WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011

on

  • 2,561 views

The WordPress Plugin & Theme Security presentation at WordCamp Melbourne February 2011.

The WordPress Plugin & Theme Security presentation at WordCamp Melbourne February 2011.

Statistics

Views

Total Views
2,561
Views on SlideShare
2,556
Embed Views
5

Actions

Likes
0
Downloads
22
Comments
0

2 Embeds 5

http://johnford.is 3
http://twitter.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011 Presentation Transcript

  • 1. Plugin & ThemeSecurity http://johnford.is/ @iamjohnford
  • 2. SQLInjection
  • 3. $wpdb->query( "UPDATE $wpdb->posts SET post_title = $new_title WHERE ID = $id"); BAD
  • 4. $wpdb->query( "SELECT * FROM $wpdb->users WHERE user_login = $username AND user_pass = $password"); BAD
  • 5. $username = " OR 1 -- ";$wpdb->query( "SELECT * FROM $wpdb->users WHERE user_login = $username AND user_pass = $password"); BAD
  • 6. $wpdb->query( "SELECT * FROM $wpdb->users WHERE user_login = OR 1 -- AND user_pass = $password"); BAD
  • 7. $wpdb->update() GOOD
  • 8. $wpdb->update( $wpdb->posts, array( post_title => $new_title ), array( ID => $id )); GOOD
  • 9. $wpdb->insert( $table, $data ); GOOD
  • 10. $wpdb->prepare() GOOD
  • 11. $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_name = %s OR ID = %d", $some_name, $some_id); GOOD
  • 12. http://codex.wordpress.org/ Function_Reference/ wpdb_Class
  • 13. XSSCross-siteScripting
  • 14. <h1> <?php echo $title; ?></h1> BAD
  • 15. $title = <script>jsCode();</script>;<h1> <?php echo $title; ?></h1> BAD
  • 16. <h1> <?php echo esc_html( $title ); ?></h1> GOOD
  • 17. esc_attr_e()
  • 18. <a href="#wordcamp" title="<?php echo $title; ?>"> Link Text</a> BAD
  • 19. <?php $title = " onmouseover="jsCode();; ?><a href="#wordcamp" title="<?php echo $title; ?>"> Link Text</a> BAD
  • 20. <a href="#wordcamp" title="<?php echo esc_attr( $title ); ?>"> Link Text</a> GOOD
  • 21. esc_textarea() GOOD
  • 22. <a href="<?php echo $url; ?>"> Link Text</a> BAD
  • 23. <?php $url = javascript:jsCode();; ?><a href="<?php echo $url; ?>"> Link Text</a> BAD
  • 24. <a href="<?php echo esc_url( $url ); ?>"> Link Text</a> GOOD
  • 25. <form action="<?php echo $_SERVER[REQUEST_URI]; ?>"> BAD
  • 26. <form action="<?php echo esc_url( $_SERVER[REQUEST_URI] ); ?>"> GOOD
  • 27. <script> var foo = <?php echo $unsafe; ?>;</script> BAD
  • 28. <script> var foo = <?php echo esc_js( $unsafe ); ?>;</script> GOOD
  • 29. wp_filter_kses( $data ) GOOD
  • 30. http://codex.wordpress.org/ Data_Validation
  • 31. CSRFCross-site Request Forgery
  • 32. Noncesaction-, object-, & user-specific time-limited secret keys
  • 33. wp_nonce_field( plugin-action_object ) GOOD
  • 34. check_admin_referer( plugin-action_object ) GOOD
  • 35. http://codex.wordpress.org/ WordPress_Nonces
  • 36. eval() = evil
  • 37. Thank you! http://johnford.is/ @iamjohnford