SlideShare una empresa de Scribd logo

Introduction to securely developing plugins

Descargar como PPTX, PDF
Jonathan Bossenger
Jonathan Bossenger

With WordPress now powering over 40% of the web, website owners need to think more about online security. Almost every week a new plugin vulnerability is found and patched, leading to concerns about the security of WordPress. Fortunately for the new plugin developer, the WordPress developer handbook has an extensive section on Plugin Security. If followed, plugin vulnerabilities can be drastically reduced, and the entire ecosystem is protected. This tutorial will introduce the new developer to the first 5 areas of plugin security, using easy-to-understand examples.

Tecnología
1 de 5
Confidential Customized for Lorem Ipsum LLC Version 1.0 Jonathan Bossenger Introduction to Securely Developing Plugins Learn.WordPress.org
Confidential Customized for Lorem Ipsum LLC Version 1.0 Learn.WordPress.org What you will learn 1. The benefits of ensuring your code is secure 2. How to secure your code 3. Where to learn about security
Confidential Customized for Lorem Ipsum LLC Version 1.0 Learn.WordPress.org Disclaimer This tutorial was created as an introduction to being security minded when developing plugins. The code examples used in this tutorial are very simplified examples. You should not use any of the code used in this tutorial in your plugins. Please make sure to read the full documentation on Security in the Wordpress Developer handbook at developer.wordpress.org/apis/security/ to ensure you follow the correct methods and procedures.
Confidential Customized for Lorem Ipsum LLC Version 1.0 Learn.WordPress.org What is plugin security? Plugin security is the process of ensuring your plugin code not only works, but also does not introduce any security vulnerabilities
Confidential Customized for Lorem Ipsum LLC Version 1.0 Learn.WordPress.org Developing a security mindset ● Don’t trust any data ● Use core WordPress APIs ● Keep your code updated

Recomendados

I Have My WordPress Site Now What?
I Have My WordPress Site Now What?I Have My WordPress Site Now What?
I Have My WordPress Site Now What?
Michele Butcher-Jones
 
Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015
Michele Butcher-Jones
 
Top Keys to create a secure website
Top Keys to create a secure websiteTop Keys to create a secure website
Top Keys to create a secure website
Click Ripple Solutions
 
Spring Security
Spring SecuritySpring Security
Spring Security
Knoldus Inc.
 
Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte Secure
Michele Butcher-Jones
 
Improve WordPress Security How To
Improve WordPress Security How ToImprove WordPress Security How To
Improve WordPress Security How To
Vivekanand Arumanda
 
Why 'positive security' is a software security game changer
Why 'positive security' is a software security game changerWhy 'positive security' is a software security game changer
Why 'positive security' is a software security game changer
Jaap Karan Singh
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security Basics
Ryan Plas
 

Recomendados

I Have My WordPress Site Now What?
I Have My WordPress Site Now What?I Have My WordPress Site Now What?
I Have My WordPress Site Now What?
Michele Butcher-Jones
 
Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015Beginning WordPress Security WordCamp North Canton 2015
Beginning WordPress Security WordCamp North Canton 2015
Michele Butcher-Jones
 
Top Keys to create a secure website
Top Keys to create a secure websiteTop Keys to create a secure website
Top Keys to create a secure website
Click Ripple Solutions
 
Spring Security
Spring SecuritySpring Security
Spring Security
Knoldus Inc.
 
Keep Your SIte Secure
Keep Your SIte SecureKeep Your SIte Secure
Keep Your SIte Secure
Michele Butcher-Jones
 
Improve WordPress Security How To
Improve WordPress Security How ToImprove WordPress Security How To
Improve WordPress Security How To
Vivekanand Arumanda
 
Why 'positive security' is a software security game changer
Why 'positive security' is a software security game changerWhy 'positive security' is a software security game changer
Why 'positive security' is a software security game changer
Jaap Karan Singh
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security Basics
Ryan Plas
 
Essentials of developing_tizen_web_application_en_1.0
Essentials of developing_tizen_web_application_en_1.0Essentials of developing_tizen_web_application_en_1.0
Essentials of developing_tizen_web_application_en_1.0
Saima Ashiq
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Anant Shrivastava
 
Selenium IDE
Selenium IDESelenium IDE
Selenium IDE
b4usolution .
 
WordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdfWordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdf
Arthur Kasirye
 
Security Basics for Admins
Security Basics for AdminsSecurity Basics for Admins
Security Basics for Admins
Salesforce Admins
 
Product key finders
Product key findersProduct key finders
Product key finders
Varinder Kumar
 
Unique WordPress Ideas
Unique WordPress IdeasUnique WordPress Ideas
Unique WordPress Ideas
Jessica Jorgenson
 
OAuth2 & OpenID Connect with Spring Security
OAuth2 & OpenID Connect with Spring SecurityOAuth2 & OpenID Connect with Spring Security
OAuth2 & OpenID Connect with Spring Security
Shuto Uwai
 
A Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdfA Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdf
Host It Smart
 
WordPress Security - Kulpreet Singh
WordPress Security - Kulpreet SinghWordPress Security - Kulpreet Singh
WordPress Security - Kulpreet Singh
guest4fe370
 
WordPress security
WordPress securityWordPress security
WordPress security
Shelley Magnezi
 
CALM Wordpress 102
CALM Wordpress 102CALM Wordpress 102
CALM Wordpress 102
darren_puscas
 
Stanislav Khorunzhyi, "Front-end it like a PRO"
Stanislav Khorunzhyi, "Front-end it like a PRO"Stanislav Khorunzhyi, "Front-end it like a PRO"
Stanislav Khorunzhyi, "Front-end it like a PRO"
Sigma Software
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?
F-Secure Corporation
 
Hire Magento 2 developer India, Call us for more
Hire Magento 2 developer India, Call us for more Hire Magento 2 developer India, Call us for more
Hire Magento 2 developer India, Call us for more
AResourcePool
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applications
Magno Logan
 
Secure webdev 3.0
Secure webdev 3.0Secure webdev 3.0
Secure webdev 3.0
toots marcelo
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
SiteGround.com
 
Page one infiltrator scam
Page one infiltrator scamPage one infiltrator scam
Page one infiltrator scam
jahboukie
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
jhon wilson
 
New WordPress Developer APIs The Interactivity API
New WordPress Developer APIs The Interactivity APINew WordPress Developer APIs The Interactivity API
New WordPress Developer APIs The Interactivity API
Jonathan Bossenger
 
The WordPress HTML API
The WordPress HTML APIThe WordPress HTML API
The WordPress HTML API
Jonathan Bossenger
 

Más contenido relacionado

Similar a Introduction to securely developing plugins

Page one infiltrator scam
Page one infiltrator scamPage one infiltrator scam
Page one infiltrator scam
jahboukie
 

Similar a Introduction to securely developing plugins (20)

Essentials of developing_tizen_web_application_en_1.0
Essentials of developing_tizen_web_application_en_1.0Essentials of developing_tizen_web_application_en_1.0
Essentials of developing_tizen_web_application_en_1.0
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
 
Selenium IDE
Selenium IDESelenium IDE
Selenium IDE
 
WordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdfWordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdf
 
Security Basics for Admins
Security Basics for AdminsSecurity Basics for Admins
Security Basics for Admins
 
Product key finders
Product key findersProduct key finders
Product key finders
 
Unique WordPress Ideas
Unique WordPress IdeasUnique WordPress Ideas
Unique WordPress Ideas
 
OAuth2 & OpenID Connect with Spring Security
OAuth2 & OpenID Connect with Spring SecurityOAuth2 & OpenID Connect with Spring Security
OAuth2 & OpenID Connect with Spring Security
 
A Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdfA Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdf
 
WordPress Security - Kulpreet Singh
WordPress Security - Kulpreet SinghWordPress Security - Kulpreet Singh
WordPress Security - Kulpreet Singh
 
WordPress security
WordPress securityWordPress security
WordPress security
 
CALM Wordpress 102
CALM Wordpress 102CALM Wordpress 102
CALM Wordpress 102
 
Stanislav Khorunzhyi, "Front-end it like a PRO"
Stanislav Khorunzhyi, "Front-end it like a PRO"Stanislav Khorunzhyi, "Front-end it like a PRO"
Stanislav Khorunzhyi, "Front-end it like a PRO"
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?
 
Hire Magento 2 developer India, Call us for more
Hire Magento 2 developer India, Call us for more Hire Magento 2 developer India, Call us for more
Hire Magento 2 developer India, Call us for more
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applications
 
Secure webdev 3.0
Secure webdev 3.0Secure webdev 3.0
Secure webdev 3.0
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
Page one infiltrator scam
Page one infiltrator scamPage one infiltrator scam
Page one infiltrator scam
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
 

Más de Jonathan Bossenger

Más de Jonathan Bossenger (20)

New WordPress Developer APIs The Interactivity API
New WordPress Developer APIs The Interactivity APINew WordPress Developer APIs The Interactivity API
New WordPress Developer APIs The Interactivity API
 
The WordPress HTML API
The WordPress HTML APIThe WordPress HTML API
The WordPress HTML API
 
The WordPress Create Block tool
The WordPress Create Block toolThe WordPress Create Block tool
The WordPress Create Block tool
 
PHP compatibility testing with PHPCompatibilityWP
PHP compatibility testing with PHPCompatibilityWPPHP compatibility testing with PHPCompatibilityWP
PHP compatibility testing with PHPCompatibilityWP
 
Common WordPress APIs_ Settings API
Common WordPress APIs_ Settings APICommon WordPress APIs_ Settings API
Common WordPress APIs_ Settings API
 
Common WordPress APIs - Options API
Common WordPress APIs - Options APICommon WordPress APIs - Options API
Common WordPress APIs - Options API
 
Common WordPress APIs_ HTTP API.pptx
Common WordPress APIs_ HTTP API.pptxCommon WordPress APIs_ HTTP API.pptx
Common WordPress APIs_ HTTP API.pptx
 
Common WordPress APIs: Metadata
Common WordPress APIs: MetadataCommon WordPress APIs: Metadata
Common WordPress APIs: Metadata
 
What’s new for developers_ (August 2023).pptx
What’s new for developers_ (August 2023).pptxWhat’s new for developers_ (August 2023).pptx
What’s new for developers_ (August 2023).pptx
 
Testing your plugins for PHP version compatibility
Testing your plugins for PHP version compatibilityTesting your plugins for PHP version compatibility
Testing your plugins for PHP version compatibility
 
Common WordPress APIs_ Global Variables
Common WordPress APIs_ Global VariablesCommon WordPress APIs_ Global Variables
Common WordPress APIs_ Global Variables
 
Common WordPress APIs_ Internationalization
Common WordPress APIs_ InternationalizationCommon WordPress APIs_ Internationalization
Common WordPress APIs_ Internationalization
 
Testing WordPress 6.3 - Developer edition
Testing WordPress 6.3 - Developer editionTesting WordPress 6.3 - Developer edition
Testing WordPress 6.3 - Developer edition
 
Common WordPress APIs: Responsive Images
Common WordPress APIs: Responsive ImagesCommon WordPress APIs: Responsive Images
Common WordPress APIs: Responsive Images
 
Common WordPress APIs - Dashboard Widgets
Common WordPress APIs - Dashboard WidgetsCommon WordPress APIs - Dashboard Widgets
Common WordPress APIs - Dashboard Widgets
 
Custom Tables in WordPress
Custom Tables in WordPressCustom Tables in WordPress
Custom Tables in WordPress
 
The WordPress Database
The WordPress DatabaseThe WordPress Database
The WordPress Database
 
WordPress Coding Standards
WordPress Coding StandardsWordPress Coding Standards
WordPress Coding Standards
 
Managing a WordPress Multisite Network
Managing a WordPress Multisite NetworkManaging a WordPress Multisite Network
Managing a WordPress Multisite Network
 
Debugging in WordPress
Debugging in WordPressDebugging in WordPress
Debugging in WordPress
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Último (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Introduction to securely developing plugins

  • 1. Confidential Customized for Lorem Ipsum LLC Version 1.0 Jonathan Bossenger Introduction to Securely Developing Plugins Learn.WordPress.org
  • 2. Confidential Customized for Lorem Ipsum LLC Version 1.0 Learn.WordPress.org What you will learn 1. The benefits of ensuring your code is secure 2. How to secure your code 3. Where to learn about security
  • 3. Confidential Customized for Lorem Ipsum LLC Version 1.0 Learn.WordPress.org Disclaimer This tutorial was created as an introduction to being security minded when developing plugins. The code examples used in this tutorial are very simplified examples. You should not use any of the code used in this tutorial in your plugins. Please make sure to read the full documentation on Security in the Wordpress Developer handbook at developer.wordpress.org/apis/security/ to ensure you follow the correct methods and procedures.
  • 4. Confidential Customized for Lorem Ipsum LLC Version 1.0 Learn.WordPress.org What is plugin security? Plugin security is the process of ensuring your plugin code not only works, but also does not introduce any security vulnerabilities
  • 5. Confidential Customized for Lorem Ipsum LLC Version 1.0 Learn.WordPress.org Developing a security mindset ● Don’t trust any data ● Use core WordPress APIs ● Keep your code updated

Notas del editor

  1. TITLE SLIDE: Make a copy of this presentation to your Google Drive, and edit to replace with your details.
  2. TITLE SLIDE: Make a copy of this presentation to your Google Drive, and edit to replace with your details.
  3. TITLE SLIDE: Make a copy of this presentation to your Google Drive, and edit to replace with your details.
  4. TITLE SLIDE: Make a copy of this presentation to your Google Drive, and edit to replace with your details.
  5. TITLE SLIDE: Make a copy of this presentation to your Google Drive, and edit to replace with your details.