WPM: Wordpress IN Paranoid MODE

•Descargar como PPTX, PDF•

0 recomendaciones•14,118 vistas

Project developed by Chema Alonso & Pablo Gonzalez from Eleven Paths about configure WordPress in Paranoid Mode using Latch at SQL queries operations in MySQL. The idea is to Latch INSERT, UPDATE and DELETE Operations in Worpress tables with MySQL triggers. More info at: https://github.com/ElevenPaths/WPM-Wordpress-in-Paranoid-Mode

Tecnología

MY WORDPRESS IN
PARANOID MODE
Chema Alonso (@chemaalonso)
https://www.elevenpaths.com
http://www.elladodelmal.com

(SOME) WORDPRESS RISKS
 My plugin has a Code Injection Bug
 Someone stole an identity
 My WordPress is under Attack!!

HARDEN IT!
 Harden OS
 (GNU/Linux Hardening)
 Harden DB
 (MySQL Hardenig)
 Harden WordPress
 (Main & Plugins)
 Harden Users
 (Awarness & Tools)
www.0xword.com

1) HARDEN WORDPRESS USERS
http://www.slideshare.net/elevenpaths/instalacin-de-latch-en-word-press

2) HARDEN OS: GNU/LINUX SSH
http://www.slideshare.net/elevenpaths/latch-unix-espaol

3) WORDPRESS IN PARANOID MODE
(LATCHING MYSQL DB)
 Create triggers in critical tables of Wordpress
 This triggers allow or deny 3 actions:
 Insert
 Update
 Delete
 Trigger verify Latch to carry out an action:
 Latch ON = Action
 Latch OFF = Blocked

CREATE LATH APP
(LATCH DEVELOPER AREA)
https://latch.elevenpaths.com

INSTALL WPM
(./INSTALL.SH <APPID> <SECRET>)

STEP 1: PAIRING MYSQL & LATCH
(GIVE ME TOKEN => PAIRING)

STEP 2&3: CREATING OPERATIONS
(RELAX AND ENJOY)

STEP 4: COMPILATION & INSTALL
(LIB_MYSQL_UDF.SO)

STEP 6: CREATING MYSQL TRIGGERS
(READ-ONLY, ADMINISTRATION, EDITION)

LATCH WPM: READ-ONLY MODE
 Read-Only Mode:
 Nobody can login in WordPress.
 No one can make changes in MySQL.
 wp_usermeta Table:
 insert, delete and update blocked if ‘read-only’
operation enabled
 If ‘read-only’ mode is deactivated then you can login

LATCH: ADMINISTRATION MODE
 Protects:
 Delete on wp_users
 Update on wp_users
 Insert on wp_users
 SQL Injection Bugs:
 No Delete
 No Update
 No Insert

LATCH: ADMINISTRATION MODE
 Trigger on wp_users:
 Delete Action
 Verify Latch
 Abort SQL Operation

QUESTIONS?
 WPM -WordPress in Paranoid Mode
 https://github.com/elevenpaths
 Https://community.elevenpahts.com
 Chema Alonso
 (@chemaalonso)
 https://www.elevenpaths.com
 http://www.elladodelmal.com

Más contenido relacionado

Similar a WPM: Wordpress IN Paranoid MODE

Like many others, WordPress has been my personal blogging tool for a long time. A powerful tool for easy publishing! That is what everyone wants. Large sites like TechCrunch and TheNextWeb use it exactly for that reason. And more enterprises seem to discover it as good solution to their too-expensive publication tools. But keeping those WordPress instances running requires skills and knowledge. Because of WordPress extendibility and its very active community, you can do this too. This tutorial will teach you how use Ansible, Composer, WP-CLI, WP REST API, and Elasticsearch can push WordPress from a personal blogging tool into an enterprise-worthy level application. Out with FTP based SCM ... in with automated deployment, dependency management, and utterly fast search.

The Enterprise Wor/d/thy/Press

Jeroen van Dijk

WordPress itself is pretty secure. To secure your WordPress site, you need to look at the bigger security picture. In this presentation, I give a rundown of many of the other pieces of the application stack that WordPress relies on, the various vectors that attackers can use, what what kinds of things you can do to help protect your site. Download the original Keynote file for my presenter's notes with more details.

Higher Order WordPress Security

Dougal Campbell

Digital Strategy Works - Moving Wordpress

Digital Strategy Works LLC

Wampserver installation ajay-di-sharma

Ajay Di Sharma

WP Sandbox Presentation WordCamp Toronto 2011

Alfred Ayache

Setting Up Wordpress Offline

Amol Dhir

Your WordPress Website Is/Not Hacked

Angela Bowman

The recent spike of hack attempts on various WordPress sites has made it more urgent than ever to take actions and secure your WordPress in the best possible way. In this webinar the WebDevStudios founders show the best practices and share insightful tricks how to protect your WordPress from getting hacked: - WordPress Security Threats & Trends - WordPress Admin Security Settings - Securing Files, Folders & Databases - Bullet Proof Passwords - Vulnerable WordPress Extensions - Recommended Plugins & Services

Protect Your WordPress From The Inside Out

SiteGround.com

How to? Drupal developer toolkit. Dennis Povshedny.

DrupalCampDN

Vagrant WordCamp Hamilton

Paul Bearne

WordPress End-User Security

Dre Armeda

Neo word press meetup ehermits - how to keep your blog from being hacked 2012

Brian Layman

The Enterprise Wor/d/thy/Press

Jeroen van Dijk

This session will introduce the incredible potential of using the command line in developing for the web. Interested WordPress designers and developers will gain the knowledge of using SSH to connect to servers, Git for version control, WP-CLI for interfacing with WordPress, Aliases and Bash scripts for common tasks, and automation/task runners like Grunt and Gulp. Attendees will come away from the session with their interest piqued, with the desire to learn more about using the command line in their workflow.

Command line for the beginner - Using the command line in developing for the...

Jim Birch

Securing Word Press Blog

Chetan Gole

Locking down word press

Zachary Russell

WordPress Theme & Plugin development best practices - phpXperts seminar 2011

Tareq Hasan

Разработка плагина для Wordpress

Amin Benarieb

"><h1>muthu</h1>

muthu muthu

Dan Catalin Vasile - Hacking the Wordpress Ecosystem

Dan Vasile

Similar a WPM: Wordpress IN Paranoid MODE (20)

The Enterprise Wor/d/thy/Press

Higher Order WordPress Security

Digital Strategy Works - Moving Wordpress

Wampserver installation ajay-di-sharma

WP Sandbox Presentation WordCamp Toronto 2011

Setting Up Wordpress Offline

Your WordPress Website Is/Not Hacked

Protect Your WordPress From The Inside Out

How to? Drupal developer toolkit. Dennis Povshedny.

Vagrant WordCamp Hamilton

WordPress End-User Security

Neo word press meetup ehermits - how to keep your blog from being hacked 2012

The Enterprise Wor/d/thy/Press

Command line for the beginner - Using the command line in developing for the...

Securing Word Press Blog

Locking down word press

WordPress Theme & Plugin development best practices - phpXperts seminar 2011

Разработка плагина для Wordpress

"><h1>muthu</h1>

Dan Catalin Vasile - Hacking the Wordpress Ecosystem

Más de Telefónica

Índice de libro "Historias Cortas sobre Fondo Azul" de Willy en 0xWord

Telefónica

Índice del libro: Máxima Seguridad en Windows: Secretos Técnicos. 6ª Edición ...

Telefónica

Índice del libro "Hacking Web3: Challenge Acepted!" de 0xWord. Puedes comprarlo en: https://0xword.com/es/libros/230-hacking-web3-new-challenge-accepted.html Escrito por: Pablo González: https://www.mypublicinbox.com/PabloGonzalez Chema Garabito: https://www.mypublicinbox.com/ChemaGarabito Yaiza Rubio: https://www.mypublicinbox.com/YRubioSec Leif Ferreira: https://www.mypublicinbox.com/Leif Chema Alonso: https://MyPublicInbox.com/ChemaAlonso

Índice del libro "Hacking Web3: Challenge Acepted!" de 0xWord

Telefónica

Índice del libro "Amazon Web Services: Hardening de Infraestructuras Cloud Co...

Telefónica

Índice del Libro "Ciberestafas: La historia de nunca acabar" (2ª Edición) de ...

Telefónica

Índice del Libro "Storytelling para Emprendedores"

Telefónica

Digital Latches for Hacker & Developer

Telefónica

Índice del libro "Hardening de servidores GNU / Linux 5ª Edición (Gold Edition)"

Telefónica

WhatsApp INT: OSINT en WhatsApp

Telefónica

Índice del libro "De la Caverna al Metaverso" de 0xWord.com

Telefónica

20º Máster Universitario de Ciberseguridad UNIR

Telefónica

BootCamp Online en DevOps (and SecDevOps) de GeeksHubs Academy

Telefónica

Índice del libro "Ciberseguridad de tú a tú" de 0xWord que puedes comprar online: https://0xword.com/es/libros/216-ciberseguridad-de-tu-a-tu-lo-que-tienes-que-conocer-para-sentirte-mas-seguro.html Está escrito por Yolanda Corral ( https://mypublicinbox.com/yocomu ) que dirige el Canal de Youtube y Podcast "Palabra de Hacker" ( https://www.mypublicinbox.com/palabradehacker ). Epílogo de Angelucho : https://www.mypublicinbox.com/Angelucho

Índice del libro "Ciberseguridad de tú a tú" de 0xWord

Telefónica

Índice del libro "Open Source INTelligence (OSINT): Investigar personas e Identidades en Internet 2ª Edición" de 0xWord, escrito por Carlos Seisdedos ( https://www.mypublicinbox.com/carlos_seisdedos ) y Vicente Aguilera ( https://mypublicinbox.com/VicenteAguileraDiaz ). Puedes comprar el libro en : https://0xword.com/libros/162-open-source-intelligence-osint-investigar-personas-e-identidades-en-internet.html

Índice del libro "Open Source INTelligence (OSINT): Investigar personas e Ide...

Telefónica

Índice del libro "Social Hunters" de 0xWord

Telefónica

Índice del libro "Kubernetes para profesionales: Desde cero al despliegue de ...

Telefónica

Las empresas están comenzando a explorar las muchas oportunidades comerciales nuevas que ofrece. Sin embargo, de inteligencia artificial hemos aprendido que también existen posibles consecuencias éticas y sociales negativas asociado al uso masivo de estas tecnologías. Richard Benjamins [ https://mypublicinbox.com/rbenjamins ] (Chief AI & Data Strategist), Yaiza Rubio [ https://MyPublicInbox.com/YrubioSec ] (Chief Metaverse Officer) y Chema Alonso [ https://MyPublicInbox.com/ChemaAlonso ] (Chief Digital Officer) de Telefónica abordan esta temática en un informe llamado “Social and ethical challenges of the metaverse” donde describen qué es el Metaverso, qué tecnologías forman parte de su ecosistema y de dónde proviene. Después se enfocan en los posibles riesgos sociales y éticos del metaverso y cómo mitigarlos. Finalmente, concluyen que las empresas que actualmente están implementando el uso responsable de la IA, están bien preparadas para prevenir o mitigar los riesgos sociales y éticos del metaverso. No porque conozcan el futuro, sino porque cuentan con la gobernanza y la cultura adecuadas para hacer frente a tales riesgos. Más info: https://www.telefonica.com/es/sala-comunicacion/los-retos-sociales-y-eticos-del-metaverso/

Los retos sociales y éticos del Metaverso

Telefónica

Índice del Libro "Ciberestafas: La historia de nunca acabar" de 0xWord

Telefónica

Índice del libro "Docker: SecDevOps" 2ª Edición de 0xWord

Telefónica

Índice del libro "Malware moderno: Técnicas avanzadas y su influencia en la i...

Telefónica

Más de Telefónica (20)

Índice de libro "Historias Cortas sobre Fondo Azul" de Willy en 0xWord

Índice del libro: Máxima Seguridad en Windows: Secretos Técnicos. 6ª Edición ...

Índice del libro "Hacking Web3: Challenge Acepted!" de 0xWord

Índice del libro "Amazon Web Services: Hardening de Infraestructuras Cloud Co...

Índice del Libro "Ciberestafas: La historia de nunca acabar" (2ª Edición) de ...

Índice del Libro "Storytelling para Emprendedores"

Digital Latches for Hacker & Developer

Índice del libro "Hardening de servidores GNU / Linux 5ª Edición (Gold Edition)"

WhatsApp INT: OSINT en WhatsApp

Índice del libro "De la Caverna al Metaverso" de 0xWord.com

20º Máster Universitario de Ciberseguridad UNIR

BootCamp Online en DevOps (and SecDevOps) de GeeksHubs Academy

Índice del libro "Ciberseguridad de tú a tú" de 0xWord

Índice del libro "Open Source INTelligence (OSINT): Investigar personas e Ide...

Índice del libro "Social Hunters" de 0xWord

Índice del libro "Kubernetes para profesionales: Desde cero al despliegue de ...

Los retos sociales y éticos del Metaverso

Índice del Libro "Ciberestafas: La historia de nunca acabar" de 0xWord

Índice del libro "Docker: SecDevOps" 2ª Edición de 0xWord

Índice del libro "Malware moderno: Técnicas avanzadas y su influencia en la i...

Último

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Top 10 Most Downloaded Games on Play Store in 2024

SynarionITSolutions

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Scaling API-first – The story of a global engineering organization

Radu Cotescu

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Real Time Object Detection Using Open CV

Khem

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

WPM: Wordpress IN Paranoid MODE

1. MY WORDPRESS IN PARANOID MODE Chema Alonso (@chemaalonso) https://www.elevenpaths.com http://www.elladodelmal.com

2. (SOME) WORDPRESS RISKS  My plugin has a Code Injection Bug  Someone stole an identity  My WordPress is under Attack!!

3. HARDEN IT!  Harden OS  (GNU/Linux Hardening)  Harden DB  (MySQL Hardenig)  Harden WordPress  (Main & Plugins)  Harden Users  (Awarness & Tools) www.0xword.com

4. PUT A LATCH ON IT!

5. 1) HARDEN WORDPRESS USERS http://www.slideshare.net/elevenpaths/instalacin-de-latch-en-word-press

6. 2) HARDEN OS: GNU/LINUX SSH http://www.slideshare.net/elevenpaths/latch-unix-espaol

7. 3) WORDPRESS IN PARANOID MODE (LATCHING MYSQL DB)  Create triggers in critical tables of Wordpress  This triggers allow or deny 3 actions:  Insert  Update  Delete  Trigger verify Latch to carry out an action:  Latch ON = Action  Latch OFF = Blocked

8. CREATE LATH APP (LATCH DEVELOPER AREA) https://latch.elevenpaths.com

9. INSTALL WPM (./INSTALL.SH <APPID> <SECRET>)

10. STEP 1: PAIRING MYSQL & LATCH (GIVE ME TOKEN => PAIRING)

11. STEP 2&3: CREATING OPERATIONS (RELAX AND ENJOY)

12. STEP 4: COMPILATION & INSTALL (LIB_MYSQL_UDF.SO)

13. STEP 5: UNLOAD MYSQL PROFILE (MYSQL APPARMOR PROFILE BLOCK CODE EXECUTION)

14. STEP 6: CREATING MYSQL TRIGGERS (READ-ONLY, ADMINISTRATION, EDITION)

15. YOU GOT LATCH IN WPM

16. LATCH WPM: READ-ONLY MODE  Read-Only Mode:  Nobody can login in WordPress.  No one can make changes in MySQL.  wp_usermeta Table:  insert, delete and update blocked if ‘read-only’ operation enabled  If ‘read-only’ mode is deactivated then you can login

17. LATCH: ADMINISTRATION MODE  Protects:  Delete on wp_users  Update on wp_users  Insert on wp_users  SQL Injection Bugs:  No Delete  No Update  No Insert

18. LATCH: ADMINISTRATION MODE  Trigger on wp_users:  Delete Action  Verify Latch  Abort SQL Operation

19. QUESTIONS?  WPM -WordPress in Paranoid Mode  https://github.com/elevenpaths  Https://community.elevenpahts.com  Chema Alonso  (@chemaalonso)  https://www.elevenpaths.com  http://www.elladodelmal.com

WPM: Wordpress IN Paranoid MODE

Recomendados

Recomendados

Más contenido relacionado

Similar a WPM: Wordpress IN Paranoid MODE

Similar a WPM: Wordpress IN Paranoid MODE (20)

Más de Telefónica

Más de Telefónica (20)

Último

Último (20)

WPM: Wordpress IN Paranoid MODE