Upgrade to Pro — share decks privately, control downloads, hide ads and more …

WordPressのセキュリティについて / gifuwpm20-wordpress-secu...

Avatar for Koji Kuno Koji Kuno
March 14, 2020
Programming
0
77

WordPressのセキュリティについて / gifuwpm20-wordpress-security

Gifu WordPress Meetup #20 での登壇資料です。

Avatar for Koji Kuno

Koji Kuno

March 14, 2020
Tweet

More Decks by Koji Kuno

See All by Koji Kuno
unitoneが楽しくなるまでの道のり
Avatar for Koji Kuno oleindesign
0
88
WordPress 6.5 の新機能紹介
Avatar for Koji Kuno oleindesign
0
120
How to deal with WordPress themes in the future
Avatar for Koji Kuno oleindesign
0
1.6k
WordPress(再)入門 - 運用・学習編
Avatar for Koji Kuno oleindesign
0
220
WordPress(再)入門 - カスタマイズ編
Avatar for Koji Kuno oleindesign
0
250
WordPress(再)入門 - コンテンツ作成方法編
Avatar for Koji Kuno oleindesign
0
200
WordPress(再)入門 - テーマ・プラグイン編 / introduction-to-wordpress-again-theme-plugin
Avatar for Koji Kuno oleindesign
0
230
WordPress(再)入門 - 基本設定編 / introduction-to-wordpress-again-basic-settings
Avatar for Koji Kuno oleindesign
0
450
WordPress(再)入門 - 基礎知識・環境編
Avatar for Koji Kuno oleindesign
2
1k

Other Decks in Programming

See All in Programming
私達はmodernize packageに夢を見るか feat. go/analysis, go/ast / Go Conference 2025
Avatar for m_t_tion1 kaorumuta
2
570
What Spring Developers Should Know About Jakarta EE
Avatar for ivargrimstad ivargrimstad
0
150
「ちょっと古いから」って避けてた技術書、今だからこそ読もう
Avatar for もっち mottyzzz
11
6.8k
コードとあなたと私の距離 / The Distance Between Code, You, and I
Avatar for YAMAOKA Hiroyuki hiro_y
0
170
NixOS + Kubernetesで構築する自宅サーバーのすべて
Avatar for ichi-h ichi_h3
0
930
Claude CodeによるAI駆動開発の実践 〜そこから見えてきたこれからのプログラミング〜
Avatar for 入井 啓太 iriikeita
0
260
株式会社 Sun terras カンパニーデック
Avatar for Sun terras.Inc sunterras
0
320
なぜあの開発者はDevRelに伴走し続けるのか / Why Does That Developer Keep Running Alongside DevRel?
Avatar for nrs nrslib
3
410
iOSエンジニア向けの英語学習アプリを作る!
Avatar for yukawashouhei yukawashouhei
0
200
iOSエンジニア向けの英語学習アプリを作る!
Avatar for yukawashouhei yukawashouhei
0
190
Devoxx BE - Local Development in the AI Era
Avatar for Kevin Dubois kdubois
0
130
What's new in Spring Modulith?
Avatar for Oliver Drotbohm olivergierke
1
150

Featured

See All Featured
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
11k
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
2.8k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
4.8k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
127
17k
Designing for humans not robots
Avatar for Tammie Lister tammielis
254
26k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
340
57k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
36
6.9k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
8.9k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
45
2.5k
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
79
6k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
620
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
9
590

Transcript

  1. 8PSE1SFTTͷηΩϡϦςΟʹ ͍ͭͯ (JGV8PSE1SFTT.FFUVQ ೥݄೔ʢ౔ʣʙ

  2. ࣗݾ঺հ w 8FC੍࡞ܥϑϦʔϥϯε w ࠷ۙʮσʔλɾαΠΤϯεʯʹ͍ͭͯڵຯ௡ʑ w ग़਎͸άϥϑΟοΫσβΠϯɻ8FC͸׬શಠֶɻ w ಈը഑৴ʹ΋खΛग़࢝͠Ίͨɻ

  3. 8PSE1SFTTͷηΩϡϦςΟʹ ͍ͭͯ

  4. ৘ใηΩϡϦςΟͷ̏෼ྨ w ਓతڴҖ
 ˠ৘ใΛ౪Ήɾෆਖ਼ར༻ɾޡૢ࡞ͳͲਓ͕ى͜͢΋ͷ w ٕज़తڴҖ
 ˠෆਖ਼ΞΫηεɾվ͟ΜɾΫϥοΩϯά w ෺ཧతڴҖ
 ˠαʔόʔ͕෺ཧతʹյΕΔͳͲ

  5. 8PSE1SFTT͸ૂΘΕ΍͍͢ʁ w ʮૂΘΕ΍͍͢ʯͱࢥ͏ʢݸਓతײ૝ʣ w γΣΞ͔Βߟ͑ͯ8PSE1SFTTΛૂ͑͹खͬऔΓૣ͍ͱߟ ͑Δͷ͕ଥ౰ w ΦʔϓϯιʔεͳͷͰத਎͸୭Ͱ΋ݟΔ͜ͱ͕Ͱ͖Δ

  6. ຊ౰ʹ8PSE1SFTT͡Όͳ͍ͱμϝʁ w ͦͷ΢ΣϒαΠτ͕8PSE1SFTTͰ͋Δ΂͖ཧ༝͸ʁ w ଞͷແྉɾ༗ྉϒϩάαʔϏεͰ͸ͩΊʁ w ੩త΢ΣϒαΠτͰྑ͍ͷͰ͸ʁ

  7. ޮՌ͕ߴ͍ʢͱߟ͑ΒΕΔʣ ରࡦ ύεϫʔυͷ؅ཧ ΞοϓσʔτΛ͢Δ ϩάΠϯ63-Λมߋ͢Δ 44-Խ 8"'ಋೖ ࢖Θͳ͍ςʔϚɾϓϥάΠϯͷແޮԽ࡟আ

  8. ύεϫʔυͷ؅ཧ w ೦ͷͨΊॳظύεϫʔυ͔Βมߋ͓ͯ͜͠͏ w ҆શͳύεϫʔυͱ͸ʁʢ૯຿লࢀরʣ ໊લͳͲͷݸਓ৘ใ͔Β͸ਪଌͰ͖ͳ͍͜ͱ ӳ୯ޠͳͲΛͦͷ··࢖༻͠ͳ͍͜ͱ ΞϧϑΝϕοτͱ਺ࣈ͕ࠞࡏ͍ͯ͠Δ͜ͱ ద੾ͳ௕͞ͷจࣈྻͰ͋Δ͜ͱ ྨਪ͠΍͍͢ฒͼํ΍ͦͷ༰қͳ૊Έ߹Θͤʹ͠ͳ͍͜ͱ

  9. ύεϫʔυͷ࠷େղಡ࣌ؒ https://www.ipa.go.jp/security/txt/2008/10outline.html

  10. ΞοϓσʔτΛ͢Δ w 8PSE1SFTTίΞͷߋ৽ʢϚΠφʔ͸ࣗಈʣ w ϓϥάΠϯςʔϚͷߋ৽ w ίΞWFSʹରԠ͍ͯ͠Δ͔֬ೝ͢Δ΂͖

  11. ϓϥάΠϯͷબͼํ

  12. όοΫΞοϓΛऔಘ͠Α͏ w ΞοϓσʔτΛ࣮ߦͯ͠ը໘͕ਅͬനʹʜ w ͦΜͳ࣌ʹ͸ɺόοΫΞοϓσʔλͰ෮ݩ͠·͢ w "MMJO0OF81.JHSBUJPO͕ʢݸਓతʹ͸ʣ͓͢͢Ί
 ˠόοΫΞοϓऔಘͱ෮ݩ͕؆୯ w ීஈ͔ΒఆظతͳόοΫΞοϓΛεέδϡʔϧԽ͢Δ

  13. ϩάΠϯ63-Λมߋ͢Δ IUUQTTBNQMFDPNXQMPHJOQIQ

  14. ϩάΠϯ63-Λมߋ͢Δ w खಈͰରԠ΋Մೳ
 ˠϋʔυϧ͕ߴ͍ͷͰϓϥάΠϯͰػೳ௥Ճ͕Φεεϝ w 4JUF(VBSE811MVHJO w ʲ஫ҙʳ༗ޮԽͨ͠Βඪ४ઃఆͰϩάΠϯ63-͕มߋ ͞Εͯ͠·͏ͷͰѻ͍ʹ஫ҙ w

    Ճ͑ͯϩάΠϯը໘ʹ#"4*$ೝূΛ෇͚Δͱ͍͏ख΋

  15. 44-Խ w 4FDVSF4PDLFUT-BZFSͷུ w ΢ΣϒαΠτͱσόΠεʢ1$ͳͲʣͱͷؒͰ΍ΓऔΓ͢ ΔσʔλΛ҉߸Խͯ͠౪Έʹ͘͘͢Δ࢓૊Έ w IUUQTʙͰΞΫηεͰ͖Δ΢ΣϒαΠτ͸ରԠࡁΈ w (PPHMF$ISPNFͳͲͰ͸ରԠ͍ͯ͠ͳ͍ͱʮอޢ͞Εͯ

    ͍ͳ͍௨৴ʯͱදࣔ͞ΕͨΓ͢Δ

  16. 44-Խͷํ๏ w ར༻͍ͯ͠ΔαʔϏε΍αʔόʔʹΑ༷ͬͯʑͳͷͰҰ ֓ʹํ๏ΛఏࣔͰ͖ͳ͍ w طଘ΢ΣϒαΠτΛରԠ͢Δ৔߹ɺαΠτ಺ʹઃஔ͞Ε ͍ͯΔϦϯΫશ͕ͯIUUQTʙʹͳ͍ͬͯͳ͍ͱ׬શͳ 44-Խʹ͸ͳΒͳ͍ʢNJYFEDPOUFOUʣ w ద౰ʹ΍Βͣʹ༗ࣝऀʹ૬ஊ͢Δ͜ͱΛ͓קΊ͠·͢

  17. 8"'ಋೖ w 8FC"QQMJDBUJPO'JSFXBMMͷུ w αʔόʔଆPSϓϥάΠϯͰͷಋೖ͕Ұൠత w 9TFSWFSϩϦϙTBLVSB͸ར༻Մೳ w 8PSEGFODF4FDVSJUZ'JSFXBMM.BMXBSF4DBOͳͲ w

    81ɾϓϥάΠϯͷػೳʹΑΔΞΫηεΛޡͬͯःஅͯ͠ ͠·͏͜ͱ͕͋Δˠνϡʔχϯά͕ඞཁͳ৔߹΋͋Δ

  18. ࢖Θͳ͍ςʔϚɾϓϥάΠϯͷ ແޮԽ࡟আ w ඪ४Ͱ5XFOUZʙςʔϚ͕ෳ਺Πϯετʔϧ͞Ε͍ͯΔ͕ ෆཁͳΒ࡟আʢఆظతʹߋ৽͍ͯ͠Ε͹0,ʣ w ࢖Θͳ͍PSݹ͍ϓϥάΠϯ͸ɺ࡟আPS৐Γ׵͑ʢஔ͖׵ ͑ʣΛݕ౼͢Δ w ఆظతʹ֬ೝ͢Δश׳Λ࣋ͭͱϕλʔ

  19. ·ͱΊ w *%ͱ18͸ΦϦδφϦςΟΛ࣋ͭ w ߋ৽͠ͳ͍ͳΒ8PSE1SFTT࢖Θͳ͍ʢ͘Β͍ͷؾ࣋ͪͰʣ w όοΫΞοϓ͸ඞਢʢ෮ݩ΋࿅शͯ͠ΈΑ͏ʣ w ϩάΠϯ63-Λมߋͯ͠#"4*$ೝূ΋ซͤΔͱ٢ w

    44-Խ͸ࠓ΍ৗࣝʢඞਢʣϨϕϧ