8 Ways to Hack a WordPress website

174,898 views

Published on

Presented by Daniel Kanchev

Published in: Technology, Business
2 Comments
32 Likes
Statistics
Notes
  • Njce! Thanks for sharing.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • need a hacker for hire for all of your ethical hacks,school upgrade,money transfer,blank a.t.m's,clear your credit scores.look no further than zlamir zhirkov at thewhitehackdemon@gmail.com or text him on +1(8283677582).He's a guaranteed job well done and he's got evidence for you as well.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
174,898
On SlideShare
0
From Embeds
0
Number of Embeds
10,397
Actions
Shares
0
Downloads
2,240
Comments
2
Likes
32
Embeds 0
No embeds

No notes for slide

8 Ways to Hack a WordPress website

  1. 1. 8 WAYS TO HACK A WORDPRESS SITE WordCamp Porto 2013 Daniel Kanchev
  2. 2. Before We Begin… • 7+ Years of WordPress experience • 5 years with SiteGround • Love FOSS • Addicted to extreme and not so secure sports
  3. 3. Why should YOU care?
  4. 4. 1. OUTDATED WORDPRESS CORE
  5. 5. 1. OUTDATED WORDPRESS CORE • WP 3.7.1 - MAINTENANCE RELEASE • WP 3.6.1 - SECURITY RELEASE • WP 3.5.2 - SECURITY RELEASE • WP 3.5.1 - SECURITY RELEASE • WP 3.4.2 - SECURITY RELEASE • WP 3.4.1 - SECURITY RELEASE • WP 3.3.3 - SECURITY RELEASE • WP 3.3.2 - SECURITY RELEASE • WP 3.3.1 - SECURITY RELEASE • WP 3.2.1 - MAINTENANCE RELEASE
  6. 6. 1. OUTDATED WORDPRESS CORE • WP 3.7.1 - MAINTENANCE RELEASE • WP 3.6.1 - SECURITY RELEASE • WP 3.5.2 - SECURITY RELEASE • WP 3.5.1 - SECURITY RELEASE • WP 3.4.2 - SECURITY RELEASE • WP 3.4.1 - SECURITY RELEASE • WP 3.3.3 - SECURITY RELEASE • WP 3.3.2 - SECURITY RELEASE • WP 3.3.1 - SECURITY RELEASE • WP 3.2.1 - MAINTENANCE RELEASE 80%
  7. 7. UPDATE, UPDATE, UPDATE!
  8. 8. 2. OUTDATED PLUGINS/THEMES
  9. 9. WP PLUGINS SECURITY STATE “Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection” http://www.checkmarx.com/wp-content/uploads/2013/06/The-Security-State-of-WordPressTop-50-Plugins.pdf
  10. 10. NOTABLE EXAMPLES • timthumb.php Security Vulnerability
 • W3 Total Cache Vulnerability
  11. 11. LIVE DEMONSTRATION
  12. 12. 3. UPDATED BUT STILL VULNERABLE
  13. 13. FREE THEMES/PLUGINS ?! “8 out of 10 sites included base64 encoding in their themes.” Siobhan McKeown
  14. 14. TRUSTED DEVELOPERS
  15. 15. USE WAF
  16. 16. 4. WEAK LOGIN DETAILS
  17. 17. Do you log in with username “admin” ?
  18. 18. KEEP
 CALM AND LET ME SHOW YOU WHY
  19. 19. CHANGE THE ADMIN USER UPDATE wp_users SET user_login = ‘Yourname+_admin’ where user_login = ‘admin’;
  20. 20. STRONG PASSWORDS Use a whole sentence or a favourite quote: Comedy is acting out optimism!
  21. 21. 5. MALWARE
  22. 22. SECURE YOUR COMPUTERS • Keep your OS and all programs updated • Install Anti-Virus software • Use personal firewalls • Open • Use sites via HTTPS whenever possible SSH or SFTP instead of FTP
  23. 23. 6. VULNERABLE SERVER SOFTWARE
  24. 24. WATCHA TALKIN ABOUT
  25. 25. SOME EXAMPLES • PHP-CGI Vulnerability - versions before 5.3.12/5.4.2 • MySQL/MariaDB Vulnerability - versions before 5.5.25 • Apache range header DoS - versions before 2.2.20
  26. 26. • Update server software • Follow security bulletins • Hire professional sysadmins
  27. 27. 7. INCORRECTLY CONFIGURED SERVER
  28. 28. APACHE SYMLINK VULNERABILITY The Problem: public_html/fred.txt —> /home/otheracct/public_html/wp-config.php The Solution: Add to httpd.conf or .htaccess file: SymLinksIfOwnerMatch
  29. 29. • Find a good host • Hire professional sysadmins
  30. 30. 8. WRONG PERMISSIONS + ISOLATION
  31. 31. THE CORRECT PERMISSIONS Folders: 755 • Files: 644 • wp-config.php: 444 •
  32. 32. SSH COMMAND TO CORRECT PERMISSIONS • find /wordpress -type d -exec chmod 755 {} ; ! ! • find /wordpress -type f -exec chmod 644 {} ;
  33. 33. GENERAL GUIDELINES • Use Secret Keys - http://api.wordpress.org/secret- key/1.1/salt • Move • Use wp-config.php to parent folder SSL for wp-login.php • Allow admin access only from certain IPs
  34. 34. QUESTIONS ?
  35. 35. THANK YOU! Daniel Kanchev
 @dvkanchev daniel.k@siteground.com
  36. 36. http://slideshare.net/siteground
  37. 37. REFERENCES • http://blog.sucuri.net/2013/05/from-a-site-compromise-to-fullroot-access-symlinks-to-root-part-i.html • http://httpd.apache.org/security/CVE-2011-3192.txt • http://thehackernews.com/2012/06/cve-2012-2122-seriousmysql.html • http://blog.spiderlabs.com/2012/05/php-cgi-exploitation-byexample.html • http://www.checkmarx.com/wp-content/uploads/2013/06/TheSecurity-State-of-WordPress-Top-50-Plugins.pdf

×