WordCamp St. Louis 2011 WordPress Security Presentation

•

0 recomendaciones•382 vistas

acrofford

The slides from the presentation I gave at WordCamp Fayetteville on Guest Blogging.

Tecnología Empresariales

WORDPRESS SECURITY
Tips and Tricks to Secure Your Site

A LITTLE ABOUT
ANDY CROFFORD
CONTACT INFO
Email: acrofford@gmail.com
Twitter: @andycrofford

WEBSITES
AppTa.co - http://appta.co
TechKing - http://testking.com/techking
Mobile Orchard - http://mobileorchard.com
ThemeFuse - http://theme fuse.com

HTTP://J.MP/WORDCAMPSTL
Slides available for download

IT IS OPEN SOURCE AND
ANYONE HAS ACCESS TO THE CODE

CHECK YOUR PASSWORD
STRENGTH AT:

HTTP://WWW.PASSWORDMETER.COM

6. RESTRICT ACCESS TO THE ADMIN
LOGIN PAGE BY IP ADDRESS

.HTACCESS
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
#IP address to whitelist
allow from xxx.xxx.xxx.xxx

Replace xxx.xxx.xxx.xxx with your IP address.

SECRET KEY GENERATOR

https://api.wordpress.org/secret-key/1.1/salt

HIDE LOGIN ERRORS

add_ﬁlter('login_errors', create_function('$a', "return null;"));

1. LOGIN LOCK DOWN
http://j.mp/wp-lockdown

PAID BACKUP SERVICES

• VaultPress - http://www.vaultpress.com

• Backup Buddy - http://j.mp/wp-backup buddy

GET 6 MONTHS FREE SHARED HOSTING
FROM SITE5 (WWW.SITE5.COM)

WORDCAMP

Recomendados

E resourcesSujit Chandak

Ldv tourlatterdayvillage

Ing. industrial tec. de culiacanTecnologicoCuliacan

Ibitgs syllabus 2011-2012Yvonne Mafunga

Itgs scheme 2011-2012Yvonne Mafunga

Rop clasificación pedro mattarEdwin Martinez

National Literature in a Multilingual Nation. Sujit chandak pre ph d presenta...Sujit Chandak

Staff study talk/ on search engine & internet in 2008Sujit Chandak

OOD Principles and PatternsNguyen Tung

perhitungan bekistingrudi rudi aprilia

Raj Gaurav Singh Resume WSGaurav Singh

Architecture Patterns - Open DiscussionNguyen Tung

SaaS Introduction-May2014Nguyen Tung

Microservice ArchitectureNguyen Tung

GenAI Risks & Security Meetup 01052024.pdflior mazor

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous

MINDCTI Revenue Release Quarter One 2024MIND CTI

AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin

A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz

Apidays New York 2024 - The value of a flexible API Management solution for O...apidays

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays

Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays

AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer

Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra

Manulife - Insurer Transformation Award 2024The Digital Insurer

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software

Más contenido relacionado

Destacado

OOD Principles and PatternsNguyen Tung

perhitungan bekistingrudi rudi aprilia

Raj Gaurav Singh Resume WSGaurav Singh

Architecture Patterns - Open DiscussionNguyen Tung

SaaS Introduction-May2014Nguyen Tung

Microservice ArchitectureNguyen Tung

Destacado (6)

OOD Principles and Patterns

perhitungan bekisting

Raj Gaurav Singh Resume WS

Architecture Patterns - Open Discussion

SaaS Introduction-May2014

Microservice Architecture

Último

GenAI Risks & Security Meetup 01052024.pdflior mazor

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous

MINDCTI Revenue Release Quarter One 2024MIND CTI

AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin

A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz

Apidays New York 2024 - The value of a flexible API Management solution for O...apidays

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays

Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays

AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer

Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra

Manulife - Insurer Transformation Award 2024The Digital Insurer

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software

TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot

How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh

WordCamp St. Louis 2011 WordPress Security Presentation

1. WORDPRESS SECURITY Tips and Tricks to Secure Your Site

2. A LITTLE ABOUT ANDY CROFFORD CONTACT INFO Email: acrofford@gmail.com Twitter: @andycrofford WEBSITES AppTa.co - http://appta.co TechKing - http://testking.com/techking Mobile Orchard - http://mobileorchard.com ThemeFuse - http://theme fuse.com

3. HTTP://J.MP/WORDCAMPSTL Slides available for download

4. #WCSTLSEC #hashtag

5. WHY IS WORDPRESS SECURITY IMPORTANT?

6. YOU VALUE YOUR SITE AND ITS CONTENTS

7. WHY IS WORDPRESS INSECURE?

8. IT IS OPEN SOURCE AND ANYONE HAS ACCESS TO THE CODE

9. PLUGINS CAN LEAVE THE DOOR OPEN

10. SO WHAT CAN YOU DO?

11. 1. KEEP WORDPRESS UP TO DATE

12. 2. UPDATE PLUGINS REGULARLY

13. 3. DO NOT USE ADMIN AS YOUR USERNAME

14. 4. USE A SECURE PASSWORD

15. CHECK YOUR PASSWORD STRENGTH AT: HTTP://WWW.PASSWORDMETER.COM

16. 5. KEEP YOUR THEME UPDATED

17. 6. RESTRICT ACCESS TO THE ADMIN LOGIN PAGE BY IP ADDRESS

18. .HTACCESS AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Access Control" AuthType Basic order deny,allow deny from all #IP address to whitelist allow from xxx.xxx.xxx.xxx Replace xxx.xxx.xxx.xxx with your IP address.

19. .HTACCESS AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Access Control" AuthType Basic order deny,allow deny from all #IP address to whitelist allow from xxx.xxx.xxx.* Replace xxx.xxx.xxx.* with your IP address.

20. 7. MOVE YOUR WP- CONFIG.PHP FILE

21. 8. CHANGE THE WORDPRESS TABLE PREFIX

22. UPDATE $TABLE_PREFIX

23. 9. USE SECRET KEYS

24. SECRET KEY GENERATOR https://api.wordpress.org/secret-key/1.1/salt

25. SECURE KEYS

26. 10. HIDE LOGIN ERROR MESSAGES

27. HIDE LOGIN ERRORS add_ﬁlter('login_errors', create_function('$a', "return null;"));

28. 11. BACKUP, BACKUP, BACKUP

29. UTILIZE SECURITY PLUGINS

30. 1. LOGIN LOCK DOWN http://j.mp/wp-lockdown

31. 2. STEALTH LOGIN http://j.mp/wp-stealth