Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Practical WordPress Security 2018

Tim Nash
November 14, 2018
Technology
0
290

Practical WordPress Security 2018

We have all been to the scary WordPress security talk where Tim or someone else frightens you to death, in those talks there is a theme beyond despair and that’s ‘every little helps’. So this talk is low on scary tales and high on simple practical tips to improve your site’s security.

On their own they might not be the silver bullet, but they all add up. Tim will guide you through things anyone of any ability level can implement to improve their site’s security.

Tim Nash

November 14, 2018
Tweet

More Decks by Tim Nash

See All by Tim Nash
Testing Fortifications - WordCamp Brighton
timnashcouk
0
430
Come to the dark side, they have cookies
timnashcouk
0
1k
Come to the dark side
timnashcouk
0
58
Practical WordPress Security
timnashcouk
0
1.6k
HTTPS and You
timnashcouk
0
980
Baking Security into your workflow - Early
timnashcouk
0
970
Security is Everyone responsibility
timnashcouk
0
1k

Other Decks in Technology

See All in Technology
長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time
chibiegg
2
700
インシデントレスポンスのライフサイクルを廻すポイントってなに / Pinpoints of Incidentresponse Lifecycle for Operation
sakaitakeshi
1
300
Garoon 開発チーム / Garoon development team
cybozuinsideout
PRO
2
2.9k
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
3
800
Hands-on / Kaname Frusawa / Cloud Compare Users Meetup 2024 at University of Tokyo on April 17
paraworld
2
470
〜小さく始めて大きく育てる〜データ分析基盤の開発から活用まで
kniino
0
2k
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
110
Microsoft Cloudで 開発ライフサイクルを保護する
kkamegawa
0
140
反実仮想機械学習とは何か
usaito
PRO
7
2.2k
強みを伸ばすキャリアデザイン
yug1224
0
200
複雑な構成要素を持つUIとの向き合い方 〜新・支出グラフでの実例〜 / B43 TECH TALK
nakamuuu
0
100
現代CSSフレームワークの内部実装とその仕組み
poteboy
1
450

Featured

See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
59
5k
Why You Should Never Use an ORM
jnunemaker
PRO
50
8.6k
In The Pink: A Labor of Love
frogandcode
138
21k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
119
38k
KATA
mclloyd
14
12k
Web development in the modern age
philhawksworth
202
10k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
658
120k
Mobile First: as difficult as doing things right
swwweet
216
8.6k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
Writing Fast Ruby
sferik
620
60k
Navigating Team Friction
lara
177
13k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k

Transcript

  1. Don’t be scared - Practical security tips Psychological harm, paranoia,

    distrust in humanity, fear of toasters, mild language In Person Classified just like your porn… Imagine how much rubbish these folks watch *Warning this presentation hasn’t formally been classified by the BBFC or any organisation for age rating. It was however seen by my mother who said it was very pretty. She however wasn’t wearing her glasses.

  2. Practical Security Tips Twitter: @tnash A totally different talk

  3. WARNING This is not a GDPR talk or a talk

    on information governance. So relax!
  4. None

  5. Watford

  6. None
  7. None
  8. None
  9. None
  10. None
  11. None

  12. WordPress Platform Lead @34SP.com Former Pentester Ran a small dev

    agency Co run WPLeeds for 10 years Worked with PayPal, Cabinet Office, Orange and WFP Once nearly screwed up the British Soap Awards

  13. DevSecOps

  14. None

  15. Estimated $2Trillion cost to business in 2019

  16. Relax everything will be fine...

  17. Bad Actors

  18. State Actors

  19. Fighting drive by hacks

  20. Installing a plugin

  21. User Roles/Permissions

  22. PassPhrases

  23. None

  24. Password Manager

  25. Two Factor Authentication

  26. None

  27. Limit Logins

  28. Update WordPress Core

  29. Update Plugins

  30. Update themes (meet a child theme)

  31. Buy from reputable sources

  32. Monitoring

  33. Integrity Checking

  34. Logging and Audit trails

  35. None

  36. HTTPS://everything

  37. Good hosting

  38. TRUST ME “I work in hosting”

  39. Have a disaster recovery plan

  40. Two-Factor Plugin What I use… PassPhrases Keepass (KeepassXC, Keepassdroid) updown.io

    Let’s Encrypt / Code Guard Visual Ping/CodeCeption 34SP.com WordPress Hosting WP Fingerprint

  41. Photo credits: Siobhan Hancock Daniel Foster David Goehring Found Art

    Photography Gratisography Negativespace unsplash Caio xkcd comicvine.com Christopher Geary
 Mary Alex

  42. Tim Nash @tnash timnash.co.uk @34SP
 34SP.com Slides & bits: https://timnash.co.uk/security/

  43. WordPress Hosting Experts 3 MONTHS FREE TIMNASHWP