Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hardening WordPress is kind of Art
Search
Chathu Vishwajith
November 25, 2017
Technology
0
120
Hardening WordPress is kind of Art
Update presentation I did at WordCamp Utrecht 2017, Netherlands
Chathu Vishwajith
November 25, 2017
Tweet
Share
More Decks by Chathu Vishwajith
See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
iamchathu
0
66
Properly Securing Node.js APIs
iamchathu
0
57
It's Someone Else's Servers
iamchathu
0
43
Hardening WordPress is An Art
iamchathu
0
140
Speed Up Your WordPess
iamchathu
0
110
CMBJS Meetup: Securing NodeJS APIs with JWT
iamchathu
0
110
Other Decks in Technology
See All in Technology
20250807_Kiroと私の反省会
riz3f7
0
270
サービスロボット最前線:ugoが挑むPhysical AI活用
kmatsuiugo
0
110
Claude Codeは仕様駆動の夢を見ない
gotalab555
23
7.2k
Exadata Database Service on Dedicated Infrastructure セキュリティ、ネットワーク、および管理について
oracle4engineer
PRO
1
330
Amazon S3 Vectorsは大規模ベクトル検索を低コスト化するサーバーレスなベクトルデータベースだ #jawsugsaga / S3 Vectors As A Serverless Vector Database
quiver
2
990
はじめての転職講座/The Guide of First Career Change
kwappa
5
4.4k
Telemetry APIから学ぶGoogle Cloud ObservabilityとOpenTelemetryの現在 / getting-started-telemetry-api-with-google-cloud
k6s4i53rx
0
160
Delegate authentication and a lot more to Keycloak with OpenID Connect
ahus1
0
240
MCP認可の現在地と自律型エージェント対応に向けた課題 / MCP Authorization Today and Challenges to Support Autonomous Agents
yokawasa
5
2.5k
Oracle Exadata Database Service on Cloud@Customer X11M (ExaDB-C@C) サービス概要
oracle4engineer
PRO
2
6.4k
UDDのススメ - 拡張版 -
maguroalternative
1
620
Mackerel in さくらのクラウド
cubicdaiya
1
270
Featured
See All Featured
Navigating Team Friction
lara
188
15k
A Modern Web Designer's Workflow
chriscoyier
695
190k
Large-scale JavaScript Application Architecture
addyosmani
512
110k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3k
Music & Morning Musume
bryan
46
6.7k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
Adopting Sorbet at Scale
ufuk
77
9.5k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
Balancing Empowerment & Direction
lara
2
570
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.8k
BBQ
matthewcrist
89
9.8k
Transcript
None
Hardening WordPress is kind of Art
Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a
startup
Alex Proimos from Sydney, Australia
Is WordPress is secure? → 52% are from WordPress plugins
→ 37% are from core WordPress → 11% are from WordPress themes
Recent incidents
Recent Incidents → bbPress → Shortcodes Ultimate → Formidable Forms
→ Duplicator → Yoast SEO 5.7.1 → WordPress Security Update 4.8.2 – Update Immediately! → WordPress 4.9
Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting
(XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal
So what is the Art
Continuous improvements
Find a secured hosting
Don’t forget to update!
Don’t forget to update! → Keep your WordPress up-to-date →
Update your plugins and themes → Change passwords periodically → Keep yourself updated
Use your own, not defaults!
Use your own, not defaults! → Do not use ‘admin’
as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix
Stop directory indexing
Prevent User emumaration
Disable XML-RPC if not using
Limit login failed attempts
Backup regularly
Use Two Factor Authentication
Remove unused plugins/themes
Turn on Comments approval
Use HTTPS! Atleast wp-admin area and wp-login.php
Make sure Debugging is off!
Apache, PHP, NGINX, SSL Vulnerabilities
WordPress Vulnerability Database https://wpvulndb.com
WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner
None
Summery → Don’t forget to update. → Use your own
rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated
From Holland Artist
Thank you