Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hardening WordPress is An Art
Search
Chathu Vishwajith
September 23, 2017
Technology
0
140
Hardening WordPress is An Art
My presentation for First-ever WordCamp Colombo 2017, Sri Lanka
#wccmb
Chathu Vishwajith
September 23, 2017
Tweet
Share
More Decks by Chathu Vishwajith
See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
iamchathu
0
61
Properly Securing Node.js APIs
iamchathu
0
55
Hardening WordPress is kind of Art
iamchathu
0
120
It's Someone Else's Servers
iamchathu
0
42
Speed Up Your WordPess
iamchathu
0
110
CMBJS Meetup: Securing NodeJS APIs with JWT
iamchathu
0
100
Other Decks in Technology
See All in Technology
AWS アーキテクチャ作図入門/aws-architecture-diagram-101
ma2shita
29
11k
標準技術と独自システムで作る「つらくない」SaaS アカウント管理 / Effortless SaaS Account Management with Standard Technologies & Custom Systems
yuyatakeyama
3
1.2k
本が全く読めなかった過去の自分へ
genshun9
0
290
Clineを含めたAIエージェントを 大規模組織に導入し、投資対効果を考える / Introducing AI agents into your organization
i35_267
4
1.6k
Oracle Audit Vault and Database Firewall 20 概要
oracle4engineer
PRO
3
1.7k
「Chatwork」の認証基盤の移行とログ活用によるプロダクト改善
kubell_hr
1
150
AIのAIによるAIのための出力評価と改善
chocoyama
2
550
セキュリティの民主化は何故必要なのか_AWS WAF 運用の 10 の苦悩から学ぶ
yoh
1
140
エンジニア向け技術スタック情報
kauche
1
250
地図も、未来も、オープンに。 〜OSGeo.JPとFOSS4Gのご紹介〜
wata909
0
110
第9回情シス転職ミートアップ_テックタッチ株式会社
forester3003
0
230
Postman AI エージェントビルダー最新情報
nagix
0
110
Featured
See All Featured
Java REST API Framework Comparison - PWX 2021
mraible
31
8.6k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
We Have a Design System, Now What?
morganepeng
53
7.7k
Designing for Performance
lara
609
69k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
60k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.3k
How to train your dragon (web standard)
notwaldorf
93
6.1k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Gamification - CAS2011
davidbonilla
81
5.3k
A Modern Web Designer's Workflow
chriscoyier
694
190k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
670
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
Transcript
Hardening WordPress is an Art
Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a
startup
Alex Proimos from Sydney, Australia
Is WordPress is secure? → 52% are from WordPress plugins
→ 37% are from core WordPress → 11% are from WordPress themes
Recent incidents
Recent Incidents → Display Widgets → WooCommerce Product Vendors →
WordPress Security Update 4.8.2 – Update Immediately!
Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting
(XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal
So what is the Art
Continuous improvements
Find a secured hosting
Don’t forget to update!
Don’t forget to update! → Keep your WordPress up-to-date →
Update your plugins and themes → Change passwords periodically → Keep yourself updated
Use your own, not defaults!
Use your own, not defaults! → Do not use ‘admin’
as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix
Stop directory indexing
Prevent User emumaration
Disable XML-RPC if not using
Limit login failed attempts
Backup regularly
Remove unused plugins/themes
Turn on Comments approval
Use HTTPS! Atleast wp-admin area and wp-login.php
Make sure Debugging is off!
Apache, PHP, NGINX, SSL Vulnerabilities
WordPress Vulnerability Database https://wpvulndb.com
WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner
None
Summery → Don’t forget to update. → Use your own
rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated
From Sri Lanka !
Thank you !