Securing your WordPress Blog · Securing your WordPress Blog WordPress Knoxville, Dec. 13...

Securing your WordPress BlogWordPress Knoxville, Dec. 13

Wednesday, December 28, 11

Security Basics

Don’t use “nimda” as a password.

Don’t share passwords across accounts.

Prefer SFTP over FTP, SSH over telnet.

Discovering Hackery

Try a scan, e.g. http://sitecheck.sucuri.net/scanner/

Check for uses of eval()

Check for uses of base64_decode()

Check for iframes

Check for php or non-image files in the uploads directory

Ask your hosting provider if other sites are hacked.

Fixing HackeryScan your desktop

Back everything up

Check with your hosting company

Change mysql/ftp/ssh/user passwords

Change secret keys (http://bit.ly/2m00jW)

Check .htaccess (extras or weird rules)

Delete everything or at least replace core files

Change passwords again

Hire somebody with know-how.

Do the stuff you should already have done...

Safeguarding in Advance

Never download WordPress from anywhere but wordpress.org

Update ASAP (plugins and themes too)

Rename the default admin account

Use file/permission scanners (http://bit.ly/KDPw1 and http://bit.ly/saYTz)

Move wp-config.php to the parent directory

Disable new user registration

Audit file permissions

Vary user credentials

Safeguarding in Advance

Consider adding Basic auth to /wp-admin

Delete plugins/themes you’re not actually using

Vet plugins/themes before installing (e.g. watch for eval, base64_decode, iframes, or attempts to write to the filesystem.

Don’t use the default table prefix of wp_

Watch your logs for e.g. dictionary attacks (http://www.ossec.net/)

Consider trying VaultPress

http://codex.wordpress.org/Hardening_WordPress

http://ottopress.com/2011/how-to-cope-with-a-hacked-site/

http://codex.wordpress.org/Resetting_Your_Password

http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/

Securing your WordPress Blog · Securing your WordPress Blog WordPress Knoxville, Dec. 13...

Documents

Transcript of Securing your WordPress Blog · Securing your WordPress Blog WordPress Knoxville, Dec. 13...

Saigon Wordpress Meetup - Do Less Work By Securing Your Wordpress Site From Hacker - Thomas

ÒWe donÕt merely develop homes, we give meaning to the ... · ÒWe donÕt merely develop homes, we give meaning to the place you choose to call home.Ó This collection of 51 contemporary

Curso Wordpress - Tutorial Wordpress

Securing small Securing small business business

Why We DonÕt Trust Celsius Holdings Inc. (Nasdaq: CELH ...

คู่มือ การสร้างเว็บไซต์ด้วย WORDPRESS · คู่มือการสร้างเว็บไซต์ด้วย wordpress

Adopting Singapore DonÕt You Wish Math- A Case Study You ...

DonÕt Stress É ItÕs Time to Assess! · Social Studies Coalition of Delaware Lead Teacher Training DonÕt Stress É ItÕs Time to Assess! Sherry Kijowski Theresa Bennett February,

Securing Enterprise Securing Enterprise Securing Enterprise ...

Module 4: Securing the Web Server 1. Overview Securing IIS Securing Apache 2.

Securing Corp: Securing-Corporateorate ApplicationsandData on PersonalDevices Final

Chapter 8: Securing Switched LANs · 2 8: Securing Switched LANs 3 Chapter Roadmap Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing

BEAUTIFUL PLANTS IS WE donÕt USE TRICKS

Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012

Do less work by securing your WordPress site from hackers

Securing Debian Manual – securing-debian-howto.pt-br.pdf

WordPress, WordPress Multisite y WordPress Multinetwork

Wordpress. Wordpress… Open Source – GNU General Public License Wordpress…

Wordpress | Wordpress(CMS) | best CMS for beginners | popular Wordpress plugins

Vigilia: Securing Smart Home Edge Computingplrg.eecs.uci.edu/wordpress/wp-content/uploads/2018/10/SEC-2018-… · Vigilia: Securing Smart Home Edge Computing Symposium on Edge Computing