Securing Your WordPress Site with Modern Authentication and Beyond (使用現代身份驗證及其他方式保護您的 WordPress 網站)

Transcript

1. Securing Your WordPress Site with Modern Authentication and Beyond [email protected]

   (2023/11/18) WordCamp Hong Kong 2023
2. None

3. You Need More Security Than You Think

4. Default Wordpress User Management

5. Single Sign-On Everything in One-Click Passwordless login B2B Authentication Multi-Factor

   Authentication Breached Password Detection Zero trust architecture

6. Auth Demo And Setup Demo

7. Bad conversion rate for sign up Do you know… according

   to Andrew Chen (Growth Uber, a16z): 1. 78% of users forgot their password and had to reset it 2. User forgot if they’ve sign up, the confusion reduce sign up conversions Switch to Email + Magic Link, and update the UI to optimize, takes weeks. Optimize Signup Conversion 78% of users forgot their password and had to reset it

8. Security for Scale Audit Logs, Brute force Protection, SMS Rate

   Limits 2FA Introducing two-factor authentication for security policies Re-Auth for Critical Transactions Integrations Integrate signup with analytics, CDP, drip campaigns 1 2 3 4 Essential Enhancements Additional layer of security

9. Integrate with OIDC client 🤖 • Effectively 2 Authentications •

   Authgear cannot control session/auth state between user and the ODIC client

10. Integrate with OIDC client 🤖 • Effectively 2 Authentications •

    Authgear cannot control session/auth state between user and the ODIC client Authenticated Authenticated

11. FIDO, FIDO2, Webauth, Passkeys FIDO Alliance ("Fast IDentity Online")

12. Thank You! • Contact ◦ [email protected] • Authgear References ◦

    https://www.authgear.com/ ◦ https://github.com/authgear