WordPress Security
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

WordPress Security

  • 4,058 views
Uploaded on

Basics of WordPress Security as presented on February 8, 2012 at the Houston WordPress Meetup.

Basics of WordPress Security as presented on February 8, 2012 at the Houston WordPress Meetup.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
4,058
On Slideshare
4,058
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
2
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. WordPress [si-kyoor-i-tee] Barry Abrahamson AutomatticThursday, February 9, 12
  • 2. • Automattic since 2006 • Scaling / Servers / Security / Stuff • http://barry.wordpress.com/Thursday, February 9, 12
  • 3. Four Ws One H • Who • Why • When • Where • HowThursday, February 9, 12
  • 4. WhoThursday, February 9, 12
  • 5. Why • Fun • Revenge • Profit • PoliticalThursday, February 9, 12
  • 6. When • (In)?Convenient • Least Expected • Coordinated Attacks • 0-day exploitsThursday, February 9, 12
  • 7. (Every) Where • Shared Hosting • Virtual Private Server • Dedicated Server • Large Enterprises • Even your laptop!Thursday, February 9, 12
  • 8. HowThursday, February 9, 12
  • 9. DefacementThursday, February 9, 12
  • 10. Spam Links • base64_decode(aHR0cDovLzEyNy4wLjAu MS9oZWxsby1zcGFtbWVyLnBocA==); • http://127.0.0.1/hello-spammer.phpThursday, February 9, 12
  • 11. PHP Shell • http://phpshell.sourceforge.net/ • <?php / *00000000000000000000000000000000*/ eval(gzinflate(base64_decode(FZfFzsQ6uk Ufp89RBmHSHYWZsTJphZk5T3// npZKVbY/e++1yisd/qm/dqqG9Cj/yThursday, February 9, 12
  • 12. DemoThursday, February 9, 12
  • 13. How to Keep Your Site SafeThursday, February 9, 12
  • 14. Security Plugins • http://wordpress.org/extend/plugins/ exploit-scanner/ • VaultPressThursday, February 9, 12
  • 15. File Permissions • drwxrwxrwx 5 user group 4096 Feb 7 01:35 wp-content/ • drwxr-xr-x 5 user group 4096 Feb 7 01:35 wp-content/ • -rw-r--r-- 1 user group 3371 Feb 7 01:51 wp-config.php • chmod -R 777Thursday, February 9, 12
  • 16. Virus Scanner • FTP passwords stolen by viruses on your computer can put your website at riskThursday, February 9, 12
  • 17. Conclusion • Securing your website is a lot like securing your house or car. If someone really wants to break in, they probably will, but it is important to lock the doors and windows and have good insurance in case something bad happens.Thursday, February 9, 12
  • 18. Questions?Thursday, February 9, 12