WordPress security
31
blogVAULT http://blogvault.net
-
Upload
akshat -
Category
Technology
-
view
683 -
download
2
description
An introduction to WordPress Security
Transcript of WordPress security
blogVAULT
http://blogvault.net
blogVAULT
Akshat ChoudharyFounder, blogVault
WordPress Security
blogVAULT
Sites get Hacked!
Why?
blogVAULT
Fun and Profit
Why will some one hack a Site?
blogVAULT
Fun: Because they can
blogVAULT
Profit: To make money
SEOAffiliate ScamRedirect to a different sitePolitical defacementUse host for hacks
blogVAULT
Vulnerabilities!
How?
blogVAULT
Wordpress CorePluginsThemes
Where?
blogVAULT
How do I know if I have been hacked?
blogVAULT
Browser warning
blogVAULT
Google Search Warning
blogVAULT
Sucuri SiteCheck - Free Tool
blogVAULT
Inspect Files
htaccessJavascript FilesUnknown PHP filesExisting PHP files
blogVAULT
What to do when my site gets hacked?
blogVAULT
Most reliable method
Recover from Backup
blogVAULT
Not foolproof, costs money
Use Sucuri
blogVAULT
Difficult Job. Don't take lightly.
Talk to an expert
blogVAULT
Change Password
blogVAULT
Removes existing sessions.
Change Authentication keys
blogVAULT
Prevention is better than Cure
blogVAULT
Update Wordpress / Plugins / Themes
blogVAULT
Prevent SQL Injection attacks
Change Database Prefix
blogVAULT
define('DISALLOW_FILE_EDIT', true);
Disable File Editor
blogVAULT
Make Folders / Files Readonly
blogVAULT
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cg
i
Prevent File Execution
blogVAULT
Use SSL / Google Authenticator
blogVAULT
Set Authentication Keysdefine('AUTH_KEY', 'put your unique phrase here');define('SECURE_AUTH_KEY', 'put your unique phrase here');define('LOGGED_IN_KEY', 'put your unique phrase here');define('NONCE_KEY', 'put your unique phrase here');define('AUTH_SALT', 'put your unique phrase here');define('SECURE_AUTH_SALT', 'put your unique phrase here');define('LOGGED_IN_SALT', 'put your unique phrase here');define('NONCE_SALT', 'put your unique phrase here');
blogVAULT
remove admin user / hide wordpress version / ...
Security by Obscurity
blogVAULT
e.g. use blogVAULT
Automatic Backups
blogVAULT
What makes a good backup solution?
Complete - Database + FilesOffsite - Local backup is as good as noneRegular BackupHistory of backupTest the RestoreSecure Backup
blogVAULT
Thank you
http://blogvault.net
We are Hiring!
