SlideShare a Scribd company logo

WordPress Security by Automattic's Barry Abrahamson

B
Barry Abrahamson

The document summarizes Barry Abrahamson's presentation on WordPress security. It discusses who may attack a WordPress site, when and where attacks can occur, and how they are carried out through techniques like defacement, spam links, and installing PHP shells. The presentation then provides tips on keeping WordPress sites secure through using security plugins, proper file permissions, virus scanning, and concluding that securing a site is like securing a home through locking doors and windows and maintaining backups.

TechnologyBusiness
1 of 18
Download to read offline
WordPress [si-kyoor-i-tee] Barry Abrahamson Automattic Thursday, February 9, 12
• Automattic since 2006 • Scaling / Servers / Security / Stuff • http://barry.wordpress.com/ Thursday, February 9, 12
Four Ws One H • Who • Why • When • Where • How Thursday, February 9, 12
Who Thursday, February 9, 12
Why • Fun • Revenge • Profit • Political Thursday, February 9, 12
When • (In)?Convenient • Least Expected • Coordinated Attacks • 0-day exploits Thursday, February 9, 12
(Every) Where • Shared Hosting • Virtual Private Server • Dedicated Server • Large Enterprises • Even your laptop! Thursday, February 9, 12
How Thursday, February 9, 12
Defacement Thursday, February 9, 12
Spam Links • base64_decode('aHR0cDovLzEyNy4wLjAu MS9oZWxsby1zcGFtbWVyLnBocA=='); • http://127.0.0.1/hello-spammer.php Thursday, February 9, 12
PHP Shell • http://phpshell.sourceforge.net/ • <?php / *00000000000000000000000000000000*/ eval(gzinflate(base64_decode('FZfFzsQ6uk Ufp89RBmHSHYWZsTJphZk5T3// npZKVbY/e++1yisd/qm/dqqG9Cj/y Thursday, February 9, 12
Demo Thursday, February 9, 12
How to Keep Your Site Safe Thursday, February 9, 12
Security Plugins • http://wordpress.org/extend/plugins/ exploit-scanner/ • VaultPress Thursday, February 9, 12
File Permissions • drwxrwxrwx 5 user group 4096 Feb 7 01:35 wp-content/ • drwxr-xr-x 5 user group 4096 Feb 7 01:35 wp-content/ • -rw-r--r-- 1 user group 3371 Feb 7 01:51 wp-config.php • chmod -R 777 Thursday, February 9, 12
Virus Scanner • FTP passwords stolen by viruses on your computer can put your website at risk Thursday, February 9, 12
Conclusion • Securing your website is a lot like securing your house or car. If someone really wants to break in, they probably will, but it is important to lock the doors and windows and have good insurance in case something bad happens. Thursday, February 9, 12
Questions? Thursday, February 9, 12

Recommended

Boston WordPress Meetup July 2014 - Opening Remarks
Boston WordPress Meetup July 2014 - Opening RemarksBoston WordPress Meetup July 2014 - Opening Remarks
Boston WordPress Meetup July 2014 - Opening RemarksBoston WordPress
 
We Economy - Drupalsouth
We Economy - DrupalsouthWe Economy - Drupalsouth
We Economy - DrupalsouthEmma Jane Hogbin Westby
 
WordPress for Beginners
WordPress for BeginnersWordPress for Beginners
WordPress for BeginnersBrad Williams
 
WordCamp Milwaukee 2012 - Contributing to Open Source
WordCamp Milwaukee 2012 - Contributing to Open SourceWordCamp Milwaukee 2012 - Contributing to Open Source
WordCamp Milwaukee 2012 - Contributing to Open Sourcejclermont
 
Online [insert term here] made easy with WordPress
Online [insert term here] made easy with WordPressOnline [insert term here] made easy with WordPress
Online [insert term here] made easy with WordPressKristina D.C. Hoeppner
 
Contributing To WordPress
Contributing To WordPressContributing To WordPress
Contributing To WordPressMark Jaquith
 
FreeEed popcorn overview
FreeEed popcorn overviewFreeEed popcorn overview
FreeEed popcorn overviewMark Kerzner
 
FreeEed presentation
FreeEed presentationFreeEed presentation
FreeEed presentationMark Kerzner
 

Recommended

Boston WordPress Meetup July 2014 - Opening Remarks
Boston WordPress Meetup July 2014 - Opening RemarksBoston WordPress Meetup July 2014 - Opening Remarks
Boston WordPress Meetup July 2014 - Opening RemarksBoston WordPress
 
We Economy - Drupalsouth
We Economy - DrupalsouthWe Economy - Drupalsouth
We Economy - DrupalsouthEmma Jane Hogbin Westby
 
WordPress for Beginners
WordPress for BeginnersWordPress for Beginners
WordPress for BeginnersBrad Williams
 
WordCamp Milwaukee 2012 - Contributing to Open Source
WordCamp Milwaukee 2012 - Contributing to Open SourceWordCamp Milwaukee 2012 - Contributing to Open Source
WordCamp Milwaukee 2012 - Contributing to Open Sourcejclermont
 
Online [insert term here] made easy with WordPress
Online [insert term here] made easy with WordPressOnline [insert term here] made easy with WordPress
Online [insert term here] made easy with WordPressKristina D.C. Hoeppner
 
Contributing To WordPress
Contributing To WordPressContributing To WordPress
Contributing To WordPressMark Jaquith
 
FreeEed popcorn overview
FreeEed popcorn overviewFreeEed popcorn overview
FreeEed popcorn overviewMark Kerzner
 
FreeEed presentation
FreeEed presentationFreeEed presentation
FreeEed presentationMark Kerzner
 
WordCamp Victoria 2013: Plugin Development 2013
WordCamp Victoria 2013: Plugin Development 2013WordCamp Victoria 2013: Plugin Development 2013
WordCamp Victoria 2013: Plugin Development 2013Joey Kudish
 
SSDs are Awesome
SSDs are AwesomeSSDs are Awesome
SSDs are AwesomeBarry Abrahamson
 
Becoming a better WordPress Developer
Becoming a better WordPress DeveloperBecoming a better WordPress Developer
Becoming a better WordPress DeveloperJoey Kudish
 
Custom Post Types in Depth at WordCamp Montreal
Custom Post Types in Depth at WordCamp MontrealCustom Post Types in Depth at WordCamp Montreal
Custom Post Types in Depth at WordCamp MontrealJoey Kudish
 
Rapid CMS enabled site development with Wordpress
Rapid CMS enabled site development with WordpressRapid CMS enabled site development with Wordpress
Rapid CMS enabled site development with WordpressPeter Kaizer
 
125 An Interview With A Teacher
125 An Interview With A Teacher125 An Interview With A Teacher
125 An Interview With A Teacherstarcookie
 
Hcc45 Principals01082007
Hcc45 Principals01082007Hcc45 Principals01082007
Hcc45 Principals01082007roger96
 
What I Hate About Wordpress
What I Hate About WordpressWhat I Hate About Wordpress
What I Hate About WordpressMark Jaquith
 
Client Sites: The Aftermath
Client Sites: The AftermathClient Sites: The Aftermath
Client Sites: The AftermathWPMU DEV
 
Introduction to the Disruptor
Introduction to the DisruptorIntroduction to the Disruptor
Introduction to the DisruptorTrisha Gee
 
GitHub Notable OSS Project
GitHub Notable OSS ProjectGitHub Notable OSS Project
GitHub Notable OSS Projectroumia
 
Optimizing WordPress Performance on Shared Web Hosting
Optimizing WordPress Performance on Shared Web HostingOptimizing WordPress Performance on Shared Web Hosting
Optimizing WordPress Performance on Shared Web HostingJon Brown
 
[Phind] Miracle
[Phind] Miracle[Phind] Miracle
[Phind] MiracleChia-Yu Kuo
 
Adapt and respond: keeping responsive into the future
Adapt and respond: keeping responsive into the futureAdapt and respond: keeping responsive into the future
Adapt and respond: keeping responsive into the futureChris Mills
 
NATO IST Symposium 2013
NATO IST Symposium 2013NATO IST Symposium 2013
NATO IST Symposium 2013Patrick Chanezon
 
WordCamp Philly Review
WordCamp Philly ReviewWordCamp Philly Review
WordCamp Philly Reviewcstrommer
 
Connections Lotusphere Worst Practices 2013
Connections Lotusphere Worst Practices 2013Connections Lotusphere Worst Practices 2013
Connections Lotusphere Worst Practices 2013Bill Buchan
 
Best Practices in Theme Development - WordCamp Orlando 2012
Best Practices in Theme Development - WordCamp Orlando 2012Best Practices in Theme Development - WordCamp Orlando 2012
Best Practices in Theme Development - WordCamp Orlando 2012Easily Amused, Inc. & The WP Valet
 
Measure Everything
Measure EverythingMeasure Everything
Measure EverythingArik Fraimovich
 
LiveRebel + Pragmatic Continuous Delivery (Arcusys)
LiveRebel + Pragmatic Continuous Delivery (Arcusys)LiveRebel + Pragmatic Continuous Delivery (Arcusys)
LiveRebel + Pragmatic Continuous Delivery (Arcusys)Neeme Praks
 
OmniOS Motivation and Design ~ LISA 2012
OmniOS Motivation and Design ~ LISA 2012OmniOS Motivation and Design ~ LISA 2012
OmniOS Motivation and Design ~ LISA 2012Theo Schlossnagle
 
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services 2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services PHP Conference Argentina
 

More Related Content

Viewers also liked

WordCamp Victoria 2013: Plugin Development 2013
WordCamp Victoria 2013: Plugin Development 2013WordCamp Victoria 2013: Plugin Development 2013
WordCamp Victoria 2013: Plugin Development 2013Joey Kudish
 
Becoming a better WordPress Developer
Becoming a better WordPress DeveloperBecoming a better WordPress Developer
Becoming a better WordPress DeveloperJoey Kudish
 
Custom Post Types in Depth at WordCamp Montreal
Custom Post Types in Depth at WordCamp MontrealCustom Post Types in Depth at WordCamp Montreal
Custom Post Types in Depth at WordCamp MontrealJoey Kudish
 
Rapid CMS enabled site development with Wordpress
Rapid CMS enabled site development with WordpressRapid CMS enabled site development with Wordpress
Rapid CMS enabled site development with WordpressPeter Kaizer
 
125 An Interview With A Teacher
125 An Interview With A Teacher125 An Interview With A Teacher
125 An Interview With A Teacherstarcookie
 
Hcc45 Principals01082007
Hcc45 Principals01082007Hcc45 Principals01082007
Hcc45 Principals01082007roger96
 

Viewers also liked (7)

WordCamp Victoria 2013: Plugin Development 2013
WordCamp Victoria 2013: Plugin Development 2013WordCamp Victoria 2013: Plugin Development 2013
WordCamp Victoria 2013: Plugin Development 2013
 
SSDs are Awesome
SSDs are AwesomeSSDs are Awesome
SSDs are Awesome
 
Becoming a better WordPress Developer
Becoming a better WordPress DeveloperBecoming a better WordPress Developer
Becoming a better WordPress Developer
 
Custom Post Types in Depth at WordCamp Montreal
Custom Post Types in Depth at WordCamp MontrealCustom Post Types in Depth at WordCamp Montreal
Custom Post Types in Depth at WordCamp Montreal
 
Rapid CMS enabled site development with Wordpress
Rapid CMS enabled site development with WordpressRapid CMS enabled site development with Wordpress
Rapid CMS enabled site development with Wordpress
 
125 An Interview With A Teacher
125 An Interview With A Teacher125 An Interview With A Teacher
125 An Interview With A Teacher
 
Hcc45 Principals01082007
Hcc45 Principals01082007Hcc45 Principals01082007
Hcc45 Principals01082007
 

Similar to WordPress Security by Automattic's Barry Abrahamson

What I Hate About Wordpress
What I Hate About WordpressWhat I Hate About Wordpress
What I Hate About WordpressMark Jaquith
 
Client Sites: The Aftermath
Client Sites: The AftermathClient Sites: The Aftermath
Client Sites: The AftermathWPMU DEV
 
Introduction to the Disruptor
Introduction to the DisruptorIntroduction to the Disruptor
Introduction to the DisruptorTrisha Gee
 
GitHub Notable OSS Project
GitHub Notable OSS ProjectGitHub Notable OSS Project
GitHub Notable OSS Projectroumia
 
Optimizing WordPress Performance on Shared Web Hosting
Optimizing WordPress Performance on Shared Web HostingOptimizing WordPress Performance on Shared Web Hosting
Optimizing WordPress Performance on Shared Web HostingJon Brown
 
Adapt and respond: keeping responsive into the future
Adapt and respond: keeping responsive into the futureAdapt and respond: keeping responsive into the future
Adapt and respond: keeping responsive into the futureChris Mills
 
WordCamp Philly Review
WordCamp Philly ReviewWordCamp Philly Review
WordCamp Philly Reviewcstrommer
 
Connections Lotusphere Worst Practices 2013
Connections Lotusphere Worst Practices 2013Connections Lotusphere Worst Practices 2013
Connections Lotusphere Worst Practices 2013Bill Buchan
 
LiveRebel + Pragmatic Continuous Delivery (Arcusys)
LiveRebel + Pragmatic Continuous Delivery (Arcusys)LiveRebel + Pragmatic Continuous Delivery (Arcusys)
LiveRebel + Pragmatic Continuous Delivery (Arcusys)Neeme Praks
 
OmniOS Motivation and Design ~ LISA 2012
OmniOS Motivation and Design ~ LISA 2012OmniOS Motivation and Design ~ LISA 2012
OmniOS Motivation and Design ~ LISA 2012Theo Schlossnagle
 
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services 2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services PHP Conference Argentina
 
Escalando una PHP App con DB sharding - PHP Conference
Escalando una PHP App con DB sharding - PHP ConferenceEscalando una PHP App con DB sharding - PHP Conference
Escalando una PHP App con DB sharding - PHP ConferenceMatias Paterlini
 
Performance for Product Developers
Performance for Product DevelopersPerformance for Product Developers
Performance for Product DevelopersMatthew Wilkes
 
Ryan Tech Tools EWBC 2012
Ryan Tech Tools EWBC 2012Ryan Tech Tools EWBC 2012
Ryan Tech Tools EWBC 2012Ryan Opaz
 
Software Libraries And Numbers
Software Libraries And NumbersSoftware Libraries And Numbers
Software Libraries And NumbersRobert Reiz
 
Web 2.0 - Teaching and Learning in the Cloud
Web 2.0 - Teaching and Learning in the CloudWeb 2.0 - Teaching and Learning in the Cloud
Web 2.0 - Teaching and Learning in the CloudChris Penny
 

Similar to WordPress Security by Automattic's Barry Abrahamson (20)

What I Hate About Wordpress
What I Hate About WordpressWhat I Hate About Wordpress
What I Hate About Wordpress
 
Client Sites: The Aftermath
Client Sites: The AftermathClient Sites: The Aftermath
Client Sites: The Aftermath
 
Introduction to the Disruptor
Introduction to the DisruptorIntroduction to the Disruptor
Introduction to the Disruptor
 
GitHub Notable OSS Project
GitHub Notable OSS ProjectGitHub Notable OSS Project
GitHub Notable OSS Project
 
Optimizing WordPress Performance on Shared Web Hosting
Optimizing WordPress Performance on Shared Web HostingOptimizing WordPress Performance on Shared Web Hosting
Optimizing WordPress Performance on Shared Web Hosting
 
[Phind] Miracle
[Phind] Miracle[Phind] Miracle
[Phind] Miracle
 
Adapt and respond: keeping responsive into the future
Adapt and respond: keeping responsive into the futureAdapt and respond: keeping responsive into the future
Adapt and respond: keeping responsive into the future
 
NATO IST Symposium 2013
NATO IST Symposium 2013NATO IST Symposium 2013
NATO IST Symposium 2013
 
WordCamp Philly Review
WordCamp Philly ReviewWordCamp Philly Review
WordCamp Philly Review
 
Connections Lotusphere Worst Practices 2013
Connections Lotusphere Worst Practices 2013Connections Lotusphere Worst Practices 2013
Connections Lotusphere Worst Practices 2013
 
Best Practices in Theme Development - WordCamp Orlando 2012
Best Practices in Theme Development - WordCamp Orlando 2012Best Practices in Theme Development - WordCamp Orlando 2012
Best Practices in Theme Development - WordCamp Orlando 2012
 
Measure Everything
Measure EverythingMeasure Everything
Measure Everything
 
LiveRebel + Pragmatic Continuous Delivery (Arcusys)
LiveRebel + Pragmatic Continuous Delivery (Arcusys)LiveRebel + Pragmatic Continuous Delivery (Arcusys)
LiveRebel + Pragmatic Continuous Delivery (Arcusys)
 
OmniOS Motivation and Design ~ LISA 2012
OmniOS Motivation and Design ~ LISA 2012OmniOS Motivation and Design ~ LISA 2012
OmniOS Motivation and Design ~ LISA 2012
 
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services 2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services
2013 - Matías Paterlini: Escalando PHP con sharding y Amazon Web Services
 
Escalando una PHP App con DB sharding - PHP Conference
Escalando una PHP App con DB sharding - PHP ConferenceEscalando una PHP App con DB sharding - PHP Conference
Escalando una PHP App con DB sharding - PHP Conference
 
Performance for Product Developers
Performance for Product DevelopersPerformance for Product Developers
Performance for Product Developers
 
Ryan Tech Tools EWBC 2012
Ryan Tech Tools EWBC 2012Ryan Tech Tools EWBC 2012
Ryan Tech Tools EWBC 2012
 
Software Libraries And Numbers
Software Libraries And NumbersSoftware Libraries And Numbers
Software Libraries And Numbers
 
Web 2.0 - Teaching and Learning in the Cloud
Web 2.0 - Teaching and Learning in the CloudWeb 2.0 - Teaching and Learning in the Cloud
Web 2.0 - Teaching and Learning in the Cloud
 

Recently uploaded

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Recently uploaded (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

WordPress Security by Automattic's Barry Abrahamson

  • 1. WordPress [si-kyoor-i-tee] Barry Abrahamson Automattic Thursday, February 9, 12
  • 2. • Automattic since 2006 • Scaling / Servers / Security / Stuff • http://barry.wordpress.com/ Thursday, February 9, 12
  • 3. Four Ws One H • Who • Why • When • Where • How Thursday, February 9, 12
  • 5. Why • Fun • Revenge • Profit • Political Thursday, February 9, 12
  • 6. When • (In)?Convenient • Least Expected • Coordinated Attacks • 0-day exploits Thursday, February 9, 12
  • 7. (Every) Where • Shared Hosting • Virtual Private Server • Dedicated Server • Large Enterprises • Even your laptop! Thursday, February 9, 12
  • 10. Spam Links • base64_decode('aHR0cDovLzEyNy4wLjAu MS9oZWxsby1zcGFtbWVyLnBocA=='); • http://127.0.0.1/hello-spammer.php Thursday, February 9, 12
  • 11. PHP Shell • http://phpshell.sourceforge.net/ • <?php / *00000000000000000000000000000000*/ eval(gzinflate(base64_decode('FZfFzsQ6uk Ufp89RBmHSHYWZsTJphZk5T3// npZKVbY/e++1yisd/qm/dqqG9Cj/y Thursday, February 9, 12
  • 13. How to Keep Your Site Safe Thursday, February 9, 12
  • 14. Security Plugins • http://wordpress.org/extend/plugins/ exploit-scanner/ • VaultPress Thursday, February 9, 12
  • 15. File Permissions • drwxrwxrwx 5 user group 4096 Feb 7 01:35 wp-content/ • drwxr-xr-x 5 user group 4096 Feb 7 01:35 wp-content/ • -rw-r--r-- 1 user group 3371 Feb 7 01:51 wp-config.php • chmod -R 777 Thursday, February 9, 12
  • 16. Virus Scanner • FTP passwords stolen by viruses on your computer can put your website at risk Thursday, February 9, 12
  • 17. Conclusion • Securing your website is a lot like securing your house or car. If someone really wants to break in, they probably will, but it is important to lock the doors and windows and have good insurance in case something bad happens. Thursday, February 9, 12