SlideShare ist ein Scribd-Unternehmen logo

Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012

WordCamp Sydney
WordCamp Sydney

Vlad Las

TechnologieBusiness
1 von 25
Downloaden Sie, um offline zu lesen
Securing Your WordPress Website Vladimir Lasky http://wpexpert.com.au/ WordCamp Sydney 2012 1
What’s New In Today’s Talk? 1. The biggest security threats of 2012 and how to deal with them 2. An updated list of essential WordPress hardening steps for EVERY site 3. New WordPress management services that make your life easier 2
Big Events in Internet Security This Year 1. Yahoo, LinkedIn, eHarmony all experienced security incidents that resulted in users’ passwords/hashes being published 2. Lots of exploits targeting code using vulnerable PHP libraries including TimThumb and Uploadify 3. Wi-Fi Protected Setup (WPS) vulnerability in Wireless Routers revealed in December 2011 3
4
5
Lessons From Password Disclosure Incidents 1. You cannot assume any website will properly secure their databases. 2. Plenty of computational power exists for brute-force password cracking of password hashes – spare no effort to prevent these from being leaked. 3. People who reuse the same password across different sites are asking to get “p0wned” and become targets for identity theft. 4. Having a unique, secure password for every Internet account is mandatory. 6
Wi-Fi Protected Setup Wi- 7
Lessons from WPS Vulnerability 1. The WPS exploit provides a backdoor to wireless routers secured with WPA2 2. Technologies that overcome security burdens often introduce security holes 3. Disable WPS in every Wi-Fi Router that you control. In some cases, this will require a firmware upgrade or possibly even replacing the router 8
Example PHP Exploit Attempt 9
Lessons from PHP Exploits 1. Many programmers are lazy or ignorant of proper data validation practices 2. Obtaining plugins and themes from official sources reduces risk, but does not guaratee security 3. Application firewalls are a NECESSITY 10
Essential Steps to Harden Your WP Installation 11
Install WP Firewall 2 This plugin analyses HTTP requests and checks for suspicious parameters that indicate PHP or SQL injection attempts It will protect you against the majority of zero- day exploits Set the configuration option ‘Suppress similar attack warning emails’ to ‘On’, to prevent being deluged with identical warnings. 12
Rename Your Admin Account 1. Use the plugin ‘Admin Renamer Extended’ to rename the ‘admin’ account to something unique. 2. From the WP Dashboard, go to Users->Your Profile. For the option set ‘Display Name Publicly as’, choose something that is not the same as your admin account name 13
Change the Default MySQL Table Prefix 1. The WordPress default MySQL table prefix is ‘wp_’. 2. By renaming this to something else, ie. ‘tb132_’ we can foil the majority of blind SQL injection attempts 3. For an existing site, use the plugin “WordPress Table Rename” to make this easier. 14
Prevent Plaintext Password Transmission – Best Option 1. Have your site hosted with a provider that supports HTTPS and provides either: – Their own Shared SSL Certificate – The ability to install your own – The ability to obtain one for you and install it (usually for a fee) 2. Install the plugin “WP HTTPS (SSL)” and enable the option “Force SSL Administration”. 3. This will prevent your password and session cookies from being sniffed (captured) over the Network 15
Prevent Plaintext Password Transmission – Next Best 1. If you can’t use HTTPS, then install the plugin “Semisecure Login Reimagined”. 2. This uses Javascript to encrypt your password before sending it to the server 3. Make sure you logout from WordPress to prevent network eavedroppers from sniffing (capturing) and re-using your session key. 16
Prevent Brute-Force Login Attempts Brute- Install one of the following plugins: 1. Login Security Solution – Slows down response time of your website after multiple failed attempts – Prevents users from choosing weak passwords and 2. Limit Login Attempts – Locks out accounts for a set time period after multiple failed attempts 17
Install WP File Monitor Plus This plugin monitors files under your WP installation for changes. When a change is detected, it displays a dashboard alert and can also send an email As an administrator, you can view the list of changes and spot anything unexpected or unusual 18
Essential Security Habits 19
Regularly Update Your Site, Plugins and Themes The last talk stressed the importance of performing regular updates to WordPress, themes and plugins and performing regular remotely-initiated backups Several WordPress management services now exist to simply and speed up these steps: – ManageWP (hosted) – InfiniteWP (self-hosted) – WP Remote (hosted) – Worpit (hosted) 20
Accessing Your Site From Untrusted PCs Two-Factor authentication is mandatory This is a combination of a password and a random number from a key fob, SMS message or a mobile phone app that you obtain each time you log in WordPress Two-Factor plugins include: 1. Second Factor 2. Google Authenticator 3. Duo Two-Factor Authentication 21
Accessing Your Site From Untrusted Networks 1. If you can, use your smart phone or laptop PC equipped with 3G, 4G or GPRS Mobile Internet 2. If you are forced to use a public WiFi access point or LAN, ensure that any sites requiring authentication are accessed via their HTTPS (secure) link. 22
Choosing a Password Twelve characters long as a minimum, but not a dictionary word Common number/letter substitutions provide little extra security – cracking tools almost always check for these 23
Password Memorisation Techniques 1. Come up with a memorable sentence, and use the first letters of each word to form the password e.g. – “Jack and Jill went up the hill to fetch a pale of water” could form a 13-character password “JaJwuthtfapow” 2. Three unrelated unconnected dictionary words one after the other, misspelt a certain way known to you On your own trusted PC, consider using an encrypted password manager like KeePass 24
Conclusion Slides from Previous Talk at Wordcamp GC 2011: – http://slidesha.re/tr2XA5 – Covers the “Three Pillars of Security”, the aims of attackers and other WordPress security plugins ManageWP - 30% discount on all plans for WordCamp Sydney Attendees: – http://managewp.com/wcsyd Questions and Comments: – http://wpexpert.com.au/contact-us/ 25

Empfohlen

Security-Web Vulnerabilities-Browser Attacks
Security-Web Vulnerabilities-Browser AttacksSecurity-Web Vulnerabilities-Browser Attacks
Security-Web Vulnerabilities-Browser AttacksRaghu Addanki
 
Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017vdrover
 
Locking down word press
Locking down word pressLocking down word press
Locking down word pressZachary Russell
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3F-Secure Corporation
 
Red team upgrades using sccm for malware deployment
Red team upgrades using sccm for malware deploymentRed team upgrades using sccm for malware deployment
Red team upgrades using sccm for malware deploymentenigma0x3
 
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSHOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSElsner Technologies Pvt Ltd
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeF-Secure Corporation
 
Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2F-Secure Corporation
 

Empfohlen

Security-Web Vulnerabilities-Browser Attacks
Security-Web Vulnerabilities-Browser AttacksSecurity-Web Vulnerabilities-Browser Attacks
Security-Web Vulnerabilities-Browser AttacksRaghu Addanki
 
Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017vdrover
 
Locking down word press
Locking down word pressLocking down word press
Locking down word pressZachary Russell
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3F-Secure Corporation
 
Red team upgrades using sccm for malware deployment
Red team upgrades using sccm for malware deploymentRed team upgrades using sccm for malware deployment
Red team upgrades using sccm for malware deploymentenigma0x3
 
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSHOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERS
HOW TO PROTECT YOUR WORDPRESS WEBSITE FROM HACKERSElsner Technologies Pvt Ltd
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeF-Secure Corporation
 
Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2F-Secure Corporation
 
WordPress Security Essential Tips & Tricks
WordPress Security Essential Tips & TricksWordPress Security Essential Tips & Tricks
WordPress Security Essential Tips & TricksFaraz Ahmed
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptCyber Security Alliance
 
12 Crucial Windows Security Skills for 2018
12 Crucial Windows Security Skills for 201812 Crucial Windows Security Skills for 2018
12 Crucial Windows Security Skills for 2018Paula Januszkiewicz
 
Next-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway ProtectionNext-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway ProtectionQuick Heal Technologies Ltd.
 
Wp security presentation
Wp security presentationWp security presentation
Wp security presentationNik Cree
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemEditor IJCATR
 
12 Crucial Windows Security Skills for 2017
12 Crucial Windows Security Skills for 201712 Crucial Windows Security Skills for 2017
12 Crucial Windows Security Skills for 2017Paula Januszkiewicz
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database ServerFahri Firdausillah
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITEAcodez IT Solutions
 
WordPress Security
WordPress Security WordPress Security
WordPress Security Christina Hawkins
 
Protect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes SecurityProtect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes SecurityRed8 Interactive
 
RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...
RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...
RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...Paula Januszkiewicz
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...Paula Januszkiewicz
 
WordPress Security 2018
WordPress Security 2018WordPress Security 2018
WordPress Security 2018Adrian Mikeliunas
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressChelsea O'Brien
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
10 security enhancements
10 security enhancements10 security enhancements
10 security enhancementsVishal Gurujuwada
 
Wordpress security
Wordpress securityWordpress security
Wordpress securityjhon wilson
 
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...Dsunte Wilson
 
The Windows Password Policy is Not Enough
The Windows Password Policy is Not EnoughThe Windows Password Policy is Not Enough
The Windows Password Policy is Not EnoughnFront Security
 
Evaluating Sources of Information
Evaluating Sources of Information Evaluating Sources of Information
Evaluating Sources of Information stanhopekris
 
Responsive WordPress - Jordan Gillman - WordCamp Sydney 2012
Responsive WordPress - Jordan Gillman - WordCamp Sydney 2012Responsive WordPress - Jordan Gillman - WordCamp Sydney 2012
Responsive WordPress - Jordan Gillman - WordCamp Sydney 2012WordCamp Sydney
 

Weitere ähnliche Inhalte

Was ist angesagt?

WordPress Security Essential Tips & Tricks
WordPress Security Essential Tips & TricksWordPress Security Essential Tips & Tricks
WordPress Security Essential Tips & TricksFaraz Ahmed
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptCyber Security Alliance
 
12 Crucial Windows Security Skills for 2018
12 Crucial Windows Security Skills for 201812 Crucial Windows Security Skills for 2018
12 Crucial Windows Security Skills for 2018Paula Januszkiewicz
 
Wp security presentation
Wp security presentationWp security presentation
Wp security presentationNik Cree
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemEditor IJCATR
 
12 Crucial Windows Security Skills for 2017
12 Crucial Windows Security Skills for 201712 Crucial Windows Security Skills for 2017
12 Crucial Windows Security Skills for 2017Paula Januszkiewicz
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITEAcodez IT Solutions
 
Protect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes SecurityProtect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes SecurityRed8 Interactive
 
RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...
RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...
RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...Paula Januszkiewicz
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...Paula Januszkiewicz
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressChelsea O'Brien
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
Wordpress security
Wordpress securityWordpress security
Wordpress securityjhon wilson
 
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...Dsunte Wilson
 
The Windows Password Policy is Not Enough
The Windows Password Policy is Not EnoughThe Windows Password Policy is Not Enough
The Windows Password Policy is Not EnoughnFront Security
 

Was ist angesagt? (20)

WordPress Security Essential Tips & Tricks
WordPress Security Essential Tips & TricksWordPress Security Essential Tips & Tricks
WordPress Security Essential Tips & Tricks
 
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScriptWarning Ahead: SecurityStorms are Brewing in Your JavaScript
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
 
12 Crucial Windows Security Skills for 2018
12 Crucial Windows Security Skills for 201812 Crucial Windows Security Skills for 2018
12 Crucial Windows Security Skills for 2018
 
Next-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway ProtectionNext-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway Protection
 
Wp security presentation
Wp security presentationWp security presentation
Wp security presentation
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer System
 
12 Crucial Windows Security Skills for 2017
12 Crucial Windows Security Skills for 201712 Crucial Windows Security Skills for 2017
12 Crucial Windows Security Skills for 2017
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database Server
 
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
 
WordPress Security
WordPress Security WordPress Security
WordPress Security
 
Protect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes SecurityProtect Your WordPress Website - Setting Up IThemes Security
Protect Your WordPress Website - Setting Up IThemes Security
 
RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...
RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...
RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
 
WordPress Security 2018
WordPress Security 2018WordPress Security 2018
WordPress Security 2018
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your Wordpress
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
10 security enhancements
10 security enhancements10 security enhancements
10 security enhancements
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
 
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
SYMANTEC ENDPOINT PROTECTION Configuring Replication and Failover and Load Ba...
 
The Windows Password Policy is Not Enough
The Windows Password Policy is Not EnoughThe Windows Password Policy is Not Enough
The Windows Password Policy is Not Enough
 

Andere mochten auch

Evaluating Sources of Information
Evaluating Sources of Information Evaluating Sources of Information
Evaluating Sources of Information stanhopekris
 
Responsive WordPress - Jordan Gillman - WordCamp Sydney 2012
Responsive WordPress - Jordan Gillman - WordCamp Sydney 2012Responsive WordPress - Jordan Gillman - WordCamp Sydney 2012
Responsive WordPress - Jordan Gillman - WordCamp Sydney 2012WordCamp Sydney
 
Blog 101 Lo que debes saber antes de comenzar tu blog
Blog 101 Lo que debes saber antes de comenzar tu blog Blog 101 Lo que debes saber antes de comenzar tu blog
Blog 101 Lo que debes saber antes de comenzar tu blog jameslynn
 
Wordcamp Caguas - Anatomía de un Wordpress Theme
Wordcamp Caguas - Anatomía de un Wordpress ThemeWordcamp Caguas - Anatomía de un Wordpress Theme
Wordcamp Caguas - Anatomía de un Wordpress Themejameslynn
 
Como aumentar las visitas a tu blog
Como aumentar las visitas a tu blogComo aumentar las visitas a tu blog
Como aumentar las visitas a tu blogjameslynn
 
Podcasting para ventas y mercadeo
Podcasting para ventas y mercadeoPodcasting para ventas y mercadeo
Podcasting para ventas y mercadeojameslynn
 

Andere mochten auch (7)

Evaluating Sources of Information
Evaluating Sources of Information Evaluating Sources of Information
Evaluating Sources of Information
 
Responsive WordPress - Jordan Gillman - WordCamp Sydney 2012
Responsive WordPress - Jordan Gillman - WordCamp Sydney 2012Responsive WordPress - Jordan Gillman - WordCamp Sydney 2012
Responsive WordPress - Jordan Gillman - WordCamp Sydney 2012
 
Blog 101 Lo que debes saber antes de comenzar tu blog
Blog 101 Lo que debes saber antes de comenzar tu blog Blog 101 Lo que debes saber antes de comenzar tu blog
Blog 101 Lo que debes saber antes de comenzar tu blog
 
Wordcamp Caguas - Anatomía de un Wordpress Theme
Wordcamp Caguas - Anatomía de un Wordpress ThemeWordcamp Caguas - Anatomía de un Wordpress Theme
Wordcamp Caguas - Anatomía de un Wordpress Theme
 
Hrp presentation2
Hrp presentation2Hrp presentation2
Hrp presentation2
 
Como aumentar las visitas a tu blog
Como aumentar las visitas a tu blogComo aumentar las visitas a tu blog
Como aumentar las visitas a tu blog
 
Podcasting para ventas y mercadeo
Podcasting para ventas y mercadeoPodcasting para ventas y mercadeo
Podcasting para ventas y mercadeo
 

Ähnlich wie Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012

The Safest Way To Interact Online
The Safest Way To Interact OnlineThe Safest Way To Interact Online
The Safest Way To Interact Onlinepcsafe
 
Security Function
Security FunctionSecurity Function
Security FunctionSamuel Soon
 
Nsa best practices for keeping your home network secure
Nsa best practices for keeping your home network secureNsa best practices for keeping your home network secure
Nsa best practices for keeping your home network secureFort Rucker FRSA
 
201104 Best Practices For Keeping Your Home Network Secure
201104 Best Practices For Keeping Your Home Network Secure201104 Best Practices For Keeping Your Home Network Secure
201104 Best Practices For Keeping Your Home Network Securermpall
 
NSA Best Practices Datasheets
NSA Best Practices DatasheetsNSA Best Practices Datasheets
NSA Best Practices DatasheetsScientia Groups
 
Best practices datasheets
Best practices datasheetsBest practices datasheets
Best practices datasheetsfrankold
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security PresentationAndrew Paton
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Vlad Lasky
 
Securing Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad LaskySecuring Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad Laskywordcampgc
 
10 server security hacks to secure your web servers
10 server security hacks to secure your web servers10 server security hacks to secure your web servers
10 server security hacks to secure your web serversTemok IT Services
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDStuartJDavidson.com
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security pptCheap SSL Coupon Code
 
6 - Web Application Security.pptx
6 - Web Application Security.pptx6 - Web Application Security.pptx
6 - Web Application Security.pptxAlmaOraevi
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
 
How To Improve WooCommerce Security? Complete Security Checklist for 2023
How To Improve WooCommerce Security? Complete Security Checklist for 2023How To Improve WooCommerce Security? Complete Security Checklist for 2023
How To Improve WooCommerce Security? Complete Security Checklist for 2023BeePlugin
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!Marko Heijnen
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfigurationJiri Danihelka
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 

Ähnlich wie Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012 (20)

The Safest Way To Interact Online
The Safest Way To Interact OnlineThe Safest Way To Interact Online
The Safest Way To Interact Online
 
Security Function
Security FunctionSecurity Function
Security Function
 
Nsa best practices for keeping your home network secure
Nsa best practices for keeping your home network secureNsa best practices for keeping your home network secure
Nsa best practices for keeping your home network secure
 
201104 Best Practices For Keeping Your Home Network Secure
201104 Best Practices For Keeping Your Home Network Secure201104 Best Practices For Keeping Your Home Network Secure
201104 Best Practices For Keeping Your Home Network Secure
 
NSA Best Practices Datasheets
NSA Best Practices DatasheetsNSA Best Practices Datasheets
NSA Best Practices Datasheets
 
Best practices datasheets
Best practices datasheetsBest practices datasheets
Best practices datasheets
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security Presentation
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011
 
Securing Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad LaskySecuring Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad Lasky
 
10 server security hacks to secure your web servers
10 server security hacks to secure your web servers10 server security hacks to secure your web servers
10 server security hacks to secure your web servers
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security ppt
 
6 - Web Application Security.pptx
6 - Web Application Security.pptx6 - Web Application Security.pptx
6 - Web Application Security.pptx
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
 
How To Improve WooCommerce Security? Complete Security Checklist for 2023
How To Improve WooCommerce Security? Complete Security Checklist for 2023How To Improve WooCommerce Security? Complete Security Checklist for 2023
How To Improve WooCommerce Security? Complete Security Checklist for 2023
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
 

Mehr von WordCamp Sydney

How To Get Paid What You’re Worth - Troy Dean - WordCamp Sydney 2012
How To Get Paid What You’re Worth - Troy Dean - WordCamp Sydney 2012How To Get Paid What You’re Worth - Troy Dean - WordCamp Sydney 2012
How To Get Paid What You’re Worth - Troy Dean - WordCamp Sydney 2012WordCamp Sydney
 
Not Just another WordPress Site Design - Phil Peet - WordCamp Sydney 2012
Not Just another WordPress Site Design - Phil Peet - WordCamp Sydney 2012Not Just another WordPress Site Design - Phil Peet - WordCamp Sydney 2012
Not Just another WordPress Site Design - Phil Peet - WordCamp Sydney 2012WordCamp Sydney
 
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012WordCamp Sydney
 
TurboPress: The High Performance Guide to WordPress - Jeff Waugh - WordCamp S...
TurboPress: The High Performance Guide to WordPress - Jeff Waugh - WordCamp S...TurboPress: The High Performance Guide to WordPress - Jeff Waugh - WordCamp S...
TurboPress: The High Performance Guide to WordPress - Jeff Waugh - WordCamp S...WordCamp Sydney
 
Demystifying Custom Post Types and Taxonomies - Tracey Kemp - WordCamp Sydney...
Demystifying Custom Post Types and Taxonomies - Tracey Kemp - WordCamp Sydney...Demystifying Custom Post Types and Taxonomies - Tracey Kemp - WordCamp Sydney...
Demystifying Custom Post Types and Taxonomies - Tracey Kemp - WordCamp Sydney...WordCamp Sydney
 
Child Theming WordPress - Chris Aprea - WordCamp Sydney 2012
Child Theming WordPress - Chris Aprea - WordCamp Sydney 2012Child Theming WordPress - Chris Aprea - WordCamp Sydney 2012
Child Theming WordPress - Chris Aprea - WordCamp Sydney 2012WordCamp Sydney
 
The Power of Your Story Through WordPress and Social Media - Kimanzi Constabl...
The Power of Your Story Through WordPress and Social Media - Kimanzi Constabl...The Power of Your Story Through WordPress and Social Media - Kimanzi Constabl...
The Power of Your Story Through WordPress and Social Media - Kimanzi Constabl...WordCamp Sydney
 
Siloing your Site for SEO Success - Stephen Cronin - WordCamp Sydney 2012
Siloing your Site for SEO Success - Stephen Cronin - WordCamp Sydney 2012Siloing your Site for SEO Success - Stephen Cronin - WordCamp Sydney 2012
Siloing your Site for SEO Success - Stephen Cronin - WordCamp Sydney 2012WordCamp Sydney
 
Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...
Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...
Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...WordCamp Sydney
 
The Plugin Spectactular - Tony Cosentino - WordCamp Sydney 2012
The Plugin Spectactular - Tony Cosentino - WordCamp Sydney 2012The Plugin Spectactular - Tony Cosentino - WordCamp Sydney 2012
The Plugin Spectactular - Tony Cosentino - WordCamp Sydney 2012WordCamp Sydney
 
Optimising SEO for WordPress - Lisa Davis - WordCamp Sydney 2012
Optimising SEO for WordPress - Lisa Davis - WordCamp Sydney 2012Optimising SEO for WordPress - Lisa Davis - WordCamp Sydney 2012
Optimising SEO for WordPress - Lisa Davis - WordCamp Sydney 2012WordCamp Sydney
 
Word to the Future - Brent Shepherd - WordCamp Sydney 2012
Word to the Future - Brent Shepherd - WordCamp Sydney 2012Word to the Future - Brent Shepherd - WordCamp Sydney 2012
Word to the Future - Brent Shepherd - WordCamp Sydney 2012WordCamp Sydney
 
Inclusive Design Principles for WordPress - Joe Ortenzi - WordCamp Sydney
Inclusive Design Principles for WordPress - Joe Ortenzi - WordCamp SydneyInclusive Design Principles for WordPress - Joe Ortenzi - WordCamp Sydney
Inclusive Design Principles for WordPress - Joe Ortenzi - WordCamp SydneyWordCamp Sydney
 
There's More than 1 Way to Skin a WordPress Theme - Lachlan MacPherson - Word...
There's More than 1 Way to Skin a WordPress Theme - Lachlan MacPherson - Word...There's More than 1 Way to Skin a WordPress Theme - Lachlan MacPherson - Word...
There's More than 1 Way to Skin a WordPress Theme - Lachlan MacPherson - Word...WordCamp Sydney
 
WordPress for Noobs - Wil Brown - WordCamp Sydney 2012
WordPress for Noobs - Wil Brown - WordCamp Sydney 2012WordPress for Noobs - Wil Brown - WordCamp Sydney 2012
WordPress for Noobs - Wil Brown - WordCamp Sydney 2012WordCamp Sydney
 
Getting to Grips with Firebug - Anthony Hortin - WordCamp Sydney
Getting to Grips with Firebug - Anthony Hortin - WordCamp SydneyGetting to Grips with Firebug - Anthony Hortin - WordCamp Sydney
Getting to Grips with Firebug - Anthony Hortin - WordCamp SydneyWordCamp Sydney
 

Mehr von WordCamp Sydney (16)

How To Get Paid What You’re Worth - Troy Dean - WordCamp Sydney 2012
How To Get Paid What You’re Worth - Troy Dean - WordCamp Sydney 2012How To Get Paid What You’re Worth - Troy Dean - WordCamp Sydney 2012
How To Get Paid What You’re Worth - Troy Dean - WordCamp Sydney 2012
 
Not Just another WordPress Site Design - Phil Peet - WordCamp Sydney 2012
Not Just another WordPress Site Design - Phil Peet - WordCamp Sydney 2012Not Just another WordPress Site Design - Phil Peet - WordCamp Sydney 2012
Not Just another WordPress Site Design - Phil Peet - WordCamp Sydney 2012
 
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012
 
TurboPress: The High Performance Guide to WordPress - Jeff Waugh - WordCamp S...
TurboPress: The High Performance Guide to WordPress - Jeff Waugh - WordCamp S...TurboPress: The High Performance Guide to WordPress - Jeff Waugh - WordCamp S...
TurboPress: The High Performance Guide to WordPress - Jeff Waugh - WordCamp S...
 
Demystifying Custom Post Types and Taxonomies - Tracey Kemp - WordCamp Sydney...
Demystifying Custom Post Types and Taxonomies - Tracey Kemp - WordCamp Sydney...Demystifying Custom Post Types and Taxonomies - Tracey Kemp - WordCamp Sydney...
Demystifying Custom Post Types and Taxonomies - Tracey Kemp - WordCamp Sydney...
 
Child Theming WordPress - Chris Aprea - WordCamp Sydney 2012
Child Theming WordPress - Chris Aprea - WordCamp Sydney 2012Child Theming WordPress - Chris Aprea - WordCamp Sydney 2012
Child Theming WordPress - Chris Aprea - WordCamp Sydney 2012
 
The Power of Your Story Through WordPress and Social Media - Kimanzi Constabl...
The Power of Your Story Through WordPress and Social Media - Kimanzi Constabl...The Power of Your Story Through WordPress and Social Media - Kimanzi Constabl...
The Power of Your Story Through WordPress and Social Media - Kimanzi Constabl...
 
Siloing your Site for SEO Success - Stephen Cronin - WordCamp Sydney 2012
Siloing your Site for SEO Success - Stephen Cronin - WordCamp Sydney 2012Siloing your Site for SEO Success - Stephen Cronin - WordCamp Sydney 2012
Siloing your Site for SEO Success - Stephen Cronin - WordCamp Sydney 2012
 
Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...
Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...
Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...
 
The Plugin Spectactular - Tony Cosentino - WordCamp Sydney 2012
The Plugin Spectactular - Tony Cosentino - WordCamp Sydney 2012The Plugin Spectactular - Tony Cosentino - WordCamp Sydney 2012
The Plugin Spectactular - Tony Cosentino - WordCamp Sydney 2012
 
Optimising SEO for WordPress - Lisa Davis - WordCamp Sydney 2012
Optimising SEO for WordPress - Lisa Davis - WordCamp Sydney 2012Optimising SEO for WordPress - Lisa Davis - WordCamp Sydney 2012
Optimising SEO for WordPress - Lisa Davis - WordCamp Sydney 2012
 
Word to the Future - Brent Shepherd - WordCamp Sydney 2012
Word to the Future - Brent Shepherd - WordCamp Sydney 2012Word to the Future - Brent Shepherd - WordCamp Sydney 2012
Word to the Future - Brent Shepherd - WordCamp Sydney 2012
 
Inclusive Design Principles for WordPress - Joe Ortenzi - WordCamp Sydney
Inclusive Design Principles for WordPress - Joe Ortenzi - WordCamp SydneyInclusive Design Principles for WordPress - Joe Ortenzi - WordCamp Sydney
Inclusive Design Principles for WordPress - Joe Ortenzi - WordCamp Sydney
 
There's More than 1 Way to Skin a WordPress Theme - Lachlan MacPherson - Word...
There's More than 1 Way to Skin a WordPress Theme - Lachlan MacPherson - Word...There's More than 1 Way to Skin a WordPress Theme - Lachlan MacPherson - Word...
There's More than 1 Way to Skin a WordPress Theme - Lachlan MacPherson - Word...
 
WordPress for Noobs - Wil Brown - WordCamp Sydney 2012
WordPress for Noobs - Wil Brown - WordCamp Sydney 2012WordPress for Noobs - Wil Brown - WordCamp Sydney 2012
WordPress for Noobs - Wil Brown - WordCamp Sydney 2012
 
Getting to Grips with Firebug - Anthony Hortin - WordCamp Sydney
Getting to Grips with Firebug - Anthony Hortin - WordCamp SydneyGetting to Grips with Firebug - Anthony Hortin - WordCamp Sydney
Getting to Grips with Firebug - Anthony Hortin - WordCamp Sydney
 

Kürzlich hochgeladen

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 

Kürzlich hochgeladen (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012

  • 1. Securing Your WordPress Website Vladimir Lasky http://wpexpert.com.au/ WordCamp Sydney 2012 1
  • 2. What’s New In Today’s Talk? 1. The biggest security threats of 2012 and how to deal with them 2. An updated list of essential WordPress hardening steps for EVERY site 3. New WordPress management services that make your life easier 2
  • 3. Big Events in Internet Security This Year 1. Yahoo, LinkedIn, eHarmony all experienced security incidents that resulted in users’ passwords/hashes being published 2. Lots of exploits targeting code using vulnerable PHP libraries including TimThumb and Uploadify 3. Wi-Fi Protected Setup (WPS) vulnerability in Wireless Routers revealed in December 2011 3
  • 4. 4
  • 5. 5
  • 6. Lessons From Password Disclosure Incidents 1. You cannot assume any website will properly secure their databases. 2. Plenty of computational power exists for brute-force password cracking of password hashes – spare no effort to prevent these from being leaked. 3. People who reuse the same password across different sites are asking to get “p0wned” and become targets for identity theft. 4. Having a unique, secure password for every Internet account is mandatory. 6
  • 8. Lessons from WPS Vulnerability 1. The WPS exploit provides a backdoor to wireless routers secured with WPA2 2. Technologies that overcome security burdens often introduce security holes 3. Disable WPS in every Wi-Fi Router that you control. In some cases, this will require a firmware upgrade or possibly even replacing the router 8
  • 10. Lessons from PHP Exploits 1. Many programmers are lazy or ignorant of proper data validation practices 2. Obtaining plugins and themes from official sources reduces risk, but does not guaratee security 3. Application firewalls are a NECESSITY 10
  • 11. Essential Steps to Harden Your WP Installation 11
  • 12. Install WP Firewall 2 This plugin analyses HTTP requests and checks for suspicious parameters that indicate PHP or SQL injection attempts It will protect you against the majority of zero- day exploits Set the configuration option ‘Suppress similar attack warning emails’ to ‘On’, to prevent being deluged with identical warnings. 12
  • 13. Rename Your Admin Account 1. Use the plugin ‘Admin Renamer Extended’ to rename the ‘admin’ account to something unique. 2. From the WP Dashboard, go to Users->Your Profile. For the option set ‘Display Name Publicly as’, choose something that is not the same as your admin account name 13
  • 14. Change the Default MySQL Table Prefix 1. The WordPress default MySQL table prefix is ‘wp_’. 2. By renaming this to something else, ie. ‘tb132_’ we can foil the majority of blind SQL injection attempts 3. For an existing site, use the plugin “WordPress Table Rename” to make this easier. 14
  • 15. Prevent Plaintext Password Transmission – Best Option 1. Have your site hosted with a provider that supports HTTPS and provides either: – Their own Shared SSL Certificate – The ability to install your own – The ability to obtain one for you and install it (usually for a fee) 2. Install the plugin “WP HTTPS (SSL)” and enable the option “Force SSL Administration”. 3. This will prevent your password and session cookies from being sniffed (captured) over the Network 15
  • 16. Prevent Plaintext Password Transmission – Next Best 1. If you can’t use HTTPS, then install the plugin “Semisecure Login Reimagined”. 2. This uses Javascript to encrypt your password before sending it to the server 3. Make sure you logout from WordPress to prevent network eavedroppers from sniffing (capturing) and re-using your session key. 16
  • 17. Prevent Brute-Force Login Attempts Brute- Install one of the following plugins: 1. Login Security Solution – Slows down response time of your website after multiple failed attempts – Prevents users from choosing weak passwords and 2. Limit Login Attempts – Locks out accounts for a set time period after multiple failed attempts 17
  • 18. Install WP File Monitor Plus This plugin monitors files under your WP installation for changes. When a change is detected, it displays a dashboard alert and can also send an email As an administrator, you can view the list of changes and spot anything unexpected or unusual 18
  • 20. Regularly Update Your Site, Plugins and Themes The last talk stressed the importance of performing regular updates to WordPress, themes and plugins and performing regular remotely-initiated backups Several WordPress management services now exist to simply and speed up these steps: – ManageWP (hosted) – InfiniteWP (self-hosted) – WP Remote (hosted) – Worpit (hosted) 20
  • 21. Accessing Your Site From Untrusted PCs Two-Factor authentication is mandatory This is a combination of a password and a random number from a key fob, SMS message or a mobile phone app that you obtain each time you log in WordPress Two-Factor plugins include: 1. Second Factor 2. Google Authenticator 3. Duo Two-Factor Authentication 21
  • 22. Accessing Your Site From Untrusted Networks 1. If you can, use your smart phone or laptop PC equipped with 3G, 4G or GPRS Mobile Internet 2. If you are forced to use a public WiFi access point or LAN, ensure that any sites requiring authentication are accessed via their HTTPS (secure) link. 22
  • 23. Choosing a Password Twelve characters long as a minimum, but not a dictionary word Common number/letter substitutions provide little extra security – cracking tools almost always check for these 23
  • 24. Password Memorisation Techniques 1. Come up with a memorable sentence, and use the first letters of each word to form the password e.g. – “Jack and Jill went up the hill to fetch a pale of water” could form a 13-character password “JaJwuthtfapow” 2. Three unrelated unconnected dictionary words one after the other, misspelt a certain way known to you On your own trusted PC, consider using an encrypted password manager like KeePass 24
  • 25. Conclusion Slides from Previous Talk at Wordcamp GC 2011: – http://slidesha.re/tr2XA5 – Covers the “Three Pillars of Security”, the aims of attackers and other WordPress security plugins ManageWP - 30% discount on all plans for WordCamp Sydney Attendees: – http://managewp.com/wcsyd Questions and Comments: – http://wpexpert.com.au/contact-us/ 25