Upgrade to Pro — share decks privately, control downloads, hide ads and more …

WordPressのセキュリティについて / gifuwpm20-wordpress-secu...

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Koji Kuno Koji Kuno
March 14, 2020
Programming
0
79

WordPressのセキュリティについて / gifuwpm20-wordpress-security

Gifu WordPress Meetup #20 での登壇資料です。

Avatar for Koji Kuno

Koji Kuno

March 14, 2020
Tweet

More Decks by Koji Kuno

See All by Koji Kuno
unitoneが楽しくなるまでの道のり
Avatar for Koji Kuno oleindesign
0
100
WordPress 6.5 の新機能紹介
Avatar for Koji Kuno oleindesign
0
140
How to deal with WordPress themes in the future
Avatar for Koji Kuno oleindesign
0
1.7k
WordPress(再)入門 - 運用・学習編
Avatar for Koji Kuno oleindesign
0
240
WordPress(再)入門 - カスタマイズ編
Avatar for Koji Kuno oleindesign
0
260
WordPress(再)入門 - コンテンツ作成方法編
Avatar for Koji Kuno oleindesign
0
220
WordPress(再)入門 - テーマ・プラグイン編 / introduction-to-wordpress-again-theme-plugin
Avatar for Koji Kuno oleindesign
0
240
WordPress(再)入門 - 基本設定編 / introduction-to-wordpress-again-basic-settings
Avatar for Koji Kuno oleindesign
0
500
WordPress(再)入門 - 基礎知識・環境編
Avatar for Koji Kuno oleindesign
2
1.1k

Other Decks in Programming

See All in Programming
The Ralph Wiggum Loop: First Principles of Autonomous Development
Avatar for Ryuichiro Semba sembayui
0
3.7k
PostgreSQL を使った快適な go test 環境を求めて
Avatar for Kotaro Otaka otakakot
0
560
Takumiから考えるSecurity_Maturity_Model.pdf
Avatar for gessy0129 gessy0129
1
150
ポーリング処理廃止によるイベント駆動アーキテクチャへの移行
Avatar for Seitaro Fujigaki seitarof
3
1.1k
Codexに役割を持たせる 他のAIエージェントと組み合わせる実務Tips
Avatar for o8n o8n
4
1.3k
AI Assistants for Your Angular Solutions
Avatar for Manfred Steyer manfredsteyer
PRO
0
140
20260313 - Grafana & Friends Taipei #1 - Kubernetes v1.36 的開發雜記:那些困在 Alpha 加護病房太久的 Metrics
Avatar for ChengHao Yang tico88612
0
200
守る「だけ」の優しいEMを抜けて、 事業とチームを両方見る視点を身につけた話
Avatar for Mitsui maroon8021
3
990
Understanding Apache Lucene - More than just full-text search
Avatar for Alexander Reelsen spinscale
0
120
SourceGeneratorのマーカー属性問題について
Avatar for tkym htkym
0
200
CS教育のDX AIによる育成の効率化
Avatar for ニフティ株式会社 niftycorp
PRO
0
130
AIコードレビューの導入・運用と AI駆動開発における「AI4QA」の取り組みについて
Avatar for ハゲワシ hagevvashi
0
500

Featured

See All Featured
Applied NLP in the Age of Generative AI
Avatar for Ines Montani inesmontani
PRO
4
2.2k
Designing for Performance
Avatar for Lara Hogan lara
611
70k
Lightning talk: Run Django tests with GitHub Actions
Avatar for Sarah Abderemane sabderemane
0
150
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
275
41k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
55
12k
Believing is Seeing
Avatar for Spiro Bolos oripsolob
1
84
16th Malabo Montpellier Forum Presentation
Avatar for AKADEMIYA2063 akademiya2063
PRO
0
72
The Curse of the Amulet
Avatar for Matthew Lei leimatthew05
1
10k
Efficient Content Optimization with Google Search Console & Apps Script
Avatar for Katarina Dahlin katarinadahlin
PRO
1
410
The untapped power of vector embeddings
Avatar for Frank van Dijk frankvandijk
2
1.6k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.6k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
11
860

Transcript

  1. 8PSE1SFTTͷηΩϡϦςΟʹ ͍ͭͯ (JGV8PSE1SFTT.FFUVQ ೥݄೔ʢ౔ʣʙ

  2. ࣗݾ঺հ w 8FC੍࡞ܥϑϦʔϥϯε w ࠷ۙʮσʔλɾαΠΤϯεʯʹ͍ͭͯڵຯ௡ʑ w ग़਎͸άϥϑΟοΫσβΠϯɻ8FC͸׬શಠֶɻ w ಈը഑৴ʹ΋खΛग़࢝͠Ίͨɻ

  3. 8PSE1SFTTͷηΩϡϦςΟʹ ͍ͭͯ

  4. ৘ใηΩϡϦςΟͷ̏෼ྨ w ਓతڴҖ
 ˠ৘ใΛ౪Ήɾෆਖ਼ར༻ɾޡૢ࡞ͳͲਓ͕ى͜͢΋ͷ w ٕज़తڴҖ
 ˠෆਖ਼ΞΫηεɾվ͟ΜɾΫϥοΩϯά w ෺ཧతڴҖ
 ˠαʔόʔ͕෺ཧతʹյΕΔͳͲ

  5. 8PSE1SFTT͸ૂΘΕ΍͍͢ʁ w ʮૂΘΕ΍͍͢ʯͱࢥ͏ʢݸਓతײ૝ʣ w γΣΞ͔Βߟ͑ͯ8PSE1SFTTΛૂ͑͹खͬऔΓૣ͍ͱߟ ͑Δͷ͕ଥ౰ w ΦʔϓϯιʔεͳͷͰத਎͸୭Ͱ΋ݟΔ͜ͱ͕Ͱ͖Δ

  6. ຊ౰ʹ8PSE1SFTT͡Όͳ͍ͱμϝʁ w ͦͷ΢ΣϒαΠτ͕8PSE1SFTTͰ͋Δ΂͖ཧ༝͸ʁ w ଞͷແྉɾ༗ྉϒϩάαʔϏεͰ͸ͩΊʁ w ੩త΢ΣϒαΠτͰྑ͍ͷͰ͸ʁ

  7. ޮՌ͕ߴ͍ʢͱߟ͑ΒΕΔʣ ରࡦ ύεϫʔυͷ؅ཧ ΞοϓσʔτΛ͢Δ ϩάΠϯ63-Λมߋ͢Δ 44-Խ 8"'ಋೖ ࢖Θͳ͍ςʔϚɾϓϥάΠϯͷແޮԽ࡟আ

  8. ύεϫʔυͷ؅ཧ w ೦ͷͨΊॳظύεϫʔυ͔Βมߋ͓ͯ͜͠͏ w ҆શͳύεϫʔυͱ͸ʁʢ૯຿লࢀরʣ ໊લͳͲͷݸਓ৘ใ͔Β͸ਪଌͰ͖ͳ͍͜ͱ ӳ୯ޠͳͲΛͦͷ··࢖༻͠ͳ͍͜ͱ ΞϧϑΝϕοτͱ਺ࣈ͕ࠞࡏ͍ͯ͠Δ͜ͱ ద੾ͳ௕͞ͷจࣈྻͰ͋Δ͜ͱ ྨਪ͠΍͍͢ฒͼํ΍ͦͷ༰қͳ૊Έ߹Θͤʹ͠ͳ͍͜ͱ

  9. ύεϫʔυͷ࠷େղಡ࣌ؒ https://www.ipa.go.jp/security/txt/2008/10outline.html

  10. ΞοϓσʔτΛ͢Δ w 8PSE1SFTTίΞͷߋ৽ʢϚΠφʔ͸ࣗಈʣ w ϓϥάΠϯςʔϚͷߋ৽ w ίΞWFSʹରԠ͍ͯ͠Δ͔֬ೝ͢Δ΂͖

  11. ϓϥάΠϯͷબͼํ

  12. όοΫΞοϓΛऔಘ͠Α͏ w ΞοϓσʔτΛ࣮ߦͯ͠ը໘͕ਅͬനʹʜ w ͦΜͳ࣌ʹ͸ɺόοΫΞοϓσʔλͰ෮ݩ͠·͢ w "MMJO0OF81.JHSBUJPO͕ʢݸਓతʹ͸ʣ͓͢͢Ί
 ˠόοΫΞοϓऔಘͱ෮ݩ͕؆୯ w ීஈ͔ΒఆظతͳόοΫΞοϓΛεέδϡʔϧԽ͢Δ

  13. ϩάΠϯ63-Λมߋ͢Δ IUUQTTBNQMFDPNXQMPHJOQIQ

  14. ϩάΠϯ63-Λมߋ͢Δ w खಈͰରԠ΋Մೳ
 ˠϋʔυϧ͕ߴ͍ͷͰϓϥάΠϯͰػೳ௥Ճ͕Φεεϝ w 4JUF(VBSE811MVHJO w ʲ஫ҙʳ༗ޮԽͨ͠Βඪ४ઃఆͰϩάΠϯ63-͕มߋ ͞Εͯ͠·͏ͷͰѻ͍ʹ஫ҙ w

    Ճ͑ͯϩάΠϯը໘ʹ#"4*$ೝূΛ෇͚Δͱ͍͏ख΋

  15. 44-Խ w 4FDVSF4PDLFUT-BZFSͷུ w ΢ΣϒαΠτͱσόΠεʢ1$ͳͲʣͱͷؒͰ΍ΓऔΓ͢ ΔσʔλΛ҉߸Խͯ͠౪Έʹ͘͘͢Δ࢓૊Έ w IUUQTʙͰΞΫηεͰ͖Δ΢ΣϒαΠτ͸ରԠࡁΈ w (PPHMF$ISPNFͳͲͰ͸ରԠ͍ͯ͠ͳ͍ͱʮอޢ͞Εͯ

    ͍ͳ͍௨৴ʯͱදࣔ͞ΕͨΓ͢Δ

  16. 44-Խͷํ๏ w ར༻͍ͯ͠ΔαʔϏε΍αʔόʔʹΑ༷ͬͯʑͳͷͰҰ ֓ʹํ๏ΛఏࣔͰ͖ͳ͍ w طଘ΢ΣϒαΠτΛରԠ͢Δ৔߹ɺαΠτ಺ʹઃஔ͞Ε ͍ͯΔϦϯΫશ͕ͯIUUQTʙʹͳ͍ͬͯͳ͍ͱ׬શͳ 44-Խʹ͸ͳΒͳ͍ʢNJYFEDPOUFOUʣ w ద౰ʹ΍Βͣʹ༗ࣝऀʹ૬ஊ͢Δ͜ͱΛ͓קΊ͠·͢

  17. 8"'ಋೖ w 8FC"QQMJDBUJPO'JSFXBMMͷུ w αʔόʔଆPSϓϥάΠϯͰͷಋೖ͕Ұൠత w 9TFSWFSϩϦϙTBLVSB͸ར༻Մೳ w 8PSEGFODF4FDVSJUZ'JSFXBMM.BMXBSF4DBOͳͲ w

    81ɾϓϥάΠϯͷػೳʹΑΔΞΫηεΛޡͬͯःஅͯ͠ ͠·͏͜ͱ͕͋Δˠνϡʔχϯά͕ඞཁͳ৔߹΋͋Δ

  18. ࢖Θͳ͍ςʔϚɾϓϥάΠϯͷ ແޮԽ࡟আ w ඪ४Ͱ5XFOUZʙςʔϚ͕ෳ਺Πϯετʔϧ͞Ε͍ͯΔ͕ ෆཁͳΒ࡟আʢఆظతʹߋ৽͍ͯ͠Ε͹0,ʣ w ࢖Θͳ͍PSݹ͍ϓϥάΠϯ͸ɺ࡟আPS৐Γ׵͑ʢஔ͖׵ ͑ʣΛݕ౼͢Δ w ఆظతʹ֬ೝ͢Δश׳Λ࣋ͭͱϕλʔ

  19. ·ͱΊ w *%ͱ18͸ΦϦδφϦςΟΛ࣋ͭ w ߋ৽͠ͳ͍ͳΒ8PSE1SFTT࢖Θͳ͍ʢ͘Β͍ͷؾ࣋ͪͰʣ w όοΫΞοϓ͸ඞਢʢ෮ݩ΋࿅शͯ͠ΈΑ͏ʣ w ϩάΠϯ63-Λมߋͯ͠#"4*$ೝূ΋ซͤΔͱ٢ w

    44-Խ͸ࠓ΍ৗࣝʢඞਢʣϨϕϧ