$30 off During Our Annual Pro Sale. View Details »

Hardening WordPress is kind of Art

Avatar for Chathu Vishwajith Chathu Vishwajith
November 25, 2017
Technology
0
130

Hardening WordPress is kind of Art

Update presentation I did at WordCamp Utrecht 2017, Netherlands

Avatar for Chathu Vishwajith

Chathu Vishwajith

November 25, 2017
Tweet

More Decks by Chathu Vishwajith

See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
Avatar for Chathu Vishwajith iamchathu
0
67
Properly Securing Node.js APIs
Avatar for Chathu Vishwajith iamchathu
0
60
It's Someone Else's Servers
Avatar for Chathu Vishwajith iamchathu
0
45
Hardening WordPress is An Art
Avatar for Chathu Vishwajith iamchathu
0
150
Speed Up Your WordPess
Avatar for Chathu Vishwajith iamchathu
0
110
CMBJS Meetup: Securing NodeJS APIs with JWT
Avatar for Chathu Vishwajith iamchathu
0
110

Other Decks in Technology

See All in Technology
Kubernetes Multi-tenancy: Principles and Practices for Large Scale Internal Platforms
Avatar for hhiroshell hhiroshell
0
120
MLflowダイエット大作戦
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
110
SSO方式とJumpアカウント方式の比較と設計方針
Avatar for Yuto Obayashi yuobayashi
7
620
AWS Security Agentの紹介/introducing-aws-security-agent
Avatar for tomoki10 tomoki10
0
230
新 Security HubがついにGA!仕組みや料金を深堀り #AWSreInvent #regrowth / AWS Security Hub Advanced GA
Avatar for MasahiroKawahara masahirokawahara
1
1.9k
グレートファイアウォールを自宅に建てよう
Avatar for 綿糸てせ ctes091x
0
150
30分であなたをOmniのファンにしてみせます~分析画面のクリック操作をそのままコード化できるAI-ReadyなBIツール~
Avatar for Sagara sagara
0
140
Karate+Database RiderによるAPI自動テスト導入工数をCline+GitLab MCPを使って2割削減を目指す! / 20251206 Kazuki Takahashi
Avatar for SHIFT EVOLVE shift_evolve
PRO
1
750
Fashion×AI「似合う」を届けるためのWEARのAI戦略
Avatar for ZOZO Developers zozotech
PRO
2
340
文字列の並び順 / Unicode Collation
Avatar for とみたまさひろ tmtms
3
580
20251209_WAKECareer_生成AIを活用した設計・開発プロセス
Avatar for syobochim syobochim
7
1.5k
Lambdaの常識はどう変わる?!re:Invent 2025 before after
Avatar for TomoyaIwata iwatatomoya
1
490

Featured

See All Featured
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
13k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
659
61k
Building Applications with DynamoDB
Avatar for Matt Wood mza
96
6.8k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
32
1.8k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
280
24k
Visualization
Avatar for Eitan Lees eitanlees
150
16k
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
45
8.3k
Navigating Team Friction
Avatar for Lara Hogan lara
191
16k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
55
12k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
180
10k
The Language of Interfaces
Avatar for Des Traynor destraynor
162
25k

Transcript

  1. None

  2. Hardening WordPress is kind of Art

  3. Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a

    startup

  4. Alex Proimos from Sydney, Australia

  5. Is WordPress is secure? → 52% are from WordPress plugins

    → 37% are from core WordPress → 11% are from WordPress themes

  6. Recent incidents

  7. Recent Incidents → bbPress → Shortcodes Ultimate → Formidable Forms

    → Duplicator → Yoast SEO 5.7.1 → WordPress Security Update 4.8.2 – Update Immediately! → WordPress 4.9

  8. Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting

    (XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal

  9. So what is the Art

  10. Continuous improvements

  11. Find a secured hosting

  12. Don’t forget to update!

  13. Don’t forget to update! → Keep your WordPress up-to-date →

    Update your plugins and themes → Change passwords periodically → Keep yourself updated

  14. Use your own, not defaults!

  15. Use your own, not defaults! → Do not use ‘admin’

    as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix

  16. Stop directory indexing

  17. Prevent User emumaration

  18. Disable XML-RPC if not using

  19. Limit login failed attempts

  20. Backup regularly

  21. Use Two Factor Authentication

  22. Remove unused plugins/themes

  23. Turn on Comments approval

  24. Use HTTPS! Atleast wp-admin area and wp-login.php

  25. Make sure Debugging is off!

  26. Apache, PHP, NGINX, SSL Vulnerabilities

  27. WordPress Vulnerability Database https://wpvulndb.com

  28. WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner

  29. None

  30. Summery → Don’t forget to update. → Use your own

    rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated

  31. From Holland Artist

  32. Thank you