Upgrade to Pro — share decks privately, control downloads, hide ads and more …

WordPressのセキュリティについて / gifuwpm20-wordpress-secu...

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Koji Kuno Koji Kuno
March 14, 2020
Programming
81
0

WordPressのセキュリティについて / gifuwpm20-wordpress-security

Gifu WordPress Meetup #20 での登壇資料です。

Avatar for Koji Kuno

Koji Kuno

March 14, 2020

More Decks by Koji Kuno

See All by Koji Kuno
unitoneが楽しくなるまでの道のり
Avatar for Koji Kuno oleindesign
0
110
WordPress 6.5 の新機能紹介
Avatar for Koji Kuno oleindesign
0
150
How to deal with WordPress themes in the future
Avatar for Koji Kuno oleindesign
0
1.7k
WordPress(再)入門 - 運用・学習編
Avatar for Koji Kuno oleindesign
0
250
WordPress(再)入門 - カスタマイズ編
Avatar for Koji Kuno oleindesign
0
270
WordPress(再)入門 - コンテンツ作成方法編
Avatar for Koji Kuno oleindesign
0
230
WordPress(再)入門 - テーマ・プラグイン編 / introduction-to-wordpress-again-theme-plugin
Avatar for Koji Kuno oleindesign
0
250
WordPress(再)入門 - 基本設定編 / introduction-to-wordpress-again-basic-settings
Avatar for Koji Kuno oleindesign
0
510
WordPress(再)入門 - 基礎知識・環境編
Avatar for Koji Kuno oleindesign
2
1.1k

Other Decks in Programming

See All in Programming
HTML-Aware ERB: The Path to Reactive Rendering @ RubyKaigi 2026, Hakodate, Japan
Avatar for Marco Roth marcoroth
0
430
実用!Hono RPC2026
Avatar for yodaka yodaka
2
280
第3木曜LT会 #28
Avatar for Tsubasa SEKIGUCHI tinykitten
PRO
0
120
From Formal Specification to Property Based Test
Avatar for Masato Ohba ohbarye
0
460
How Swift's Type System Guides AI Agents
Avatar for Yuta Koshizawa koher
0
310
Offline should be the norm: building local-first apps with CRDTs & Kotlin Multiplatform
Avatar for Renaud MATHIEU renaudmathieu
0
230
個人的に嬉しかったpnpmの新機能・3選
Avatar for Atsushi Matsuo matsuo_atsushi
0
100
Oxlintとeslint-plugin-react-hooks 明日から始められそう?
Avatar for t6adev t6adev
0
300
10 Tips of AWS ~Gen AI on AWS~
Avatar for matsukada licux
5
490
書籍「ユーザーストーリーマッピング」が私のバイブル
Avatar for asumikam asumikam
4
440
「話せることがない」を乗り越える 〜日常業務から登壇テーマをつくる思考法〜
Avatar for ShoheiMitani shoheimitani
4
890
Explore CoroutineScope
Avatar for tomoEng11 tomoeng11
0
110

Featured

See All Featured
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.9k
The innovator’s Mindset - 
Leading Through an Era of Exponential Change - McGill University 2025
Avatar for Jean-Marc De Jonghe jdejongh
PRO
1
160
30 Presentation Tips
Avatar for Ian Lurie portentint
PRO
1
280
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.7k
How to audit for AI Accessibility on your Front & Back End
Avatar for davetheseo davetheseo
0
330
Ruling the World: When Life Gets Gamed
Avatar for Sebastian Deterding codingconduct
0
220
AI Search:
Where Are We & What Can We Do About It?
Avatar for Aleyda Solis aleyda
0
7.4k
AI in Enterprises - Java and Open Source to the Rescue
Avatar for ivargrimstad ivargrimstad
0
1.3k
Designing for humans not robots
Avatar for Tammie Lister tammielis
254
26k
Collaborative Software Design: How to facilitate domain modelling decisions
Avatar for Kenny Baas-Schwegler baasie
1
200
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
275
41k
Crafting Experiences
Avatar for Bethany Jepchumba bethany
1
130

Transcript

  1. 8PSE1SFTTͷηΩϡϦςΟʹ ͍ͭͯ (JGV8PSE1SFTT.FFUVQ ೥݄೔ʢ౔ʣʙ

  2. ࣗݾ঺հ w 8FC੍࡞ܥϑϦʔϥϯε w ࠷ۙʮσʔλɾαΠΤϯεʯʹ͍ͭͯڵຯ௡ʑ w ग़਎͸άϥϑΟοΫσβΠϯɻ8FC͸׬શಠֶɻ w ಈը഑৴ʹ΋खΛग़࢝͠Ίͨɻ

  3. 8PSE1SFTTͷηΩϡϦςΟʹ ͍ͭͯ

  4. ৘ใηΩϡϦςΟͷ̏෼ྨ w ਓతڴҖ
 ˠ৘ใΛ౪Ήɾෆਖ਼ར༻ɾޡૢ࡞ͳͲਓ͕ى͜͢΋ͷ w ٕज़తڴҖ
 ˠෆਖ਼ΞΫηεɾվ͟ΜɾΫϥοΩϯά w ෺ཧతڴҖ
 ˠαʔόʔ͕෺ཧతʹյΕΔͳͲ

  5. 8PSE1SFTT͸ૂΘΕ΍͍͢ʁ w ʮૂΘΕ΍͍͢ʯͱࢥ͏ʢݸਓతײ૝ʣ w γΣΞ͔Βߟ͑ͯ8PSE1SFTTΛૂ͑͹खͬऔΓૣ͍ͱߟ ͑Δͷ͕ଥ౰ w ΦʔϓϯιʔεͳͷͰத਎͸୭Ͱ΋ݟΔ͜ͱ͕Ͱ͖Δ

  6. ຊ౰ʹ8PSE1SFTT͡Όͳ͍ͱμϝʁ w ͦͷ΢ΣϒαΠτ͕8PSE1SFTTͰ͋Δ΂͖ཧ༝͸ʁ w ଞͷແྉɾ༗ྉϒϩάαʔϏεͰ͸ͩΊʁ w ੩త΢ΣϒαΠτͰྑ͍ͷͰ͸ʁ

  7. ޮՌ͕ߴ͍ʢͱߟ͑ΒΕΔʣ ରࡦ ύεϫʔυͷ؅ཧ ΞοϓσʔτΛ͢Δ ϩάΠϯ63-Λมߋ͢Δ 44-Խ 8"'ಋೖ ࢖Θͳ͍ςʔϚɾϓϥάΠϯͷແޮԽ࡟আ

  8. ύεϫʔυͷ؅ཧ w ೦ͷͨΊॳظύεϫʔυ͔Βมߋ͓ͯ͜͠͏ w ҆શͳύεϫʔυͱ͸ʁʢ૯຿লࢀরʣ ໊લͳͲͷݸਓ৘ใ͔Β͸ਪଌͰ͖ͳ͍͜ͱ ӳ୯ޠͳͲΛͦͷ··࢖༻͠ͳ͍͜ͱ ΞϧϑΝϕοτͱ਺ࣈ͕ࠞࡏ͍ͯ͠Δ͜ͱ ద੾ͳ௕͞ͷจࣈྻͰ͋Δ͜ͱ ྨਪ͠΍͍͢ฒͼํ΍ͦͷ༰қͳ૊Έ߹Θͤʹ͠ͳ͍͜ͱ

  9. ύεϫʔυͷ࠷େղಡ࣌ؒ https://www.ipa.go.jp/security/txt/2008/10outline.html

  10. ΞοϓσʔτΛ͢Δ w 8PSE1SFTTίΞͷߋ৽ʢϚΠφʔ͸ࣗಈʣ w ϓϥάΠϯςʔϚͷߋ৽ w ίΞWFSʹରԠ͍ͯ͠Δ͔֬ೝ͢Δ΂͖

  11. ϓϥάΠϯͷબͼํ

  12. όοΫΞοϓΛऔಘ͠Α͏ w ΞοϓσʔτΛ࣮ߦͯ͠ը໘͕ਅͬനʹʜ w ͦΜͳ࣌ʹ͸ɺόοΫΞοϓσʔλͰ෮ݩ͠·͢ w "MMJO0OF81.JHSBUJPO͕ʢݸਓతʹ͸ʣ͓͢͢Ί
 ˠόοΫΞοϓऔಘͱ෮ݩ͕؆୯ w ීஈ͔ΒఆظతͳόοΫΞοϓΛεέδϡʔϧԽ͢Δ

  13. ϩάΠϯ63-Λมߋ͢Δ IUUQTTBNQMFDPNXQMPHJOQIQ

  14. ϩάΠϯ63-Λมߋ͢Δ w खಈͰରԠ΋Մೳ
 ˠϋʔυϧ͕ߴ͍ͷͰϓϥάΠϯͰػೳ௥Ճ͕Φεεϝ w 4JUF(VBSE811MVHJO w ʲ஫ҙʳ༗ޮԽͨ͠Βඪ४ઃఆͰϩάΠϯ63-͕มߋ ͞Εͯ͠·͏ͷͰѻ͍ʹ஫ҙ w

    Ճ͑ͯϩάΠϯը໘ʹ#"4*$ೝূΛ෇͚Δͱ͍͏ख΋

  15. 44-Խ w 4FDVSF4PDLFUT-BZFSͷུ w ΢ΣϒαΠτͱσόΠεʢ1$ͳͲʣͱͷؒͰ΍ΓऔΓ͢ ΔσʔλΛ҉߸Խͯ͠౪Έʹ͘͘͢Δ࢓૊Έ w IUUQTʙͰΞΫηεͰ͖Δ΢ΣϒαΠτ͸ରԠࡁΈ w (PPHMF$ISPNFͳͲͰ͸ରԠ͍ͯ͠ͳ͍ͱʮอޢ͞Εͯ

    ͍ͳ͍௨৴ʯͱදࣔ͞ΕͨΓ͢Δ

  16. 44-Խͷํ๏ w ར༻͍ͯ͠ΔαʔϏε΍αʔόʔʹΑ༷ͬͯʑͳͷͰҰ ֓ʹํ๏ΛఏࣔͰ͖ͳ͍ w طଘ΢ΣϒαΠτΛରԠ͢Δ৔߹ɺαΠτ಺ʹઃஔ͞Ε ͍ͯΔϦϯΫશ͕ͯIUUQTʙʹͳ͍ͬͯͳ͍ͱ׬શͳ 44-Խʹ͸ͳΒͳ͍ʢNJYFEDPOUFOUʣ w ద౰ʹ΍Βͣʹ༗ࣝऀʹ૬ஊ͢Δ͜ͱΛ͓קΊ͠·͢

  17. 8"'ಋೖ w 8FC"QQMJDBUJPO'JSFXBMMͷུ w αʔόʔଆPSϓϥάΠϯͰͷಋೖ͕Ұൠత w 9TFSWFSϩϦϙTBLVSB͸ར༻Մೳ w 8PSEGFODF4FDVSJUZ'JSFXBMM.BMXBSF4DBOͳͲ w

    81ɾϓϥάΠϯͷػೳʹΑΔΞΫηεΛޡͬͯःஅͯ͠ ͠·͏͜ͱ͕͋Δˠνϡʔχϯά͕ඞཁͳ৔߹΋͋Δ

  18. ࢖Θͳ͍ςʔϚɾϓϥάΠϯͷ ແޮԽ࡟আ w ඪ४Ͱ5XFOUZʙςʔϚ͕ෳ਺Πϯετʔϧ͞Ε͍ͯΔ͕ ෆཁͳΒ࡟আʢఆظతʹߋ৽͍ͯ͠Ε͹0,ʣ w ࢖Θͳ͍PSݹ͍ϓϥάΠϯ͸ɺ࡟আPS৐Γ׵͑ʢஔ͖׵ ͑ʣΛݕ౼͢Δ w ఆظతʹ֬ೝ͢Δश׳Λ࣋ͭͱϕλʔ

  19. ·ͱΊ w *%ͱ18͸ΦϦδφϦςΟΛ࣋ͭ w ߋ৽͠ͳ͍ͳΒ8PSE1SFTT࢖Θͳ͍ʢ͘Β͍ͷؾ࣋ͪͰʣ w όοΫΞοϓ͸ඞਢʢ෮ݩ΋࿅शͯ͠ΈΑ͏ʣ w ϩάΠϯ63-Λมߋͯ͠#"4*$ೝূ΋ซͤΔͱ٢ w

    44-Խ͸ࠓ΍ৗࣝʢඞਢʣϨϕϧ