The Hacker’s Black Magic A look behind the curtain…

Most Common WordPress Vulnerabilities: • SQL Injection • Brute Force Attacks • Cross Site Scripting (XSS)

SQL Injection What is it? SQL Injection is a security exploit where the attacker adds SQL code to an input method, to gain access to resources or make changes to data.

SELECT * FROM `wp_users` WHERE user_email = ‘$email’

SELECT * FROM `wp_users` WHERE user_email = ‘[email protected]’ $email = [email protected]

SELECT * FROM `wp_users` WHERE user_email = ‘x’ OR 1 = 1 $email = x’ OR 1 = 1--

SELECT * FROM `wp_users` WHERE user_email = ‘x’; DROP TABLE ‘wp_posts’; $email = x’; DROP TABLE ‘wp_posts’;--

SELECT * FROM `wp_users` WHERE user_email = ‘x’; UPDATE `wp_users` SET user_email = ‘[email protected]’ WHERE user_login = ‘admin’; $email = x’; UPDATE `wp_users` SET user_email = ‘[email protected]’ WHERE user_login = ‘admin’;--

Most Common WordPress Vulnerabilities: • SQL Injection • Brute Force Attacks • Cross Site Scripting (XSS)

Brute Force Attack What is it? A Brute Force Attack is a trial-and-error method used to obtain information, such as a user password or personal identification number (PIN).

Most Common WordPress Vulnerabilities: • SQL Injection • Brute Force Attacks • Cross Site Scripting (XSS)

Cross Site Scripting What is it? Cross Site Scripting is a vulnerability that enables attackers to inject client-side scripts into web pages viewed by other users.

No content

Takeaways • Remove the ‘admin’ user account • Setup two-factor authentication • Setup an account lockout • Know what’s on your site • Be aware of your plugins’ reliability