SlideShare a Scribd company logo

WordPress Security 101: Essential Security Practices Simplified

BlogVault Inc
BlogVault Inc

As a global leader in WordPress backups and security, our job involves receiving mails from distraught customers who have been hacked. Maintaining a completely secure WordPress site isn't practical, but there are ways to make things harder for hackers. Here are a few essential practices to follow to harden your WordPress site's security.

Technology
1 of 20
Download to read offline
WordPress Security Shivam Singh @s6s5a2
● How To Secure Your WP Site ● How To Secure Your Code (for developers) ● Wasting Time In The Name Of Security
How To Secure Your Site
○ Use strong passwords passphrases ○ Limit login attempts ○ Use two-factor authentication Secure login
‘Strong Passwords* ’ gone wrong *Courtesy: https://xkcd.com/936/
Keep your software up-to-date ◦ WordPress Core ◦ Plugins ◦ Themes ◦ Delete deactivated plugins/themes ◦ Reduce number of plugins/themes ◦ Use only trusted software sources
◦ Change table prefix ◦ Disable file editor ◦ Disallow users from installing plugins & themes. ◦ Set auth keys and salts ◦ Block PHP execution in uploads/temp folders Harden security using wp-config.php Reference Links: https://goo.gl/swDsWX https://goo.gl/RC4ycj
◦ Off-site ◦ History ◦ Quick restore Backup - Basic makeup of a good backup
◦ SFTP over FTP ◦ SSL (https://letsencrypt.org/ for free certificate) ◦ Secure file permissions (dirs: 755, files: 644) ◦ Captcha for login and comments Other settings
How To Secure Your Code (for developers)
◦ WP assigns every user a role ◦ Every role has specific set of capabilities ◦ Restrict plugin actions to specific capability Checking user capabilities
No restriction With restriction
◦ Check that required fields have not been left blank, and values match type, etc. ◦ Data validation should be performed as early as possible ◦ Validate Javascript in the front end, and PHP in the back end ◦ Built-in PHP functions + Core WordPress functions. Data Validation
◦ Input data should be sanitized when you don't know what to expect in inputs, or you don't want to be strict with data validation ◦ Use built-in WP helper functions - sanitize_*() series Sanitize Input Data
◦ Whenever you’re rendering data, make sure to properly escape it. ◦ Escaping output prevents XSS (Cross-site scripting) attacks. ◦ Use built-in WP helper functions - esc_*() series Sanitize Output Data
◦ Use nonces to check that the current user actually intends to perform the action. ◦ Use wp_create_nonce() function to add nonce Use nonces
Wasting Time In The Name Of Security
◦ Hiding WordPress versions ◦ Hiding login errors ◦ Changing wp-admin locations ◦ Removing readme.html or other files ◦ Disabling XML-RPC
◦ Hardening security ◦ Firewalls ◦ Website antivirus & hack cleaner Security Plugins Reference Links: https://goo.gl/m1maKV
“ Thank You

Recommended

Webpack | Jakub Kulhan - Skrz.cz
Webpack | Jakub Kulhan - Skrz.czWebpack | Jakub Kulhan - Skrz.cz
Webpack | Jakub Kulhan - Skrz.czskrzczdev
 
Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedBsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedOctavio Paguaga
 
15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos
15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos
15th Athens Big Data Meetup - 1st Talk - Running Spark On MesosAthens Big Data
 
Node.js
Node.jsNode.js
Node.jsPravin Mishra
 
Web content security policies
Web content security policiesWeb content security policies
Web content security policiesDhanu Gupta
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingUTD Computer Security Group
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid IdentityEng Teong Cheah
 
Brief introduction to php findsock-shell
Brief introduction to php findsock-shellBrief introduction to php findsock-shell
Brief introduction to php findsock-shellRishu Ranjan
 

Recommended

Webpack | Jakub Kulhan - Skrz.cz
Webpack | Jakub Kulhan - Skrz.czWebpack | Jakub Kulhan - Skrz.cz
Webpack | Jakub Kulhan - Skrz.czskrzczdev
 
Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedBsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedOctavio Paguaga
 
15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos
15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos
15th Athens Big Data Meetup - 1st Talk - Running Spark On MesosAthens Big Data
 
Node.js
Node.jsNode.js
Node.jsPravin Mishra
 
Web content security policies
Web content security policiesWeb content security policies
Web content security policiesDhanu Gupta
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingUTD Computer Security Group
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid IdentityEng Teong Cheah
 
Brief introduction to php findsock-shell
Brief introduction to php findsock-shellBrief introduction to php findsock-shell
Brief introduction to php findsock-shellRishu Ranjan
 
How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7Bhadreshsinh Gohil
 
Dbdeployer, the universal installer
Dbdeployer, the universal installerDbdeployer, the universal installer
Dbdeployer, the universal installerGiuseppe Maxia
 
MySQL NDB 8.0 clusters in your laptop with dbdeployer
MySQL NDB 8.0 clusters in your laptop with dbdeployerMySQL NDB 8.0 clusters in your laptop with dbdeployer
MySQL NDB 8.0 clusters in your laptop with dbdeployerGiuseppe Maxia
 
Django book15 caching
Django book15 cachingDjango book15 caching
Django book15 cachingShih-yi Wei
 
Test like a_boss
Test like a_bossTest like a_boss
Test like a_bossGiuseppe Maxia
 
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise security
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise securityMuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise security
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise securityakashdprajapati
 
Intro to Node.js
Intro to Node.jsIntro to Node.js
Intro to Node.jsJames Carr
 
Bases de Datos NoSQL
Bases de Datos NoSQL Bases de Datos NoSQL
Bases de Datos NoSQL Jonathan Pichardo
 
Intro to Exploitation
Intro to ExploitationIntro to Exploitation
Intro to ExploitationUTD Computer Security Group
 
Infrastructure Security
Infrastructure SecurityInfrastructure Security
Infrastructure SecurityUTD Computer Security Group
 
Data Security - Storage Security
Data Security - Storage SecurityData Security - Storage Security
Data Security - Storage SecurityEng Teong Cheah
 
What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3 What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3 Nuxeo
 
Building Scalable Web Apps - LVL.UP KL
Building Scalable Web Apps - LVL.UP KLBuilding Scalable Web Apps - LVL.UP KL
Building Scalable Web Apps - LVL.UP KLGareth Davies
 
Banquet 36
Banquet 36Banquet 36
Banquet 36Koubei UED
 
High Performance Wordpress
High Performance WordpressHigh Performance Wordpress
High Performance WordpressGareth Davies
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxVEXXHOST Private Cloud
 
Single sign on across drupal 8
Single sign on across drupal 8Single sign on across drupal 8
Single sign on across drupal 8Iwantha Lekamge
 
Laravel Forge
Laravel ForgeLaravel Forge
Laravel Forgemarcusamoore
 
Securing your Movable Type installation
Securing your Movable Type installationSecuring your Movable Type installation
Securing your Movable Type installationSix Apart KK
 
Selfhosted Hosting
Selfhosted HostingSelfhosted Hosting
Selfhosted HostingMartin Huber
 
Securing your web apps now
Securing your web apps nowSecuring your web apps now
Securing your web apps nowStephan Steynfaardt
 
ASP.Net Presentation Part3
ASP.Net Presentation Part3ASP.Net Presentation Part3
ASP.Net Presentation Part3Neeraj Mathur
 

More Related Content

What's hot

How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7Bhadreshsinh Gohil
 
Dbdeployer, the universal installer
Dbdeployer, the universal installerDbdeployer, the universal installer
Dbdeployer, the universal installerGiuseppe Maxia
 
MySQL NDB 8.0 clusters in your laptop with dbdeployer
MySQL NDB 8.0 clusters in your laptop with dbdeployerMySQL NDB 8.0 clusters in your laptop with dbdeployer
MySQL NDB 8.0 clusters in your laptop with dbdeployerGiuseppe Maxia
 
Django book15 caching
Django book15 cachingDjango book15 caching
Django book15 cachingShih-yi Wei
 
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise security
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise securityMuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise security
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise securityakashdprajapati
 
Intro to Node.js
Intro to Node.jsIntro to Node.js
Intro to Node.jsJames Carr
 
Data Security - Storage Security
Data Security - Storage SecurityData Security - Storage Security
Data Security - Storage SecurityEng Teong Cheah
 
What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3 What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3 Nuxeo
 
Building Scalable Web Apps - LVL.UP KL
Building Scalable Web Apps - LVL.UP KLBuilding Scalable Web Apps - LVL.UP KL
Building Scalable Web Apps - LVL.UP KLGareth Davies
 
High Performance Wordpress
High Performance WordpressHigh Performance Wordpress
High Performance WordpressGareth Davies
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxVEXXHOST Private Cloud
 
Single sign on across drupal 8
Single sign on across drupal 8Single sign on across drupal 8
Single sign on across drupal 8Iwantha Lekamge
 
Securing your Movable Type installation
Securing your Movable Type installationSecuring your Movable Type installation
Securing your Movable Type installationSix Apart KK
 
Selfhosted Hosting
Selfhosted HostingSelfhosted Hosting
Selfhosted HostingMartin Huber
 

What's hot (20)

How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7How to secure nginx server using fail2ban on Centos-7
How to secure nginx server using fail2ban on Centos-7
 
Dbdeployer, the universal installer
Dbdeployer, the universal installerDbdeployer, the universal installer
Dbdeployer, the universal installer
 
MySQL NDB 8.0 clusters in your laptop with dbdeployer
MySQL NDB 8.0 clusters in your laptop with dbdeployerMySQL NDB 8.0 clusters in your laptop with dbdeployer
MySQL NDB 8.0 clusters in your laptop with dbdeployer
 
Django book15 caching
Django book15 cachingDjango book15 caching
Django book15 caching
 
Test like a_boss
Test like a_bossTest like a_boss
Test like a_boss
 
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise security
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise securityMuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise security
MuleSoft ESB Payload Encrypt Decrypt using anypoint enterprise security
 
Intro to Node.js
Intro to Node.jsIntro to Node.js
Intro to Node.js
 
Bases de Datos NoSQL
Bases de Datos NoSQL Bases de Datos NoSQL
Bases de Datos NoSQL
 
Intro to Exploitation
Intro to ExploitationIntro to Exploitation
Intro to Exploitation
 
Infrastructure Security
Infrastructure SecurityInfrastructure Security
Infrastructure Security
 
Data Security - Storage Security
Data Security - Storage SecurityData Security - Storage Security
Data Security - Storage Security
 
What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3 What's New in Nuxeo Platform 7.3
What's New in Nuxeo Platform 7.3
 
Building Scalable Web Apps - LVL.UP KL
Building Scalable Web Apps - LVL.UP KLBuilding Scalable Web Apps - LVL.UP KL
Building Scalable Web Apps - LVL.UP KL
 
Banquet 36
Banquet 36Banquet 36
Banquet 36
 
High Performance Wordpress
High Performance WordpressHigh Performance Wordpress
High Performance Wordpress
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
 
Single sign on across drupal 8
Single sign on across drupal 8Single sign on across drupal 8
Single sign on across drupal 8
 
Laravel Forge
Laravel ForgeLaravel Forge
Laravel Forge
 
Securing your Movable Type installation
Securing your Movable Type installationSecuring your Movable Type installation
Securing your Movable Type installation
 
Selfhosted Hosting
Selfhosted HostingSelfhosted Hosting
Selfhosted Hosting
 

Similar to WordPress Security 101: Essential Security Practices Simplified

ASP.Net Presentation Part3
ASP.Net Presentation Part3ASP.Net Presentation Part3
ASP.Net Presentation Part3Neeraj Mathur
 
Dmytro Kochergin - "The OWASP TOP 10 - Typical Attacks on Web Applications an...
Dmytro Kochergin - "The OWASP TOP 10 - Typical Attacks on Web Applications an...Dmytro Kochergin - "The OWASP TOP 10 - Typical Attacks on Web Applications an...
Dmytro Kochergin - "The OWASP TOP 10 - Typical Attacks on Web Applications an...LogeekNightUkraine
 
Neoito — Secure coding practices
Neoito — Secure coding practicesNeoito — Secure coding practices
Neoito — Secure coding practicesNeoito
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
Presentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web ApplicationPresentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web ApplicationMd Mahfuzur Rahman
 
Secure Coding for NodeJS
Secure Coding for NodeJSSecure Coding for NodeJS
Secure Coding for NodeJSThang Chung
 
Drupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersDrupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersArunkumar Kupppuswamy
 
Cm2 secure code_training_1day_data_protection
Cm2 secure code_training_1day_data_protectionCm2 secure code_training_1day_data_protection
Cm2 secure code_training_1day_data_protectiondcervigni
 
CS166 Final project
CS166 Final projectCS166 Final project
CS166 Final projectKaya Ota
 
Hack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingHack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingColdFusionConference
 
UEMB200: Next Generation of Endpoint Management Architecture and Discovery Se...
UEMB200: Next Generation of Endpoint Management Architecture and Discovery Se...UEMB200: Next Generation of Endpoint Management Architecture and Discovery Se...
UEMB200: Next Generation of Endpoint Management Architecture and Discovery Se...Ivanti
 
Wordpress Security Tips
Wordpress Security TipsWordpress Security Tips
Wordpress Security TipsLalit Nama
 
Word press beirut 9th meetup march
Word press beirut 9th meetup marchWord press beirut 9th meetup march
Word press beirut 9th meetup marchFadi Nicolas Zahhar
 

Similar to WordPress Security 101: Essential Security Practices Simplified (20)

Securing your web apps now
Securing your web apps nowSecuring your web apps now
Securing your web apps now
 
ASP.Net Presentation Part3
ASP.Net Presentation Part3ASP.Net Presentation Part3
ASP.Net Presentation Part3
 
Dmytro Kochergin - "The OWASP TOP 10 - Typical Attacks on Web Applications an...
Dmytro Kochergin - "The OWASP TOP 10 - Typical Attacks on Web Applications an...Dmytro Kochergin - "The OWASP TOP 10 - Typical Attacks on Web Applications an...
Dmytro Kochergin - "The OWASP TOP 10 - Typical Attacks on Web Applications an...
 
Neoito — Secure coding practices
Neoito — Secure coding practicesNeoito — Secure coding practices
Neoito — Secure coding practices
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
 
Presentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web ApplicationPresentation on Top 10 Vulnerabilities in Web Application
Presentation on Top 10 Vulnerabilities in Web Application
 
Secure Coding for NodeJS
Secure Coding for NodeJSSecure Coding for NodeJS
Secure Coding for NodeJS
 
Web vulnerabilities
Web vulnerabilitiesWeb vulnerabilities
Web vulnerabilities
 
Drupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersDrupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and Coders
 
Rails Security
Rails SecurityRails Security
Rails Security
 
Cm2 secure code_training_1day_data_protection
Cm2 secure code_training_1day_data_protectionCm2 secure code_training_1day_data_protection
Cm2 secure code_training_1day_data_protection
 
CS166 Final project
CS166 Final projectCS166 Final project
CS166 Final project
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security Hardening
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security Hardening
 
21 05-2018
21 05-201821 05-2018
21 05-2018
 
Presentation on Web Attacks
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web Attacks
 
Hack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingHack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security Training
 
UEMB200: Next Generation of Endpoint Management Architecture and Discovery Se...
UEMB200: Next Generation of Endpoint Management Architecture and Discovery Se...UEMB200: Next Generation of Endpoint Management Architecture and Discovery Se...
UEMB200: Next Generation of Endpoint Management Architecture and Discovery Se...
 
Wordpress Security Tips
Wordpress Security TipsWordpress Security Tips
Wordpress Security Tips
 
Word press beirut 9th meetup march
Word press beirut 9th meetup marchWord press beirut 9th meetup march
Word press beirut 9th meetup march
 

Recently uploaded

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 

Recently uploaded (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 

WordPress Security 101: Essential Security Practices Simplified

  • 2. ● How To Secure Your WP Site ● How To Secure Your Code (for developers) ● Wasting Time In The Name Of Security
  • 4. ○ Use strong passwords passphrases ○ Limit login attempts ○ Use two-factor authentication Secure login
  • 5. ‘Strong Passwords* ’ gone wrong *Courtesy: https://xkcd.com/936/
  • 6. Keep your software up-to-date ◦ WordPress Core ◦ Plugins ◦ Themes ◦ Delete deactivated plugins/themes ◦ Reduce number of plugins/themes ◦ Use only trusted software sources
  • 7. ◦ Change table prefix ◦ Disable file editor ◦ Disallow users from installing plugins & themes. ◦ Set auth keys and salts ◦ Block PHP execution in uploads/temp folders Harden security using wp-config.php Reference Links: https://goo.gl/swDsWX https://goo.gl/RC4ycj
  • 8. ◦ Off-site ◦ History ◦ Quick restore Backup - Basic makeup of a good backup
  • 9. ◦ SFTP over FTP ◦ SSL (https://letsencrypt.org/ for free certificate) ◦ Secure file permissions (dirs: 755, files: 644) ◦ Captcha for login and comments Other settings
  • 10. How To Secure Your Code (for developers)
  • 11. ◦ WP assigns every user a role ◦ Every role has specific set of capabilities ◦ Restrict plugin actions to specific capability Checking user capabilities
  • 13. ◦ Check that required fields have not been left blank, and values match type, etc. ◦ Data validation should be performed as early as possible ◦ Validate Javascript in the front end, and PHP in the back end ◦ Built-in PHP functions + Core WordPress functions. Data Validation
  • 14. ◦ Input data should be sanitized when you don't know what to expect in inputs, or you don't want to be strict with data validation ◦ Use built-in WP helper functions - sanitize_*() series Sanitize Input Data
  • 15. ◦ Whenever you’re rendering data, make sure to properly escape it. ◦ Escaping output prevents XSS (Cross-site scripting) attacks. ◦ Use built-in WP helper functions - esc_*() series Sanitize Output Data
  • 16. ◦ Use nonces to check that the current user actually intends to perform the action. ◦ Use wp_create_nonce() function to add nonce Use nonces
  • 17. Wasting Time In The Name Of Security
  • 18. ◦ Hiding WordPress versions ◦ Hiding login errors ◦ Changing wp-admin locations ◦ Removing readme.html or other files ◦ Disabling XML-RPC
  • 19. ◦ Hardening security ◦ Firewalls ◦ Website antivirus & hack cleaner Security Plugins Reference Links: https://goo.gl/m1maKV