Successfully reported this slideshow.
Your SlideShare is downloading. ×

A few words on WordPress security

Oct. 25, 2016
0 likes 1,051 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Volley Android
Volley Android
Loading in …3
×

Check these out next

WORLD GLUCOMA DAY AWARENESS DAY 2023 (2).pptx
anjalatchi
003065 MC JZ CUMI.pdf
YenniOktavia1
CASE REPORT OF LAQSHYA INITIATIVE PPT.pptx
anjalatchi
ABN Oppa - IT Operations 2023 - EN .pdf
Steven Nguyen
How-to-Build-a-Career-in-AI.pdf
Dustin Liu
Notes.pptx
FaisalMisbah2
React js developers for hire
AlifiyaMustafa2
WORLD GLUCOMA DAY AWARENESS DAY 2023 (1).pptx
anjalatchi
1 of 20 Ad

A few words on WordPress security

Oct. 25, 2016
0 likes 1,051 views
Internet

Talk over WordPress security

Talk over WordPress security

Internet
Advertisement

Recommended

Volley Android
zezzi Castillo
3.3k views
21 slides
Squidinstallation
Chirag Gupta
1.9k views
11 slides
Ruby and Framework Security
Creston Jamison
523 views
7 slides
AWS Fargate - Abstraindo Infraestrutura de Containers - 2 devday Jaragua do S...
Alexandre Fonsttret
94 views
33 slides
Ansible ssh y comandos ad-hoc
Raul Hugo
574 views
10 slides
Joomla! Day Poland 2012 - Active Security for Joomla! sites
Nicholas Dionysopoulos
1.3k views
35 slides
How to install and configure lamp (linux,apache mysql mariadb,php) with jooml...
cloudministerdev
493 views
13 slides
Praktikum 1-3 install nessus
Syaiful Ahdan
71 views
17 slides
Advertisement

More Related Content

Recently uploaded (20)

WORLD GLUCOMA DAY AWARENESS DAY 2023 (2).pptx
anjalatchi
0 views
003065 MC JZ CUMI.pdf
YenniOktavia1
2 views
CASE REPORT OF LAQSHYA INITIATIVE PPT.pptx
anjalatchi
0 views
ABN Oppa - IT Operations 2023 - EN .pdf
Steven Nguyen
2 views
How-to-Build-a-Career-in-AI.pdf
Dustin Liu
20 views
Notes.pptx
FaisalMisbah2
0 views
React js developers for hire
AlifiyaMustafa2
2 views
WORLD GLUCOMA DAY AWARENESS DAY 2023 (1).pptx
anjalatchi
4 views
Unit-IV EMR b.sc II sem 2022.pptx
anjalatchi
0 views
ns.project.pptx
PrincePatel272012
0 views
CONCURRENT TERNARY GALOIS-BASED COMPUTATION USING NANO-APEX MULTIPLEXING NIBS...
VLSICS Design
3 views
Chat Bot .pptx
analyticsdada
4 views
S05.s2-Preparación para la PC1 (material) 2022 marzo.docx
AntonyTarazonaPielag
0 views
wirelessnetworks-ppt-140909071911-phpapp02.pdf
kouyepwanko
0 views
Importance of hand washing.pptx
anjalatchi
0 views
Chapter_12.ppt
Suresh Waghmode
3 views
Digital 2022 Global Overview Report Essentials.pdf
WalidMorchid
8 views
Unit 3 - Cyber Crime.pptx
ssuserb73103
0 views
Cover page.docx
Shubhamsingh512028
0 views
Bharat FiberNet.pdf
BharatFiber
3 views
WORLD GLUCOMA DAY AWARENESS DAY 2023 (2).pptx
anjalatchi
0 views
33 slides
003065 MC JZ CUMI.pdf
YenniOktavia1
2 views
1 slide
CASE REPORT OF LAQSHYA INITIATIVE PPT.pptx
anjalatchi
0 views
15 slides
ABN Oppa - IT Operations 2023 - EN .pdf
Steven Nguyen
2 views
15 slides
How-to-Build-a-Career-in-AI.pdf
Dustin Liu
20 views
41 slides
Notes.pptx
FaisalMisbah2
0 views
10 slides

Featured (20)

10 Steps great leaders take when things go wrong
GetSmarter
78.9k views
Forgotten women in tech history.
Domo
141.1k views
A Product Manager's Job
joshelman
799.6k views
Top 10 Tips for Getting a Good Night's Sleep
Dana-Farber Cancer Institute
48.7k views
The Road to Financial Wellness
Experian_US
8.4k views
24 Time Management Hacks to Develop for Increased Productivity
Iulian Olariu
1.9M views
GO BRAND YOURSELF. How to land a job with personal branding in 5 steps
Lorenzo Galbiati
194.6k views
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
2M views
Global Diversity, Equity, and Inclusion Debrief
McKinsey & Company
20.7k views
The Minimum Loveable Product
The Happy Startup School
4.1M views
Six things to remember while writing feedback 2020
Rajesh Soundararajan
4.7k views
20 Steps To Your Life Passion
Barrie Davenport
31.5k views
LinkedIn on Mentorship #thankyourmentor
LinkedIn Editors' Picks
194k views
The Unintended Outcomes of Unconscious Bias in Performance Management
InsideOut Development
5.7k views
Science of music for work productivity
PGi
19.4k views
Inspirational Lessons Learned From Martin Luther King Jr.
Eagles Talent Speakers Bureau
30.4k views
12 Resolutions for a Great Year at Work
O.C. Tanner
29.8k views
Machine Learning: A Fast Review
Ahmad Ali Abin
19.2k views
Does your motivation need a kick start?
University of Southern Queensland
23.5k views
Better than a New Year's Resolution: A New Mindset
Deepak Chopra MD (official)
308.5k views
10 Steps great leaders take when things go wrong
GetSmarter
78.9k views
63 slides
Forgotten women in tech history.
Domo
141.1k views
12 slides
A Product Manager's Job
joshelman
799.6k views
35 slides
Top 10 Tips for Getting a Good Night's Sleep
Dana-Farber Cancer Institute
48.7k views
18 slides
The Road to Financial Wellness
Experian_US
8.4k views
63 slides
24 Time Management Hacks to Develop for Increased Productivity
Iulian Olariu
1.9M views
26 slides
Advertisement

A few words on WordPress security

  1. 1. WordPress & security Pieter Daalder A few words on dinsdag 25 oktober 16
  2. 2. What can go wrong? dinsdag 25 oktober 16
  3. 3. Bruteforce attempt on wp-login.php Bruteforce attempt using xmlrpc.php (system.multicall anyone?) dinsdag 25 oktober 16
  4. 4. dinsdag 25 oktober 16
  5. 5. What can I do? dinsdag 25 oktober 16
  6. 6. securing xmlrpc.php secure your login page monitor changes on the filesystem run updates get a secure hostingprovider other considerations dinsdag 25 oktober 16
  7. 7. why are we doing this? DDoS via XML-RPC pingbacks brute force attacks via XML-RPC dinsdag 25 oktober 16
  8. 8. blocking requests <Files "xmlrpc.php"> Order Allow,Deny deny from all </Files> <security> <requestFiltering> <denyUrlSequences> <add sequence="xmlrpc.php" /> </denyUrlSequences> </requestFiltering> </security> dinsdag 25 oktober 16
  9. 9. blocking requests Web Application Firewall dinsdag 25 oktober 16
  10. 10. securing xmlrpc.php secure your login page monitor changes on the filesystem run updates get a secure hostingprovider other considerations dinsdag 25 oktober 16
  11. 11. 2 factor authentication (2FA) prevent bruteforce attempts disable default errors disable author pages dinsdag 25 oktober 16
  12. 12. securing xmlrpc.php secure your login page monitor changes on the filesystem run updates get a secure hostingprovider other considerations dinsdag 25 oktober 16
  13. 13. Use inotify to monitor your filesystem access modify attrib open create delete watch for files being accessed watch if files are being written to watch if metadata is altered watch if a file is opened watch if a file is created watch if a file is deleted dinsdag 25 oktober 16
  14. 14. securing xmlrpc.php secure your login page monitor changes on the filesystem run updates get a secure hostingprovider other considerations dinsdag 25 oktober 16
  15. 15. securing xmlrpc.php secure your login page monitor changes on the filesystem run updates get a secure hostingprovider other considerations dinsdag 25 oktober 16
  16. 16. support recent versions of PHP offer SSL good customer service regular and tested backups DDOS prevention & intrusion detection dinsdag 25 oktober 16
  17. 17. securing xmlrpc.php secure your login page monitor changes on the filesystem run updates get a secure hostingprovider other considerations dinsdag 25 oktober 16
  18. 18. username and password disable file editor least privileged principles know your code delete unused plugins/themes obscure the login page dinsdag 25 oktober 16
  19. 19. Thank you for your time Pieter Daalder @w1zz Vevida WordPress expert cooking (esp. bbq) gardening videogames dinsdag 25 oktober 16
  20. 20. Questions? dinsdag 25 oktober 16

×