Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hardening WordPress is An Art
Search
Chathu Vishwajith
September 23, 2017
Technology
0
140
Hardening WordPress is An Art
My presentation for First-ever WordCamp Colombo 2017, Sri Lanka
#wccmb
Chathu Vishwajith
September 23, 2017
Tweet
Share
More Decks by Chathu Vishwajith
See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
iamchathu
0
67
Properly Securing Node.js APIs
iamchathu
0
57
Hardening WordPress is kind of Art
iamchathu
0
120
It's Someone Else's Servers
iamchathu
0
43
Speed Up Your WordPess
iamchathu
0
110
CMBJS Meetup: Securing NodeJS APIs with JWT
iamchathu
0
110
Other Decks in Technology
See All in Technology
未経験者・初心者に贈る!40分でわかるAndroidアプリ開発の今と大事なポイント
operando
6
750
テストを軸にした生き残り術
kworkdev
PRO
0
220
プラットフォーム転換期におけるGitHub Copilot活用〜Coding agentがそれを加速するか〜 / Leveraging GitHub Copilot During Platform Transition Periods
aeonpeople
1
240
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
8.8k
人工衛星のファームウェアをRustで書く理由
koba789
15
8.3k
20250913_JAWS_sysad_kobe
takuyay0ne
2
250
スマートファクトリーの第一歩 〜AWSマネージドサービスで 実現する予知保全と生成AI活用まで
ganota
2
320
AIエージェント開発用SDKとローカルLLMをLINE Botと組み合わせてみた / LINEを使ったLT大会 #14
you
PRO
0
130
企業の生成AIガバナンスにおけるエージェントとセキュリティ
lycorptech_jp
PRO
2
200
Unlocking the Power of AI Agents with LINE Bot MCP Server
linedevth
0
120
Codeful Serverless / 一人運用でもやり抜く力
_kensh
7
450
ブロックテーマ時代における、テーマの CSS について考える Toro_Unit / 2025.09.13 @ Shinshu WordPress Meetup
torounit
0
130
Featured
See All Featured
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
18
1.1k
Navigating Team Friction
lara
189
15k
Rails Girls Zürich Keynote
gr2m
95
14k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Site-Speed That Sticks
csswizardry
10
820
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
The Language of Interfaces
destraynor
161
25k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
113
20k
Raft: Consensus for Rubyists
vanstee
140
7.1k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
46
7.6k
Transcript
Hardening WordPress is an Art
Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a
startup
Alex Proimos from Sydney, Australia
Is WordPress is secure? → 52% are from WordPress plugins
→ 37% are from core WordPress → 11% are from WordPress themes
Recent incidents
Recent Incidents → Display Widgets → WooCommerce Product Vendors →
WordPress Security Update 4.8.2 – Update Immediately!
Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting
(XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal
So what is the Art
Continuous improvements
Find a secured hosting
Don’t forget to update!
Don’t forget to update! → Keep your WordPress up-to-date →
Update your plugins and themes → Change passwords periodically → Keep yourself updated
Use your own, not defaults!
Use your own, not defaults! → Do not use ‘admin’
as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix
Stop directory indexing
Prevent User emumaration
Disable XML-RPC if not using
Limit login failed attempts
Backup regularly
Remove unused plugins/themes
Turn on Comments approval
Use HTTPS! Atleast wp-admin area and wp-login.php
Make sure Debugging is off!
Apache, PHP, NGINX, SSL Vulnerabilities
WordPress Vulnerability Database https://wpvulndb.com
WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner
None
Summery → Don’t forget to update. → Use your own
rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated
From Sri Lanka !
Thank you !