Your SlideShare is downloading. ×
0
WordPress Security Hardening
WordPress Security Hardening
WordPress Security Hardening
WordPress Security Hardening
WordPress Security Hardening
WordPress Security Hardening
WordPress Security Hardening
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

WordPress Security Hardening

710

Published on

Presentation given at WordCamp

Presentation given at WordCamp

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
710
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Transcript

    • 1. Security & Hardening Timothy Wood (@codearachnid) [email_address]
    • 2.
      • Areas of compromise:
        • File (server) system hardening
        • Application software hardening
        • ... and YOU!
      Security & Hardening - Introduction http://www.flickr.com/photos/nbachiyski/1463351154/
    • 3.
      • .htaccess is your friend
        • Lock down folders
        • Lock IPs from admin
      • Secure your database
        • Never (EVER) use root - good user security (http://bit.ly/17vo6y)
        • Change up the defaults
      •  
      •   Server scans & security to prevent and monitor
        • File change monitoring (http://snipit.me/u/11)
        • Routine backups are your friend
        • Lock down the server like with any other site
      Security & Hardening - System Hardening
    • 4.
      • Start with good resources
        • Read reviews of other users
        • Never be the first adopter for production level
        • Write your own tools/plugins
      •  
      • Keep software up to date (core, plugins, themes, etc.)
        • Review changelogs on 3rd party code
        • Monitor "hidden" files (.htaccess) for unapproved changes
        • Routine blog scans http://bit.ly/JK5dw
      • Need to know only
        • Remove tell tale signs (meta, footer links, etc.)
        • Change up the wp-content folder
      Security & Hardening - Application Hardening
    • 5.
        • Rename and Upload the WordPress Folder
          • Disable links to the administration area
        • Extend the file wp-config.php
        • Move & protect the wp-config.php file
        • Delete the admin User Account
        • Choose strong passwords 
        • Protect the wp-admin Directory 
        • Suppress Error Feedback on the Log-In Page
        • Restrict Erroneous Log-In Attempts
      Security & Hardening - App. Admin Hardening FYI source of this slide can be found http://bit.ly/MA32j
    • 6.
        • Login pages should be encrypted
        • Data validation should be done server-side
        • Manage your site via encrypted connection
        • Connect from a secured network
        • Don't share login credentials
        • Maintain a secure workplace
          • Physical
          • Software
        • Use multiple layers of redundancy for protection
      Security & Hardening - Application Hardening
    • 7.
        • This presentation - http://bit.ly/1FGGa
        • WordPress Security Whitepaper - http://is.gd/nbjQ
        • Lorelle on WordPress - http://is.gd/2v9K
        • WordPress File Monitor - http://snipit.me/u/11
        • 20 WordPress Security Plug-ins And Tips To keep Hackers Away- http://bit.ly/fim37
      Security & Hardening - Credits http://www.flickr.com/photos/donncha/134015140/

    ×