SlideShare a Scribd company logo

WordPress Security

N
Nathan Platt

This document discusses the importance of WordPress security and provides tips to improve security. It notes that WordPress is constantly updated to patch vulnerabilities and urges users to keep their sites updated. It then lists several vulnerabilities in versions before 4.8.2 and explains how hackers can exploit known issues. The document advocates using security plugins, restricting file permissions, changing passwords, and other measures to protect sites. It stresses that while perfect security is impossible, keeping WordPress updated is essential for mitigating risks.

Technology
1 of 17
WordPress Security and Why its so important!
It’s mostly our fault!
Lets Talk about Versions • WordPress is constantly evolving and patches are released from WordPress to keep your site safe • Let me ask • What Version WordPress do you have?
9 Signs you’re hacked!
Before WordPress 4.8.2 • Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. • Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user- edit.php. • Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. • Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. • There are over 250 known issues that can give hackers access • https://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/
How do we know about these issues • They are published online freely available to all… see the changelog • A Changelog will show everyone, everything they have fixed. • This means a hacker just has to wait for the latest patch, look at the change log and review all the issues in the previous versions • Then they test these on your WordPress site, assuming that you haven’t updated it.
You’re never be Perfectly safe… however • Exploits are found all the time by hackers • Whitehats inform the developers and they fit them • Blackhats keep it to themselves and use it for their own purposes • So keeping up to date is essential!
Updating is a PAIN! • Yes updating software can; • Break themes • Stop plugins working • Takes your site down • Corrupts files • The list goes on
Simple ways to mitigate… • Install a security plugin… • WordFence is my recommendation – Just use the free one and it’ll immediately help • Secure the folders • Do you need the wp-admin folder readable • What about the other files, will you ever change the wp-config file • Are you using secure passwords for your database • Use your .htaccess file • You can deny all IP addresses bar ones you use from the wp-admin area of the site.
User Permissions • Are you giving every the user the right permission? • Do they all need admin, or is editor okay? • When did you last check the users in your wordpress and remove the old ones?
Change the admin Username • When you install wordpress we all like to use Admin as the main user, but leaving as this user makes it easier for a brute force • Create a new user and delete the old one. • Tips for good usernames and passwords • Username – Random characters, not using common names like david but try something more like; • B105_GHZA! • Make your passwords similar! Lots of different characters and numbers, special characters are useful, such as !£%^ to substitute numbers.
Disable File editing • Add this to your wp-config.php file • //Disallow file edit • Define ( ‘DISALLOW_FILE_EDIT’, true ): • This takes away the ability to edit files from the WordPress admin area, meaning if your login is compromised they can’t add code to your files.
Don’t let people upload .php files • This one is an easy way to hack a site! • Using your .htaccess file add this • <Files *.php> • deny from all • </Files>
Password Protect your WP-ADMIN folder • Simpler than you think! • From your hosting area just setup the wp-admin area with a username and password • This means you have to login twice and its seriously hampers user login attempts.
Wow that’s a lot! • Yes that’s loads of work but good news there are plenty of plugins that will do this for you and save you a lot of time. • WordFence • Sucuri Scanner • BulletProof Security • And hundreds more

Recommended

Installing WordPress The Right Way
Installing WordPress The Right WayInstalling WordPress The Right Way
Installing WordPress The Right WayChris Burgess
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server SecurityPeter Baylies
 
Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkManaging Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkWilliam Earnhardt
 
Let’s write a plugin
Let’s write a pluginLet’s write a plugin
Let’s write a pluginBrian Layman
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Brian Layman
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security BasicsRyan Plas
 

Recommended

Installing WordPress The Right Way
Installing WordPress The Right WayInstalling WordPress The Right Way
Installing WordPress The Right WayChris Burgess
 
WordPress Server Security
WordPress Server SecurityWordPress Server Security
WordPress Server SecurityPeter Baylies
 
Managing Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkManaging Multisite: Lessons from a Large Network
Managing Multisite: Lessons from a Large NetworkWilliam Earnhardt
 
Let’s write a plugin
Let’s write a pluginLet’s write a plugin
Let’s write a pluginBrian Layman
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Brian Layman
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
WordPress Security Basics
WordPress Security BasicsWordPress Security Basics
WordPress Security BasicsRyan Plas
 
WordPress Fav Plugins & Security
WordPress Fav Plugins & SecurityWordPress Fav Plugins & Security
WordPress Fav Plugins & SecurityThe Toolbox, Inc.
 
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clients
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your ClientsWhy Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clients
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clientsryanduff
 
The Basics of WordPress
The Basics of WordPressThe Basics of WordPress
The Basics of WordPressThom Allen
 
WordCamp Boston WordPress plugins-8-2014
WordCamp Boston WordPress plugins-8-2014WordCamp Boston WordPress plugins-8-2014
WordCamp Boston WordPress plugins-8-2014The Toolbox, Inc.
 
WordPress Intermediate Workshop
WordPress Intermediate WorkshopWordPress Intermediate Workshop
WordPress Intermediate WorkshopThe Toolbox, Inc.
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress TroubleshootingTiffany Bridge
 
Introduction To WordPress
Introduction To WordPressIntroduction To WordPress
Introduction To WordPressCraig Bailey
 
WordPress Basics
WordPress BasicsWordPress Basics
WordPress BasicsKyrie Tompkins
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site MuhammadUsaid2
 
Wordpress For Begineer
Wordpress For BegineerWordpress For Begineer
Wordpress For BegineerBinita Neupane
 
WordCamp KC WordPress Basics
WordCamp KC WordPress BasicsWordCamp KC WordPress Basics
WordCamp KC WordPress BasicsJim Grant
 
WordPress Webinar Training Presentation
WordPress Webinar Training PresentationWordPress Webinar Training Presentation
WordPress Webinar Training PresentationMayeCreate Design
 
WordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The WildWordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The Wildrebelpixel
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The WildWord Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wildrebelpixel
 
Getting started with WordPress development
Getting started with WordPress developmentGetting started with WordPress development
Getting started with WordPress developmentSteve Mortiboy
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignJudy Wilson
 
WordPress Themes Demystified
WordPress Themes DemystifiedWordPress Themes Demystified
WordPress Themes DemystifiedChris Burgess
 
WordPress Website Creation Training Course Slides
WordPress Website Creation Training Course SlidesWordPress Website Creation Training Course Slides
WordPress Website Creation Training Course SlidesEquinet Academy
 
Wordpress plugin
Wordpress pluginWordpress plugin
Wordpress pluginHarmanpreet Singh
 
Introduction to WordPress
Introduction to WordPressIntroduction to WordPress
Introduction to WordPressEunus Hosen
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best PracticesZero Point Development
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 

More Related Content

What's hot

WordPress Fav Plugins & Security
WordPress Fav Plugins & SecurityWordPress Fav Plugins & Security
WordPress Fav Plugins & SecurityThe Toolbox, Inc.
 
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clients
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your ClientsWhy Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clients
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clientsryanduff
 
The Basics of WordPress
The Basics of WordPressThe Basics of WordPress
The Basics of WordPressThom Allen
 
WordCamp Boston WordPress plugins-8-2014
WordCamp Boston WordPress plugins-8-2014WordCamp Boston WordPress plugins-8-2014
WordCamp Boston WordPress plugins-8-2014The Toolbox, Inc.
 
WordPress Intermediate Workshop
WordPress Intermediate WorkshopWordPress Intermediate Workshop
WordPress Intermediate WorkshopThe Toolbox, Inc.
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress TroubleshootingTiffany Bridge
 
Introduction To WordPress
Introduction To WordPressIntroduction To WordPress
Introduction To WordPressCraig Bailey
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site MuhammadUsaid2
 
Wordpress For Begineer
Wordpress For BegineerWordpress For Begineer
Wordpress For BegineerBinita Neupane
 
WordCamp KC WordPress Basics
WordCamp KC WordPress BasicsWordCamp KC WordPress Basics
WordCamp KC WordPress BasicsJim Grant
 
WordPress Webinar Training Presentation
WordPress Webinar Training PresentationWordPress Webinar Training Presentation
WordPress Webinar Training PresentationMayeCreate Design
 
WordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The WildWordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The Wildrebelpixel
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The WildWord Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wildrebelpixel
 
Getting started with WordPress development
Getting started with WordPress developmentGetting started with WordPress development
Getting started with WordPress developmentSteve Mortiboy
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignJudy Wilson
 
WordPress Themes Demystified
WordPress Themes DemystifiedWordPress Themes Demystified
WordPress Themes DemystifiedChris Burgess
 
WordPress Website Creation Training Course Slides
WordPress Website Creation Training Course SlidesWordPress Website Creation Training Course Slides
WordPress Website Creation Training Course SlidesEquinet Academy
 
Introduction to WordPress
Introduction to WordPressIntroduction to WordPress
Introduction to WordPressEunus Hosen
 

What's hot (20)

WordPress Fav Plugins & Security
WordPress Fav Plugins & SecurityWordPress Fav Plugins & Security
WordPress Fav Plugins & Security
 
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clients
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your ClientsWhy Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clients
Why Switching To WordPress 3.0 Is The Best Thing You Can Do For Your Clients
 
The Basics of WordPress
The Basics of WordPressThe Basics of WordPress
The Basics of WordPress
 
WordCamp Boston WordPress plugins-8-2014
WordCamp Boston WordPress plugins-8-2014WordCamp Boston WordPress plugins-8-2014
WordCamp Boston WordPress plugins-8-2014
 
WordPress Intermediate Workshop
WordPress Intermediate WorkshopWordPress Intermediate Workshop
WordPress Intermediate Workshop
 
Emergency WordPress Troubleshooting
Emergency WordPress TroubleshootingEmergency WordPress Troubleshooting
Emergency WordPress Troubleshooting
 
Introduction To WordPress
Introduction To WordPressIntroduction To WordPress
Introduction To WordPress
 
WordPress Basics
WordPress BasicsWordPress Basics
WordPress Basics
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site
 
Wordpress For Begineer
Wordpress For BegineerWordpress For Begineer
Wordpress For Begineer
 
WordCamp KC WordPress Basics
WordCamp KC WordPress BasicsWordCamp KC WordPress Basics
WordCamp KC WordPress Basics
 
WordPress Webinar Training Presentation
WordPress Webinar Training PresentationWordPress Webinar Training Presentation
WordPress Webinar Training Presentation
 
WordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The WildWordCamp Philippines 2009: WordPress In The Wild
WordCamp Philippines 2009: WordPress In The Wild
 
Word Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The WildWord Camp Ph 2009 Word Press In The Wild
Word Camp Ph 2009 Word Press In The Wild
 
Getting started with WordPress development
Getting started with WordPress developmentGetting started with WordPress development
Getting started with WordPress development
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web Design
 
WordPress Themes Demystified
WordPress Themes DemystifiedWordPress Themes Demystified
WordPress Themes Demystified
 
WordPress Website Creation Training Course Slides
WordPress Website Creation Training Course SlidesWordPress Website Creation Training Course Slides
WordPress Website Creation Training Course Slides
 
Wordpress plugin
Wordpress pluginWordpress plugin
Wordpress plugin
 
Introduction to WordPress
Introduction to WordPressIntroduction to WordPress
Introduction to WordPress
 

Similar to WordPress Security

Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
WordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateWordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateZero Point Development
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and SecurityThink Media Inc.
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleKayleigh Thorpe
 
WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 stk_jj
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security EssentialsAngela Bowman
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
WordPress Security & Backup
WordPress Security & Backup WordPress Security & Backup
WordPress Security & Backup Randy Barnes
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best PracticesRobert Vidal
 
From WordPress With Love
From WordPress With LoveFrom WordPress With Love
From WordPress With LoveUp2 Technology
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
Basics for Securing WordPress
Basics for Securing WordPressBasics for Securing WordPress
Basics for Securing WordPressmiss604
 
Word press as your company website
Word press as your company websiteWord press as your company website
Word press as your company websiteKelli Wise
 
Best Practices for Building WordPress Applications
Best Practices for Building WordPress ApplicationsBest Practices for Building WordPress Applications
Best Practices for Building WordPress ApplicationsTaylor Lovett
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Brad Williams
 
WordPress Customization and Security
WordPress Customization and SecurityWordPress Customization and Security
WordPress Customization and SecurityJoe Casabona
 

Similar to WordPress Security (20)

WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
WordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateWordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 Update
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and Security
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
 
WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
WordPress Security & Backup
WordPress Security & Backup WordPress Security & Backup
WordPress Security & Backup
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
Ithemes presentation
Ithemes presentationIthemes presentation
Ithemes presentation
 
From WordPress With Love
From WordPress With LoveFrom WordPress With Love
From WordPress With Love
 
I Have My WordPress Site Now What?
I Have My WordPress Site Now What?I Have My WordPress Site Now What?
I Have My WordPress Site Now What?
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites
 
Basics for Securing WordPress
Basics for Securing WordPressBasics for Securing WordPress
Basics for Securing WordPress
 
Word press as your company website
Word press as your company websiteWord press as your company website
Word press as your company website
 
Best Practices for Building WordPress Applications
Best Practices for Building WordPress ApplicationsBest Practices for Building WordPress Applications
Best Practices for Building WordPress Applications
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010
 
WordPress Customization and Security
WordPress Customization and SecurityWordPress Customization and Security
WordPress Customization and Security
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 

WordPress Security

  • 1. WordPress Security and Why its so important!
  • 3.
  • 4. Lets Talk about Versions • WordPress is constantly evolving and patches are released from WordPress to keep your site safe • Let me ask • What Version WordPress do you have?
  • 6.
  • 7. Before WordPress 4.8.2 • Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. • Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user- edit.php. • Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. • Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. • There are over 250 known issues that can give hackers access • https://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/
  • 8. How do we know about these issues • They are published online freely available to all… see the changelog • A Changelog will show everyone, everything they have fixed. • This means a hacker just has to wait for the latest patch, look at the change log and review all the issues in the previous versions • Then they test these on your WordPress site, assuming that you haven’t updated it.
  • 9. You’re never be Perfectly safe… however • Exploits are found all the time by hackers • Whitehats inform the developers and they fit them • Blackhats keep it to themselves and use it for their own purposes • So keeping up to date is essential!
  • 10. Updating is a PAIN! • Yes updating software can; • Break themes • Stop plugins working • Takes your site down • Corrupts files • The list goes on
  • 11. Simple ways to mitigate… • Install a security plugin… • WordFence is my recommendation – Just use the free one and it’ll immediately help • Secure the folders • Do you need the wp-admin folder readable • What about the other files, will you ever change the wp-config file • Are you using secure passwords for your database • Use your .htaccess file • You can deny all IP addresses bar ones you use from the wp-admin area of the site.
  • 12. User Permissions • Are you giving every the user the right permission? • Do they all need admin, or is editor okay? • When did you last check the users in your wordpress and remove the old ones?
  • 13. Change the admin Username • When you install wordpress we all like to use Admin as the main user, but leaving as this user makes it easier for a brute force • Create a new user and delete the old one. • Tips for good usernames and passwords • Username – Random characters, not using common names like david but try something more like; • B105_GHZA! • Make your passwords similar! Lots of different characters and numbers, special characters are useful, such as !£%^ to substitute numbers.
  • 14. Disable File editing • Add this to your wp-config.php file • //Disallow file edit • Define ( ‘DISALLOW_FILE_EDIT’, true ): • This takes away the ability to edit files from the WordPress admin area, meaning if your login is compromised they can’t add code to your files.
  • 15. Don’t let people upload .php files • This one is an easy way to hack a site! • Using your .htaccess file add this • <Files *.php> • deny from all • </Files>
  • 16. Password Protect your WP-ADMIN folder • Simpler than you think! • From your hosting area just setup the wp-admin area with a username and password • This means you have to login twice and its seriously hampers user login attempts.
  • 17. Wow that’s a lot! • Yes that’s loads of work but good news there are plenty of plugins that will do this for you and save you a lot of time. • WordFence • Sucuri Scanner • BulletProof Security • And hundreds more