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
21
1.3k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
49
3.2k
A better future with KSS
Avatar for Kyle Neath kneath
240
18k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
791
250k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
162
23k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.3k
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
73
5k
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
80
6.1k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
190
11k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
9
1.1k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
141
7.2k
Designing Experiences People Love
Avatar for Jonathan Moore moore
143
24k

Transcript

  1. Hardening WordPress is an Art

  2. Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a

    startup

  3. Alex Proimos from Sydney, Australia

  4. Is WordPress is secure? → 52% are from WordPress plugins

    → 37% are from core WordPress → 11% are from WordPress themes

  5. Recent incidents

  6. Recent Incidents → Display Widgets → WooCommerce Product Vendors →

    WordPress Security Update 4.8.2 – Update Immediately!

  7. Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting

    (XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal

  8. So what is the Art

  9. Continuous improvements

  10. Find a secured hosting

  11. Don’t forget to update!

  12. Don’t forget to update! → Keep your WordPress up-to-date →

    Update your plugins and themes → Change passwords periodically → Keep yourself updated

  13. Use your own, not defaults!

  14. Use your own, not defaults! → Do not use ‘admin’

    as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix

  15. Stop directory indexing

  16. Prevent User emumaration

  17. Disable XML-RPC if not using

  18. Limit login failed attempts

  19. Backup regularly

  20. Remove unused plugins/themes

  21. Turn on Comments approval

  22. Use HTTPS! Atleast wp-admin area and wp-login.php

  23. Make sure Debugging is off!

  24. Apache, PHP, NGINX, SSL Vulnerabilities

  25. WordPress Vulnerability Database https://wpvulndb.com

  26. WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner

  27. None

  28. Summery → Don’t forget to update. → Use your own

    rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated

  29. From Sri Lanka !

  30. Thank you !