Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hardening WordPress is kind of Art
Search
Chathu Vishwajith
November 25, 2017
Technology
0
120
Hardening WordPress is kind of Art
Update presentation I did at WordCamp Utrecht 2017, Netherlands
Chathu Vishwajith
November 25, 2017
Tweet
Share
More Decks by Chathu Vishwajith
See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
iamchathu
0
61
Properly Securing Node.js APIs
iamchathu
0
55
It's Someone Else's Servers
iamchathu
0
42
Hardening WordPress is An Art
iamchathu
0
140
Speed Up Your WordPess
iamchathu
0
110
CMBJS Meetup: Securing NodeJS APIs with JWT
iamchathu
0
100
Other Decks in Technology
See All in Technology
Witchcraft for Memory
pocke
1
310
Абьюзим random_bytes(). Фёдор Кулаков, разработчик Lamoda Tech
lamodatech
0
340
CI/CD/IaC 久々に0から環境を作ったらこうなりました
kaz29
1
170
LinkX_GitHubを基点にした_AI時代のプロジェクトマネジメント.pdf
iotcomjpadmin
0
170
GitHub Copilot の概要
tomokusaba
1
130
Observability infrastructure behind the trillion-messages scale Kafka platform
lycorptech_jp
PRO
0
140
セキュリティの民主化は何故必要なのか_AWS WAF 運用の 10 の苦悩から学ぶ
yoh
1
140
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
26k
AIのAIによるAIのための出力評価と改善
chocoyama
2
550
BrainPadプログラミングコンテスト記念LT会2025_社内イベント&問題解説
brainpadpr
1
160
AIエージェント最前線! Amazon Bedrock、Amazon Q、そしてMCPを使いこなそう
minorun365
PRO
14
5.1k
2025-06-26_Lightning_Talk_for_Lightning_Talks
_hashimo2
2
100
Featured
See All Featured
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.4k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.3k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.4k
Build The Right Thing And Hit Your Dates
maggiecrowley
36
2.8k
Designing for Performance
lara
609
69k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
490
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
Art, The Web, and Tiny UX
lynnandtonic
299
21k
Balancing Empowerment & Direction
lara
1
370
Transcript
None
Hardening WordPress is kind of Art
Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a
startup
Alex Proimos from Sydney, Australia
Is WordPress is secure? → 52% are from WordPress plugins
→ 37% are from core WordPress → 11% are from WordPress themes
Recent incidents
Recent Incidents → bbPress → Shortcodes Ultimate → Formidable Forms
→ Duplicator → Yoast SEO 5.7.1 → WordPress Security Update 4.8.2 – Update Immediately! → WordPress 4.9
Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting
(XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal
So what is the Art
Continuous improvements
Find a secured hosting
Don’t forget to update!
Don’t forget to update! → Keep your WordPress up-to-date →
Update your plugins and themes → Change passwords periodically → Keep yourself updated
Use your own, not defaults!
Use your own, not defaults! → Do not use ‘admin’
as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix
Stop directory indexing
Prevent User emumaration
Disable XML-RPC if not using
Limit login failed attempts
Backup regularly
Use Two Factor Authentication
Remove unused plugins/themes
Turn on Comments approval
Use HTTPS! Atleast wp-admin area and wp-login.php
Make sure Debugging is off!
Apache, PHP, NGINX, SSL Vulnerabilities
WordPress Vulnerability Database https://wpvulndb.com
WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner
None
Summery → Don’t forget to update. → Use your own
rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated
From Holland Artist
Thank you