SlideShare a Scribd company logo

Why WordPress Works

B
bekee

As the world's most popular open-source website platform WordPress gets a lot of criticism. But it is a versatile platform that makes amazing things possible. We'll talk about rumored "security issues" and how you can keep your site safe.

Technology
1 of 15
Download to read offline
Hi, I’m Bekee Gibson! 🙋 Director of CMS at Earthling Interactive • Developer, Team Lead, Project Manager for 6y • Madison WordPress Meetup Organizer for 3y • Technerd from wayback Some things I enjoy away from the computer: 🥘 Fooding 🧶 Knitting, a lot ☢ Fallout 4
What is WordPress? WordPress is a Content Management System. It is much more than a blogging platform. It’s Open Source, easy to use, and can be customized to fit your needs, the needs of your staff, and, most importantly, your customers.
Why is WordPress a target? 🎯 All websites on the internet are vulnerable to hacking attempts, so why does WordPress get a bad rap? WordPress runs 64% of all CMS sites, or 38% of all websites on the Internet. Those odds are pretty good if your goal is to harvest passwords.
Why WordPress Fails No, you’re not at the wrong presentation. 🤓 🤓🤓 🤓🤓🤓 🤓🤓🤓🤓
Why WordPress Fails ● Insecure Hosting ● Weak Passwords ● Users and admin access ● Default setup and configuration ● Core out of date ● Plugins & Themes ○ Out of date ○ Out of development ○ Out of service These all have a common element: A Human Choice
WordPress works when you work with it Fundamentally, security is not about perfectly secure systems. Such a thing might well be impractical, or impossible to find and/or maintain. What security is though is risk reduction, not risk elimination. It’s about employing all the appropriate controls available to you, within reason, that allow you to improve your overall posture reducing the odds of making yourself a target, subsequently getting hacked. – WordPress Security Codex
Why WordPress Works Decide about hosting ● 🤓 Shared ● 🤓🤓 Virtual Private Server (VPS) ● 🤓🤓🤓🤓 Dedicated (On Prem) ● 🤓🤓 Managed
Enforce a password policy Why WordPress Works
Enforce Two-factor Authorization (2FA) Why WordPress Works
Why WordPress Works Users and admin access ● 🤓 Make sure ‘admin’ is not a username ● 🤓 Create second admin user, remove the first ● 🤓 Audit users and their roles SELECT * FROM wp_users WHERE ID=1
Why WordPress Works Setup and configuration ● 🤓 Change database table prefix ● 🤓🤓🤓 Obfuscate, hide, or chmod wp-config.php ○ CHMOD 440 wp-config.php ● 🤓🤓 Disable file editing from the Dashboard ○ define('DISALLOW_FILE_EDIT', true); ● 🤓 Serve your site over HTTPS ● 🤓🤓🤓🤓 Use a code repository
Why WordPress Works Keep Core updated ● 🤓 Automatic Background Updates ● Update and test ○ 🤓🤓🤓 Local ○ 🤓🤓 Staging
Why WordPress Works Know your Plugins & Themes ● Keep them updated ● Check on the status ● Get from trusted sources
Why WordPress Works “I’m just a small business with a website, I’m not a target for hackers!” 🏢 vs 🏬 This all sounds like a lot, but you don’t have to do it alone. 🤝
Why WordPress Works Et voilà! Questions?

Recommended

Word press beirut 9th meetup march
Word press beirut 9th meetup marchWord press beirut 9th meetup march
Word press beirut 9th meetup marchFadi Nicolas Zahhar
 
Speed Up WordPress
Speed Up WordPressSpeed Up WordPress
Speed Up WordPressAbul Khayer
 
Websites for Hackers
Websites for HackersWebsites for Hackers
Websites for HackersChris Antes
 
WordPress security & sanitation for beginners
WordPress security & sanitation for beginnersWordPress security & sanitation for beginners
WordPress security & sanitation for beginnersD'nelle Dowis
 
Community Code: Macadamian
Community Code: MacadamianCommunity Code: Macadamian
Community Code: MacadamianSencha
 
Top 10 website optimizations tips
Top 10 website optimizations tipsTop 10 website optimizations tips
Top 10 website optimizations tipskatyaweb
 
Ctrl+F5 Ahmedabad, 2017 - BOOST THE PERFORMANCE OF WORDPRESS WEBSITES by Prat...
Ctrl+F5 Ahmedabad, 2017 - BOOST THE PERFORMANCE OF WORDPRESS WEBSITES by Prat...Ctrl+F5 Ahmedabad, 2017 - BOOST THE PERFORMANCE OF WORDPRESS WEBSITES by Prat...
Ctrl+F5 Ahmedabad, 2017 - BOOST THE PERFORMANCE OF WORDPRESS WEBSITES by Prat...ResellerClub
 
bootstrap
bootstrap bootstrap
bootstrap Lokesh Sharma
 

Recommended

Word press beirut 9th meetup march
Word press beirut 9th meetup marchWord press beirut 9th meetup march
Word press beirut 9th meetup marchFadi Nicolas Zahhar
 
Speed Up WordPress
Speed Up WordPressSpeed Up WordPress
Speed Up WordPressAbul Khayer
 
Websites for Hackers
Websites for HackersWebsites for Hackers
Websites for HackersChris Antes
 
WordPress security & sanitation for beginners
WordPress security & sanitation for beginnersWordPress security & sanitation for beginners
WordPress security & sanitation for beginnersD'nelle Dowis
 
Community Code: Macadamian
Community Code: MacadamianCommunity Code: Macadamian
Community Code: MacadamianSencha
 
Top 10 website optimizations tips
Top 10 website optimizations tipsTop 10 website optimizations tips
Top 10 website optimizations tipskatyaweb
 
Ctrl+F5 Ahmedabad, 2017 - BOOST THE PERFORMANCE OF WORDPRESS WEBSITES by Prat...
Ctrl+F5 Ahmedabad, 2017 - BOOST THE PERFORMANCE OF WORDPRESS WEBSITES by Prat...Ctrl+F5 Ahmedabad, 2017 - BOOST THE PERFORMANCE OF WORDPRESS WEBSITES by Prat...
Ctrl+F5 Ahmedabad, 2017 - BOOST THE PERFORMANCE OF WORDPRESS WEBSITES by Prat...ResellerClub
 
bootstrap
bootstrap bootstrap
bootstrap Lokesh Sharma
 
WebAssembly with Rust
WebAssembly with RustWebAssembly with Rust
WebAssembly with RustKnoldus Inc.
 
Career on WordPress: How to get started with WordPress
Career on WordPress: How to get started with WordPressCareer on WordPress: How to get started with WordPress
Career on WordPress: How to get started with WordPressEunus Hosen
 
WeBB MeetUp#1 Web applications caching techniques
WeBB MeetUp#1 Web applications caching techniquesWeBB MeetUp#1 Web applications caching techniques
WeBB MeetUp#1 Web applications caching techniquesMaciej Grajcarek
 
Automate your WordPress Workflow with Grunt.js
Automate your WordPress Workflow with Grunt.jsAutomate your WordPress Workflow with Grunt.js
Automate your WordPress Workflow with Grunt.jsJosh Lee
 
Improving WordPress Performance: Xdebug and PHP profiling
Improving WordPress Performance: Xdebug and PHP profilingImproving WordPress Performance: Xdebug and PHP profiling
Improving WordPress Performance: Xdebug and PHP profilingSeravo
 
Content Management Without the Killing
Content Management Without the KillingContent Management Without the Killing
Content Management Without the KillingDrew McLellan
 
Jump start php environment
Jump start php environmentJump start php environment
Jump start php environmentAdrian Sandu
 
WORDPRESS
WORDPRESSWORDPRESS
WORDPRESSAkhil Kumar
 
Caching and Optimization By M Asif Rahman @ WordCamp Orlando 2012 Final
Caching and Optimization By M Asif Rahman @ WordCamp Orlando 2012 FinalCaching and Optimization By M Asif Rahman @ WordCamp Orlando 2012 Final
Caching and Optimization By M Asif Rahman @ WordCamp Orlando 2012 FinalM Asif Rahman
 
wp cli- don’t fear the command line
wp cli- don’t fear the command linewp cli- don’t fear the command line
wp cli- don’t fear the command lineDwayne McDaniel
 
Bootstrap - What the hell is it
Bootstrap - What the hell is itBootstrap - What the hell is it
Bootstrap - What the hell is itLaPlante Web Development
 
Securing your WordPress powered Website
Securing your WordPress powered WebsiteSecuring your WordPress powered Website
Securing your WordPress powered WebsitePratik Jagdishwala
 
A crash course in scaling wordpress
A crash course in scaling wordpress A crash course in scaling wordpress
A crash course in scaling wordpress GovLoop
 
WordPress.org & Optimizing Security for your WordPress sites
WordPress.org & Optimizing Security for your WordPress sitesWordPress.org & Optimizing Security for your WordPress sites
WordPress.org & Optimizing Security for your WordPress sitesGovLoop
 
Learning gutenberg css tricks
Learning gutenberg css tricksLearning gutenberg css tricks
Learning gutenberg css tricksElliott Richmond
 
DrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea LegsDrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea Legsericthelast
 
20120621 creating rich, responsive display and editor
20120621 creating rich, responsive display and editor20120621 creating rich, responsive display and editor
20120621 creating rich, responsive display and editorBIWUG
 
WordPress Theme Development Workflow with Node.js, Ruby, Sass, Bower and Grunt
WordPress Theme Development Workflow with Node.js, Ruby, Sass, Bower and GruntWordPress Theme Development Workflow with Node.js, Ruby, Sass, Bower and Grunt
WordPress Theme Development Workflow with Node.js, Ruby, Sass, Bower and GruntBrajeshwar Oinam
 
Hugo in Action: website creation made painless
Hugo in Action: website creation made painlessHugo in Action: website creation made painless
Hugo in Action: website creation made painlessManning Publications
 
How to optimize and speed-up your website. The complete guide.
How to optimize and speed-up your website. The complete guide.How to optimize and speed-up your website. The complete guide.
How to optimize and speed-up your website. The complete guide.Adam Mucha
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionPratik Jagdishwala
 
Staying Connected: Securing Your WordPress Website
Staying Connected: Securing Your WordPress WebsiteStaying Connected: Securing Your WordPress Website
Staying Connected: Securing Your WordPress WebsiteRaymund Mitchell
 

More Related Content

What's hot

WebAssembly with Rust
WebAssembly with RustWebAssembly with Rust
WebAssembly with RustKnoldus Inc.
 
Career on WordPress: How to get started with WordPress
Career on WordPress: How to get started with WordPressCareer on WordPress: How to get started with WordPress
Career on WordPress: How to get started with WordPressEunus Hosen
 
WeBB MeetUp#1 Web applications caching techniques
WeBB MeetUp#1 Web applications caching techniquesWeBB MeetUp#1 Web applications caching techniques
WeBB MeetUp#1 Web applications caching techniquesMaciej Grajcarek
 
Automate your WordPress Workflow with Grunt.js
Automate your WordPress Workflow with Grunt.jsAutomate your WordPress Workflow with Grunt.js
Automate your WordPress Workflow with Grunt.jsJosh Lee
 
Improving WordPress Performance: Xdebug and PHP profiling
Improving WordPress Performance: Xdebug and PHP profilingImproving WordPress Performance: Xdebug and PHP profiling
Improving WordPress Performance: Xdebug and PHP profilingSeravo
 
Content Management Without the Killing
Content Management Without the KillingContent Management Without the Killing
Content Management Without the KillingDrew McLellan
 
Jump start php environment
Jump start php environmentJump start php environment
Jump start php environmentAdrian Sandu
 
Caching and Optimization By M Asif Rahman @ WordCamp Orlando 2012 Final
Caching and Optimization By M Asif Rahman @ WordCamp Orlando 2012 FinalCaching and Optimization By M Asif Rahman @ WordCamp Orlando 2012 Final
Caching and Optimization By M Asif Rahman @ WordCamp Orlando 2012 FinalM Asif Rahman
 
wp cli- don’t fear the command line
wp cli- don’t fear the command linewp cli- don’t fear the command line
wp cli- don’t fear the command lineDwayne McDaniel
 
Securing your WordPress powered Website
Securing your WordPress powered WebsiteSecuring your WordPress powered Website
Securing your WordPress powered WebsitePratik Jagdishwala
 
A crash course in scaling wordpress
A crash course in scaling wordpress A crash course in scaling wordpress
A crash course in scaling wordpress GovLoop
 
WordPress.org & Optimizing Security for your WordPress sites
WordPress.org & Optimizing Security for your WordPress sitesWordPress.org & Optimizing Security for your WordPress sites
WordPress.org & Optimizing Security for your WordPress sitesGovLoop
 
Learning gutenberg css tricks
Learning gutenberg css tricksLearning gutenberg css tricks
Learning gutenberg css tricksElliott Richmond
 
DrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea LegsDrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea Legsericthelast
 
20120621 creating rich, responsive display and editor
20120621 creating rich, responsive display and editor20120621 creating rich, responsive display and editor
20120621 creating rich, responsive display and editorBIWUG
 
WordPress Theme Development Workflow with Node.js, Ruby, Sass, Bower and Grunt
WordPress Theme Development Workflow with Node.js, Ruby, Sass, Bower and GruntWordPress Theme Development Workflow with Node.js, Ruby, Sass, Bower and Grunt
WordPress Theme Development Workflow with Node.js, Ruby, Sass, Bower and GruntBrajeshwar Oinam
 
Hugo in Action: website creation made painless
Hugo in Action: website creation made painlessHugo in Action: website creation made painless
Hugo in Action: website creation made painlessManning Publications
 
How to optimize and speed-up your website. The complete guide.
How to optimize and speed-up your website. The complete guide.How to optimize and speed-up your website. The complete guide.
How to optimize and speed-up your website. The complete guide.Adam Mucha
 

What's hot (20)

WebAssembly with Rust
WebAssembly with RustWebAssembly with Rust
WebAssembly with Rust
 
Career on WordPress: How to get started with WordPress
Career on WordPress: How to get started with WordPressCareer on WordPress: How to get started with WordPress
Career on WordPress: How to get started with WordPress
 
WeBB MeetUp#1 Web applications caching techniques
WeBB MeetUp#1 Web applications caching techniquesWeBB MeetUp#1 Web applications caching techniques
WeBB MeetUp#1 Web applications caching techniques
 
Automate your WordPress Workflow with Grunt.js
Automate your WordPress Workflow with Grunt.jsAutomate your WordPress Workflow with Grunt.js
Automate your WordPress Workflow with Grunt.js
 
Improving WordPress Performance: Xdebug and PHP profiling
Improving WordPress Performance: Xdebug and PHP profilingImproving WordPress Performance: Xdebug and PHP profiling
Improving WordPress Performance: Xdebug and PHP profiling
 
Content Management Without the Killing
Content Management Without the KillingContent Management Without the Killing
Content Management Without the Killing
 
Jump start php environment
Jump start php environmentJump start php environment
Jump start php environment
 
WORDPRESS
WORDPRESSWORDPRESS
WORDPRESS
 
Caching and Optimization By M Asif Rahman @ WordCamp Orlando 2012 Final
Caching and Optimization By M Asif Rahman @ WordCamp Orlando 2012 FinalCaching and Optimization By M Asif Rahman @ WordCamp Orlando 2012 Final
Caching and Optimization By M Asif Rahman @ WordCamp Orlando 2012 Final
 
wp cli- don’t fear the command line
wp cli- don’t fear the command linewp cli- don’t fear the command line
wp cli- don’t fear the command line
 
Bootstrap - What the hell is it
Bootstrap - What the hell is itBootstrap - What the hell is it
Bootstrap - What the hell is it
 
Securing your WordPress powered Website
Securing your WordPress powered WebsiteSecuring your WordPress powered Website
Securing your WordPress powered Website
 
A crash course in scaling wordpress
A crash course in scaling wordpress A crash course in scaling wordpress
A crash course in scaling wordpress
 
WordPress.org & Optimizing Security for your WordPress sites
WordPress.org & Optimizing Security for your WordPress sitesWordPress.org & Optimizing Security for your WordPress sites
WordPress.org & Optimizing Security for your WordPress sites
 
Learning gutenberg css tricks
Learning gutenberg css tricksLearning gutenberg css tricks
Learning gutenberg css tricks
 
DrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea LegsDrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea Legs
 
20120621 creating rich, responsive display and editor
20120621 creating rich, responsive display and editor20120621 creating rich, responsive display and editor
20120621 creating rich, responsive display and editor
 
WordPress Theme Development Workflow with Node.js, Ruby, Sass, Bower and Grunt
WordPress Theme Development Workflow with Node.js, Ruby, Sass, Bower and GruntWordPress Theme Development Workflow with Node.js, Ruby, Sass, Bower and Grunt
WordPress Theme Development Workflow with Node.js, Ruby, Sass, Bower and Grunt
 
Hugo in Action: website creation made painless
Hugo in Action: website creation made painlessHugo in Action: website creation made painless
Hugo in Action: website creation made painless
 
How to optimize and speed-up your website. The complete guide.
How to optimize and speed-up your website. The complete guide.How to optimize and speed-up your website. The complete guide.
How to optimize and speed-up your website. The complete guide.
 

Similar to Why WordPress Works

ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionPratik Jagdishwala
 
Staying Connected: Securing Your WordPress Website
Staying Connected: Securing Your WordPress WebsiteStaying Connected: Securing Your WordPress Website
Staying Connected: Securing Your WordPress WebsiteRaymund Mitchell
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
Word press security checklist
Word press security checklistWord press security checklist
Word press security checklistSanjay Dabhoya
 
Care and feeding of your website
Care and feeding of your websiteCare and feeding of your website
Care and feeding of your websiteShawn DeWolfe
 
How to create a website in wordpress
How to create a website in wordpressHow to create a website in wordpress
How to create a website in wordpressMarkupBox
 
Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Brad Williams
 
Word press security 101 2018
Word press security 101 2018 Word press security 101 2018
Word press security 101 2018 Laura Hartwig
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and SecurityThink Media Inc.
 
Self vs Managed WordPress Hosting : An In-Depth Comparison [2023]
Self vs Managed WordPress Hosting : An In-Depth Comparison [2023]Self vs Managed WordPress Hosting : An In-Depth Comparison [2023]
Self vs Managed WordPress Hosting : An In-Depth Comparison [2023]WPWhiteBoard
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
Basic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedBasic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedNile Flores
 
XP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applicationsXP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applicationsVlad Fedosov
 
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...Jan Löffler
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress SecurityNile Flores
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo
 

Similar to Why WordPress Works (20)

ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security session
 
Staying Connected: Securing Your WordPress Website
Staying Connected: Securing Your WordPress WebsiteStaying Connected: Securing Your WordPress Website
Staying Connected: Securing Your WordPress Website
 
Secure wordpress
Secure wordpressSecure wordpress
Secure wordpress
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
Word press security checklist
Word press security checklistWord press security checklist
Word press security checklist
 
Care and feeding of your website
Care and feeding of your websiteCare and feeding of your website
Care and feeding of your website
 
WordPress Security Guide
WordPress Security GuideWordPress Security Guide
WordPress Security Guide
 
How to create a website in wordpress
How to create a website in wordpressHow to create a website in wordpress
How to create a website in wordpress
 
Using Wireframes
Using WireframesUsing Wireframes
Using Wireframes
 
Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012Top Ten WordPress Security Tips for 2012
Top Ten WordPress Security Tips for 2012
 
Word press security 101 2018
Word press security 101 2018 Word press security 101 2018
Word press security 101 2018
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and Security
 
Managed WordPress Demystified
Managed WordPress DemystifiedManaged WordPress Demystified
Managed WordPress Demystified
 
Self vs Managed WordPress Hosting : An In-Depth Comparison [2023]
Self vs Managed WordPress Hosting : An In-Depth Comparison [2023]Self vs Managed WordPress Hosting : An In-Depth Comparison [2023]
Self vs Managed WordPress Hosting : An In-Depth Comparison [2023]
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
 
Basic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedBasic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website Started
 
XP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applicationsXP Days 2019: First secret delivery for modern cloud-native applications
XP Days 2019: First secret delivery for modern cloud-native applications
 
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
The WordPress Hosting experience - Bought cheaply and paid dearly? - Jan Löf...
 
Introduction to WordPress Security
Introduction to WordPress SecurityIntroduction to WordPress Security
Introduction to WordPress Security
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101
 

Recently uploaded

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Recently uploaded (20)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

Why WordPress Works

  • 1. Hi, I’m Bekee Gibson! 🙋 Director of CMS at Earthling Interactive • Developer, Team Lead, Project Manager for 6y • Madison WordPress Meetup Organizer for 3y • Technerd from wayback Some things I enjoy away from the computer: 🥘 Fooding 🧶 Knitting, a lot ☢ Fallout 4
  • 2. What is WordPress? WordPress is a Content Management System. It is much more than a blogging platform. It’s Open Source, easy to use, and can be customized to fit your needs, the needs of your staff, and, most importantly, your customers.
  • 3. Why is WordPress a target? 🎯 All websites on the internet are vulnerable to hacking attempts, so why does WordPress get a bad rap? WordPress runs 64% of all CMS sites, or 38% of all websites on the Internet. Those odds are pretty good if your goal is to harvest passwords.
  • 4. Why WordPress Fails No, you’re not at the wrong presentation. 🤓 🤓🤓 🤓🤓🤓 🤓🤓🤓🤓
  • 5. Why WordPress Fails ● Insecure Hosting ● Weak Passwords ● Users and admin access ● Default setup and configuration ● Core out of date ● Plugins & Themes ○ Out of date ○ Out of development ○ Out of service These all have a common element: A Human Choice
  • 6. WordPress works when you work with it Fundamentally, security is not about perfectly secure systems. Such a thing might well be impractical, or impossible to find and/or maintain. What security is though is risk reduction, not risk elimination. It’s about employing all the appropriate controls available to you, within reason, that allow you to improve your overall posture reducing the odds of making yourself a target, subsequently getting hacked. – WordPress Security Codex
  • 7. Why WordPress Works Decide about hosting ● 🤓 Shared ● 🤓🤓 Virtual Private Server (VPS) ● 🤓🤓🤓🤓 Dedicated (On Prem) ● 🤓🤓 Managed
  • 8. Enforce a password policy Why WordPress Works
  • 9. Enforce Two-factor Authorization (2FA) Why WordPress Works
  • 10. Why WordPress Works Users and admin access ● 🤓 Make sure ‘admin’ is not a username ● 🤓 Create second admin user, remove the first ● 🤓 Audit users and their roles SELECT * FROM wp_users WHERE ID=1
  • 11. Why WordPress Works Setup and configuration ● 🤓 Change database table prefix ● 🤓🤓🤓 Obfuscate, hide, or chmod wp-config.php ○ CHMOD 440 wp-config.php ● 🤓🤓 Disable file editing from the Dashboard ○ define('DISALLOW_FILE_EDIT', true); ● 🤓 Serve your site over HTTPS ● 🤓🤓🤓🤓 Use a code repository
  • 12. Why WordPress Works Keep Core updated ● 🤓 Automatic Background Updates ● Update and test ○ 🤓🤓🤓 Local ○ 🤓🤓 Staging
  • 13. Why WordPress Works Know your Plugins & Themes ● Keep them updated ● Check on the status ● Get from trusted sources
  • 14. Why WordPress Works “I’m just a small business with a website, I’m not a target for hackers!” 🏢 vs 🏬 This all sounds like a lot, but you don’t have to do it alone. 🤝
  • 15. Why WordPress Works Et voilà! Questions?