Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WordPress.org & Optimizing Security for your WordPress sites

11,342 views

Published on

Andrew Nacin, Lead Developer of WordPress.org, will provide a brief overview and take questions about WordPress's security, its core software and how WordPress approaches development.

Published in: Technology, Business
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m77EgH } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... Download Full doc Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... Download PDF EBOOK here { http://bit.ly/2m77EgH } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

WordPress.org & Optimizing Security for your WordPress sites

  1. 1. WordPress as an Open Source Project (and Security)
  2. 2. • Andrew Nacin • Lead Developer for WordPress • Washington, D.C. • Work for WP founder Matt Mullenweg (Don't work for Automattic or WP.com) • Full time on WordPress (the project) and WordPress.org (the site) • WordPress Security Team
  3. 3. A bit about WordPress releases • You're not adopting WordPress 3.5 • You're not adopting WordPress 3 • You're adopting WordPress
  4. 4. current WordPress version 3.5.1
  5. 5. current WordPress version 3.5.1MAJOR RELEASE MINOR RELEASE
  6. 6. These are major releases • WordPress 2.8, 2.9, 3.0, 3.1, 3.2 • New features, enhancements, and bug fixes • Every 4-6 months These are minor releases • WordPress 3.4.1, 3.4.2, 3.5.1 • Major bug fixes, sometimes security fixes • As needed
  7. 7. Our philosophies are important wordpress.org/about/philosophy
  8. 8. Backwards compatibility • This is our commitment to users • Code that works on WordPress now should always work on WordPress • Update to minor releases immediately • If you must, wait for the .1 for major releases • (But you shouldn't need to wait) • Don't skip releases: There is no need to
  9. 9. How to justify this in government • We don't have LTS (long term support) releases (no demand for it) • Semantic versioning dictates that a major release is one that breaks compatibility • Since we don't do that, government could think of it as a minor release. Just upgrade :-)
  10. 10. Very basic* crash course in WordPress security * sysadmins may be bored
  11. 11. Keep everything updated • Keep WordPress core updated – Consider following all changes to the 3.5 branch, not just final releases 3.5.1, 3.5.2, etc. • Keep plugins and themes updated • (or if necessary, backport security fixes) • No, seriously • Consider a security audit by WordPress experts (e.g. Automattic)
  12. 12. Prevent file changes in the admin • Prevent upgrade of plugins, themes, core • You should be using version control anyway (Subversion or Git) • In wp-config.php: define('DISALLOW_FILE_MODS', true);
  13. 13. Locking down access • In wp-config.php, force SSL: define('FORCE_SSL_ADMIN', true); • If necessary, lock down wp-login.php and wp-admin: – Restrict it to your VPN or proxy – Restrict it using HTTP Basic Authentication – Restrict it to your office IP addresses
  14. 14. Report potential security vulnerabilities to: security@wordpress.org
  15. 15. Report potential security vulnerabilities in plugins to: plugins@wordpress.org
  16. 16. The WordPress security team • 25 experts including lead developers and security researchers – About half are employees of Automattic – A number work in the web security field • We consult with well-known and trusted security researchers and hosting companies
  17. 17. Our (fairly standard) security process • Receive and acknowledge the report • Work to confirm the report and its severity • Plan and develop an initial patch • All of this happens within 48-72 hours
  18. 18. • nacin@wordpress.org • security@wordpress.org • Questions?

×