The Hacker’s Black Magic
A look behind the curtain…
Slide 2
Slide 2 text
Most Common WordPress Vulnerabilities:
• SQL Injection
• Brute Force Attacks
• Cross Site Scripting (XSS)
Slide 3
Slide 3 text
SQL Injection
What is it?
SQL Injection is a security exploit where
the attacker adds SQL code to an input
method, to gain access to resources or
make changes to data.
Slide 4
Slide 4 text
SELECT * FROM `wp_users`
WHERE user_email = ‘$email’
SELECT * FROM `wp_users`
WHERE user_email = ‘x’ OR 1 = 1
$email = x’ OR 1 = 1--
Slide 7
Slide 7 text
SELECT * FROM `wp_users`
WHERE user_email = ‘x’;
DROP TABLE ‘wp_posts’;
$email = x’; DROP TABLE ‘wp_posts’;--
Slide 8
Slide 8 text
SELECT * FROM `wp_users`
WHERE user_email = ‘x’;
UPDATE `wp_users`
SET user_email = ‘[email protected]’
WHERE user_login = ‘admin’;
$email = x’; UPDATE `wp_users`
SET user_email = ‘[email protected]’
WHERE user_login = ‘admin’;--
Slide 9
Slide 9 text
Most Common WordPress Vulnerabilities:
• SQL Injection
• Brute Force Attacks
• Cross Site Scripting (XSS)
Slide 10
Slide 10 text
Brute Force Attack
What is it?
A Brute Force Attack is a trial-and-error
method used to obtain information, such
as a user password or personal
identification number (PIN).
Slide 11
Slide 11 text
Most Common WordPress Vulnerabilities:
• SQL Injection
• Brute Force Attacks
• Cross Site Scripting (XSS)
Slide 12
Slide 12 text
Cross Site Scripting
What is it?
Cross Site Scripting is a vulnerability that
enables attackers to inject client-side
scripts into web pages viewed by other
users.
Slide 13
Slide 13 text
No content
Slide 14
Slide 14 text
Takeaways
• Remove the ‘admin’ user account
• Setup two-factor authentication
• Setup an account lockout
• Know what’s on your site
• Be aware of your plugins’ reliability