Hardening WordPress is kind of Art

Transcript

1. None

2. Hardening WordPress is kind of Art

3. Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a

   startup

4. Alex Proimos from Sydney, Australia

5. Is WordPress is secure? → 52% are from WordPress plugins

   → 37% are from core WordPress → 11% are from WordPress themes

6. Recent incidents

7. Recent Incidents → bbPress → Shortcodes Ultimate → Formidable Forms

   → Duplicator → Yoast SEO 5.7.1 → WordPress Security Update 4.8.2 – Update Immediately! → WordPress 4.9

8. Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting

   (XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal

9. So what is the Art

10. Continuous improvements

11. Find a secured hosting

12. Don’t forget to update!

13. Don’t forget to update! → Keep your WordPress up-to-date →

    Update your plugins and themes → Change passwords periodically → Keep yourself updated

14. Use your own, not defaults!

15. Use your own, not defaults! → Do not use ‘admin’

    as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix

16. Stop directory indexing

17. Prevent User emumaration

18. Disable XML-RPC if not using

19. Limit login failed attempts

20. Backup regularly

21. Use Two Factor Authentication

22. Remove unused plugins/themes

23. Turn on Comments approval

24. Use HTTPS! Atleast wp-admin area and wp-login.php

25. Make sure Debugging is off!

26. Apache, PHP, NGINX, SSL Vulnerabilities

27. WordPress Vulnerability Database https://wpvulndb.com

28. WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner

29. None

30. Summery → Don’t forget to update. → Use your own

    rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated

31. From Holland Artist

32. Thank you