Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hardening WordPress is kind of Art
Search
Chathu Vishwajith
November 25, 2017
Technology
140
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Hardening WordPress is kind of Art
Update presentation I did at WordCamp Utrecht 2017, Netherlands
Chathu Vishwajith
November 25, 2017
More Decks by Chathu Vishwajith
See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
iamchathu
0
78
Properly Securing Node.js APIs
iamchathu
0
63
It's Someone Else's Servers
iamchathu
0
56
Hardening WordPress is An Art
iamchathu
0
160
Speed Up Your WordPess
iamchathu
0
120
CMBJS Meetup: Securing NodeJS APIs with JWT
iamchathu
0
110
Other Decks in Technology
See All in Technology
FinOps X 2026 Recap from Engineer Side #JapanFinOps
chacco38
0
260
AIに障害切り分けを全部やってもらった。 。 。 。
estie
0
360
product engineering with qa
nealle
0
140
Docker Desktop不要の時代が来る? WSL標準の「wslc」で Linuxコンテナを動かしてみた.
ueponx
0
700
Baseline対応のDOMの型定義を作った
uhyo
3
690
Mastraエージェント、どのクラウドにデプロイする?
minorun365
PRO
2
170
金融の未来を考える / Thinking About the Future of Finance
ks91
PRO
0
150
RAGの精度向上とエージェント活用
kintotechdev
2
130
SRE Lounge Hiroshimaへの招待
grimoh
0
220
AI時代のエンジニアキャリアについて今一度考える
sakamoto_582
1
1.2k
Keeping applications secure by evolving OAuth 2.0 and OpenID Connect
ahus1
PRO
1
140
そのハーネス、本当に境界になっていますか? AIエージェント時代の実行環境設計【MEGU-Meet #4】
cscengineer
PRO
0
110
Featured
See All Featured
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
1
410
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
340
Mind Mapping
helmedeiros
PRO
1
280
Claude Code のすすめ
schroneko
67
230k
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
mfonobong
2
460
A Soul's Torment
seathinner
6
3k
Discover your Explorer Soul
emna__ayadi
2
1.2k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
150
Design in an AI World
tapps
1
260
Code Reviewing Like a Champion
maltzj
528
40k
The browser strikes back
jonoalderson
0
1.4k
Transcript
None
Hardening WordPress is kind of Art
Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a
startup
Alex Proimos from Sydney, Australia
Is WordPress is secure? → 52% are from WordPress plugins
→ 37% are from core WordPress → 11% are from WordPress themes
Recent incidents
Recent Incidents → bbPress → Shortcodes Ultimate → Formidable Forms
→ Duplicator → Yoast SEO 5.7.1 → WordPress Security Update 4.8.2 – Update Immediately! → WordPress 4.9
Types of vulnerabilities → SQL Injection (SQLI) → Cross-site Scripting
(XSS) → Cross-Site Request Forgery (CSRF) → Brute Force → Denial of Service (DoS) → Distributed Denial of Service (DDoS) → Full Path Disclosure (FPD) → User Enumeration → Remote Code Execution (RCE) → Remote File Inclusion (RFI) → Directory Traversal
So what is the Art
Continuous improvements
Find a secured hosting
Don’t forget to update!
Don’t forget to update! → Keep your WordPress up-to-date →
Update your plugins and themes → Change passwords periodically → Keep yourself updated
Use your own, not defaults!
Use your own, not defaults! → Do not use ‘admin’
as your username → Change WP_CONFIG’s keys and salt values to randomly generated values → Change table prefix
Stop directory indexing
Prevent User emumaration
Disable XML-RPC if not using
Limit login failed attempts
Backup regularly
Use Two Factor Authentication
Remove unused plugins/themes
Turn on Comments approval
Use HTTPS! Atleast wp-admin area and wp-login.php
Make sure Debugging is off!
Apache, PHP, NGINX, SSL Vulnerabilities
WordPress Vulnerability Database https://wpvulndb.com
WordPress Vulnerability Scanner https://github.com/RamadhanAmizudin/ Wordpress-scanner
None
Summery → Don’t forget to update. → Use your own
rather defaults. → Stop directory traversal. → Disable XML-RPC if you are not using it. → Limit login attempts. → Backup regularly → Remove unused plugins/themes → Keep yourself updated
From Holland Artist
Thank you