Successfully reported this slideshow.
Your SlideShare is downloading. ×

WordPress Security

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 18 Ad
Advertisement

More Related Content

Similar to WordPress Security (20)

Advertisement

Recently uploaded (20)

WordPress Security

  1. 1. WordPress [si-kyoor-i-tee] Barry Abrahamson Automattic Thursday, February 9, 12
  2. 2. • Automattic since 2006 • Scaling / Servers / Security / Stuff • http://barry.wordpress.com/ Thursday, February 9, 12
  3. 3. Four Ws One H • Who • Why • When • Where • How Thursday, February 9, 12
  4. 4. Who Thursday, February 9, 12
  5. 5. Why • Fun • Revenge • Profit • Political Thursday, February 9, 12
  6. 6. When • (In)?Convenient • Least Expected • Coordinated Attacks • 0-day exploits Thursday, February 9, 12
  7. 7. (Every) Where • Shared Hosting • Virtual Private Server • Dedicated Server • Large Enterprises • Even your laptop! Thursday, February 9, 12
  8. 8. How Thursday, February 9, 12
  9. 9. Defacement Thursday, February 9, 12
  10. 10. Spam Links • base64_decode('aHR0cDovLzEyNy4wLjAu MS9oZWxsby1zcGFtbWVyLnBocA=='); • http://127.0.0.1/hello-spammer.php Thursday, February 9, 12
  11. 11. PHP Shell • http://phpshell.sourceforge.net/ • <?php / *00000000000000000000000000000000*/ eval(gzinflate(base64_decode('FZfFzsQ6uk Ufp89RBmHSHYWZsTJphZk5T3// npZKVbY/e++1yisd/qm/dqqG9Cj/y Thursday, February 9, 12
  12. 12. Demo Thursday, February 9, 12
  13. 13. How to Keep Your Site Safe Thursday, February 9, 12
  14. 14. Security Plugins • http://wordpress.org/extend/plugins/ exploit-scanner/ • VaultPress Thursday, February 9, 12
  15. 15. File Permissions • drwxrwxrwx 5 user group 4096 Feb 7 01:35 wp-content/ • drwxr-xr-x 5 user group 4096 Feb 7 01:35 wp-content/ • -rw-r--r-- 1 user group 3371 Feb 7 01:51 wp-config.php • chmod -R 777 Thursday, February 9, 12
  16. 16. Virus Scanner • FTP passwords stolen by viruses on your computer can put your website at risk Thursday, February 9, 12
  17. 17. Conclusion • Securing your website is a lot like securing your house or car. If someone really wants to break in, they probably will, but it is important to lock the doors and windows and have good insurance in case something bad happens. Thursday, February 9, 12
  18. 18. Questions? Thursday, February 9, 12

×