Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hardening WordPress is kind of Art
Search
Chathu Vishwajith
November 25, 2017
Technology
0
110
Hardening WordPress is kind of Art
Update presentation I did at WordCamp Utrecht 2017, Netherlands
Chathu Vishwajith
November 25, 2017
Tweet
Share
More Decks by Chathu Vishwajith
See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
iamchathu
0
31
Properly Securing Node.js APIs
iamchathu
0
52
It's Someone Else's Servers
iamchathu
0
38
Hardening WordPress is An Art
iamchathu
0
100
Speed Up Your WordPess
iamchathu
0
100
CMBJS Meetup: Securing NodeJS APIs with JWT
iamchathu
0
84
Other Decks in Technology
See All in Technology
「手動オペレーションに定評がある」と言われた私が心がけていること / phpcon_odawara2024
blue_goheimochi
1
310
なぜ NOT A HOTEL が Web3 に取り組むのか - NOT A HOTEL TECH TALK
ynunokawa
0
160
DevOpsDays History and my DevOps story
kawaguti
PRO
1
270
Tableau事例紹介 / Tableau Case Study of Eureka
kazuya_araki_tokyo
1
170
CloudFrontの継続的デプロイを試してみたはなし
stknohg
PRO
0
620
OpenTelemetry を使ったトレースエグザンプラーの活用 / otel-trace-exemplar
k6s4i53rx
2
600
Oracle Exadata Database Service on Cloud@Customer (ExaDB-C@C) - UI スクリーン・キャプチャ集
oracle4engineer
PRO
1
1.1k
[2024年3月版] Databricksのシステムアーキテクチャ
databricksjapan
7
1.8k
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs (QCon London)
inesmontani
PRO
0
140
転移学習とドメイン適応の基礎
kmatsui
2
560
Signals Unleashed: The Full Guide
rainerhahnekamp
0
350
強みを伸ばすキャリアデザイン
yug1224
0
200
Featured
See All Featured
Building Applications with DynamoDB
mza
88
5.6k
Design by the Numbers
sachag
274
18k
Fontdeck: Realign not Redesign
paulrobertlloyd
75
4.9k
A better future with KSS
kneath
230
16k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
103
6.6k
YesSQL, Process and Tooling at Scale
rocio
161
13k
Six Lessons from altMBA
skipperchong
19
3k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
657
120k
10 Git Anti Patterns You Should be Aware of
lemiorhan
645
57k
Optimising Largest Contentful Paint
csswizardry
7
2.3k
Bash Introduction
62gerente
604
210k
Transcript
None
Hardening WordPress is kind of Art
Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a
startup
Alex Proimos from Sydney, Australia
Is WordPress is secure? → 52% are from WordPress plugins
→ 37% are from core WordPress → 11% are from WordPress themes
Recent incidents
Recent Incidents → bbPress → Shortcodes Ultimate → Formidable Forms
→ Duplicator → Yoast SEO 5.7.1 → WordPress Security Update 4.8.2 – Update Immediately! → WordPress 4.9
Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting
(XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal
So what is the Art
Continuous improvements
Find a secured hosting
Don’t forget to update!
Don’t forget to update! → Keep your WordPress up-to-date →
Update your plugins and themes → Change passwords periodically → Keep yourself updated
Use your own, not defaults!
Use your own, not defaults! → Do not use ‘admin’
as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix
Stop directory indexing
Prevent User emumaration
Disable XML-RPC if not using
Limit login failed attempts
Backup regularly
Use Two Factor Authentication
Remove unused plugins/themes
Turn on Comments approval
Use HTTPS! Atleast wp-admin area and wp-login.php
Make sure Debugging is off!
Apache, PHP, NGINX, SSL Vulnerabilities
WordPress Vulnerability Database https://wpvulndb.com
WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner
None
Summery → Don’t forget to update. → Use your own
rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated
From Holland Artist
Thank you