SlideShare une entreprise Scribd logo

WordPress security 101 - WP Turku Meetup 2.2.2017

Otto Kekäläinen
Otto Kekäläinen

This document provides an overview of WordPress security best practices. It defines information security as confidentiality, integrity and availability. Potential security consequences of an unsecured WordPress site are discussed, such as a corrupted database preventing orders or payments. The document emphasizes that keeping passwords secure, using HTTPS, minimizing plugins/themes, and maintaining regular backups are most important. It advises against relying on security plugins for a false sense of security and recommends trusting hosting providers to handle DDoS protection and other security measures.

Internet
1  sur  42
Télécharger pour lire hors ligne
WORDPRESS SECURITY 101 what is important – and what is not WordPress Turku Meetup 2.2.2017 Otto Kekäläinen @ottokekalainen
DEFINITION OF INFORMATION SECURITY 1. Confidentiality 2. Integrity 3. Availability
You must keep your WordPress site secure.
POTENTIAL CONSEQUENCES ● Corrupted orders database: webshop unable to ship anything or resolve payments ● Leaked customer database: angry customers, lawsuit for neglect of privacy laws ● Visitors get redirected to shady sites: lost reputation, marketing budget goes in vain ● Site spreads malware: Google might detect and ban from showing up in search results ● Site sends spam: could become blacklisted and legit email stops working
“BUT MY SITE IS NOT IMPORTANT!” Your site can be used to mount further attacks! If you have clearly neglected the maintenance of your own site, you could be held partly liable for attacks on other sites.
What is REALLY important in keeping your WordPress site secure?
AVENUES OF UNAUTHORISED ACCESS: 1. Leaked passwords 2. Software vulnerabilities
LEAKED PASSWORDS
Remember password hygiene seravo.fi/2014/password-hygiene-every-mans-responsibility
HTTPS, SFTP, SSH Never submit passwords over an unencrypted connection!
Enforce HTTPS in WordPress 1. Your server needs to support HTTPS 2. Enforce in wp-config.php with: define('FORCE_SSL_ADMIN', true);
Use captcha to avoid robot users Google reCaptcha recommended
SOFTWARE VULNERABILITIES
MINIMIZE VULNERABILITIES 1. Minimize the attack surface by minimizing the amount of software you have 2. For the software you really need, make sure you have updated to latest releases
HOW SECURE IS WORDPRESS CORE? Security bugs per 1000 lines of code written All time: 0,1 (204 CVE entries per 2,1 million lines of code) In 2015: 0,05 (11 CVE entries per 236 000 lines of code)
WORDPRESS CORE IS SECURE.
THE PROBLEM IS THE PLUGINS.
Combined core, plugin and theme vulnerability database: wpvulndb.com
Example case: Mossack Fonseca aka Panama papers ● The site www.mossfon.com was running WordPress ● Unauthorized access of WP lead to unauthorized access of MS Exchange email server on internal network and other sites at *.mossfon.com ● The intruders most likely came through an old and insecure version of the Revolution Slider plugin. ○ Well known vulnerability, WordPress.org even has a patch as a separate plugin (https://wordpress.org/plugins/patch-for-revolution-slider/) as Revolution Slider itself is not available at WordPress.org.
Example case: Mossack Fonseca aka Panama papers ● Case analysis at https://www.wordfence.com/blog/2016/04/mossack-fonseca-breach-vulner able-slider-revolution/
WP PLUGIN REVIEW GUIDELINES FOR CAPITALISTS* If the logo is red and name contains revolution, don’t install it on your system! * a small dose of parody can’t hurt?
PLUGIN SECURITY 1. Minimize the attack surface by minimizing the amount of plugins (and themes) you have 2. For the plugins you really need, make sure you have updated to latest releases You will not minimize vulnerabilities by installing more plugins!
WordPress is insecure! Quickly, install a security plugin!
NO
DON’T WASTE TIME ON ● removing generator meta or hiding version numbers ● hiding login errors ● changing wp-admin location ● disabling xmlrpc ● removing readme.html or other files Only for WP geeks who love to research the pros and cons. For normal users WordPress default settings are secure.
FALSE SENSE OF SECURITY Feels like a lot has been done when really very little has.
Example: useless readme.html blocking = don’t!
Example: useless readme.html blocking Versions leak anyway
Example: useless readme.html blocking Disclaimer: WordFence was used just as an example. It still the best guy in town. Many other security plugins are much worse. ..and other WordPress integrity checks trigger
SECURITY PLUGINS ARE NOT THE SOLUTION Scan results require interpretation. Recommended only for professionals.
The only recommended ones: WPScan and Google Webmaster Tools Almost no false positives and no business model based on spreading fear.
IF YOU RUN YOUR OWN SERVER Also remember to harden and keep updated ● operating system ● web server ● database server ● PHP environment
INSTALL ONLY FROM TRUSTED SOURCES Avoid random 3rd party repositories that don’t have any maintenance policy.
PROTECTION AGAINST DDOS What if the problem is not unauthorized access but the lack of authorized access?
DENIAL OF SERVICE ATTACKS Detect, withstand and block ● high performance servers and good caching ● detect repeated offenders and block at network level ○ e.g. failtoban + iptables ● detect and block at http level ○ e.g. Nginx rate limiting ● If you are trying to block at PHP/WordPress level, you’ve already lost DDOS is a constant race of new techniques of attack and defence. Try to find a good hosting provider that takes care of DDOS at least on the network level.
BACKUP AND RECOVERY Because some day, sooner or later, everything else fails.
BACKUP GUIDELINES 1/2 Make sure your backup system meets these requirements ● automatic: not dependant on human action ● complete: both files and database ● incremental with a history: at least 30 days ● frequent: daily is good
BACKUP GUIDELINES 2/2 ● offsite: in case access to the original site is lost ● pull, not push: original site should not have access to the backups, otherwise an attacker can delete both the original site and all backups Personal favourite: mysqldump + rdiff-backup over SSH
ONCE MORE WITH A FEELING
WORDPRESS SECURITY 101 1. Always follow password hygiene. 2. Use captchas to stall robot users. 3. Use HTTPS (and SFTP and SSH) – never submit passwords in plain text on any network connection. 4. Remove unnecessary software to reduce attack surface. 5. Keep WordPress plugins and all other software too updated to have all known vulnerability fixes installed. 6. Install software and update only from trusted sources. 7. Have a good backups system in place. 8. Choose a good service provider and trust them to take care of the rest.
THANK YOU! WP-palvelu.fi @SeravoFi @ottokekalainen

Recommandé

Technical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionTechnical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionOtto Kekäläinen
 
Testing and updating WordPress - Advanced techniques for avoiding regressions
Testing and updating WordPress - Advanced techniques for avoiding regressionsTesting and updating WordPress - Advanced techniques for avoiding regressions
Testing and updating WordPress - Advanced techniques for avoiding regressionsOtto Kekäläinen
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017Otto Kekäläinen
 
Find WordPress performance bottlenecks with XDebug PHP profiling
Find WordPress performance bottlenecks with XDebug PHP profilingFind WordPress performance bottlenecks with XDebug PHP profiling
Find WordPress performance bottlenecks with XDebug PHP profilingOtto Kekäläinen
 
The GiveCamp Guide to WordPress
The GiveCamp Guide to WordPressThe GiveCamp Guide to WordPress
The GiveCamp Guide to WordPressSarah Dutkiewicz
 
Basic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedBasic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedNile Flores
 
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Bastian Grimm
 
PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Projectxsist10
 

Recommandé

Technical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionTechnical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionOtto Kekäläinen
 
Testing and updating WordPress - Advanced techniques for avoiding regressions
Testing and updating WordPress - Advanced techniques for avoiding regressionsTesting and updating WordPress - Advanced techniques for avoiding regressions
Testing and updating WordPress - Advanced techniques for avoiding regressionsOtto Kekäläinen
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017Otto Kekäläinen
 
Find WordPress performance bottlenecks with XDebug PHP profiling
Find WordPress performance bottlenecks with XDebug PHP profilingFind WordPress performance bottlenecks with XDebug PHP profiling
Find WordPress performance bottlenecks with XDebug PHP profilingOtto Kekäläinen
 
The GiveCamp Guide to WordPress
The GiveCamp Guide to WordPressThe GiveCamp Guide to WordPress
The GiveCamp Guide to WordPressSarah Dutkiewicz
 
Basic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedBasic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedNile Flores
 
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Bastian Grimm
 
PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Projectxsist10
 
Drupal Development Tips
Drupal Development TipsDrupal Development Tips
Drupal Development TipsChris Tankersley
 
Introduction to PhoneGap and PhoneGap Build
Introduction to PhoneGap and PhoneGap BuildIntroduction to PhoneGap and PhoneGap Build
Introduction to PhoneGap and PhoneGap BuildMartin de Keijzer
 
WordPress Security : What We Learnt When We Were Hacked : WordCamp Mumbai 2017
WordPress Security : What We Learnt When We Were Hacked : WordCamp Mumbai 2017WordPress Security : What We Learnt When We Were Hacked : WordCamp Mumbai 2017
WordPress Security : What We Learnt When We Were Hacked : WordCamp Mumbai 2017Bhushan Jawle
 
Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...
Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...
Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...Andrea Cardinali
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
The 5 most common reasons for a slow WordPress site and how to fix them – ext...
The 5 most common reasons for a slow WordPress site and how to fix them – ext...The 5 most common reasons for a slow WordPress site and how to fix them – ext...
The 5 most common reasons for a slow WordPress site and how to fix them – ext...Otto Kekäläinen
 
Secure All The Things!
Secure All The Things!Secure All The Things!
Secure All The Things!Dougal Campbell
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress SecurityDougal Campbell
 
Jakarta WordPress Meetup #9: Introducing VVV 2
Jakarta WordPress Meetup #9: Introducing VVV 2Jakarta WordPress Meetup #9: Introducing VVV 2
Jakarta WordPress Meetup #9: Introducing VVV 2WordPress
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
WordPress Performance optimization
WordPress Performance optimizationWordPress Performance optimization
WordPress Performance optimizationBrecht Ryckaert
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-securityDigamber Pradhan
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
 
WordPress Hardening
WordPress HardeningWordPress Hardening
WordPress HardeningMaurizio Pelizzone
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
 
That's crazy! how to build single page web apps
That's crazy! how to build single page web appsThat's crazy! how to build single page web apps
That's crazy! how to build single page web appsChris Love
 
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureWordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureMeagan Hanes
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Importance of-website-backups
Importance of-website-backupsImportance of-website-backups
Importance of-website-backupsmymlmfinder
 
Git best practices 2016
Git best practices 2016Git best practices 2016
Git best practices 2016Otto Kekäläinen
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo
 

Contenu connexe

Tendances

Introduction to PhoneGap and PhoneGap Build
Introduction to PhoneGap and PhoneGap BuildIntroduction to PhoneGap and PhoneGap Build
Introduction to PhoneGap and PhoneGap BuildMartin de Keijzer
 
WordPress Security : What We Learnt When We Were Hacked : WordCamp Mumbai 2017
WordPress Security : What We Learnt When We Were Hacked : WordCamp Mumbai 2017WordPress Security : What We Learnt When We Were Hacked : WordCamp Mumbai 2017
WordPress Security : What We Learnt When We Were Hacked : WordCamp Mumbai 2017Bhushan Jawle
 
Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...
Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...
Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...Andrea Cardinali
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
The 5 most common reasons for a slow WordPress site and how to fix them – ext...
The 5 most common reasons for a slow WordPress site and how to fix them – ext...The 5 most common reasons for a slow WordPress site and how to fix them – ext...
The 5 most common reasons for a slow WordPress site and how to fix them – ext...Otto Kekäläinen
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress SecurityDougal Campbell
 
Jakarta WordPress Meetup #9: Introducing VVV 2
Jakarta WordPress Meetup #9: Introducing VVV 2Jakarta WordPress Meetup #9: Introducing VVV 2
Jakarta WordPress Meetup #9: Introducing VVV 2WordPress
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
WordPress Performance optimization
WordPress Performance optimizationWordPress Performance optimization
WordPress Performance optimizationBrecht Ryckaert
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-securityDigamber Pradhan
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSiteGround.com
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
 
That's crazy! how to build single page web apps
That's crazy! how to build single page web appsThat's crazy! how to build single page web apps
That's crazy! how to build single page web appsChris Love
 
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureWordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureMeagan Hanes
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Importance of-website-backups
Importance of-website-backupsImportance of-website-backups
Importance of-website-backupsmymlmfinder
 

Tendances (20)

Drupal Development Tips
Drupal Development TipsDrupal Development Tips
Drupal Development Tips
 
Introduction to PhoneGap and PhoneGap Build
Introduction to PhoneGap and PhoneGap BuildIntroduction to PhoneGap and PhoneGap Build
Introduction to PhoneGap and PhoneGap Build
 
WordPress Security : What We Learnt When We Were Hacked : WordCamp Mumbai 2017
WordPress Security : What We Learnt When We Were Hacked : WordCamp Mumbai 2017WordPress Security : What We Learnt When We Were Hacked : WordCamp Mumbai 2017
WordPress Security : What We Learnt When We Were Hacked : WordCamp Mumbai 2017
 
Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...
Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...
Gestione avanzata di WordPress con WP-CLI - WordCamp Torino 2017 - Andrea Car...
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website
 
The 5 most common reasons for a slow WordPress site and how to fix them – ext...
The 5 most common reasons for a slow WordPress site and how to fix them – ext...The 5 most common reasons for a slow WordPress site and how to fix them – ext...
The 5 most common reasons for a slow WordPress site and how to fix them – ext...
 
Secure All The Things!
Secure All The Things!Secure All The Things!
Secure All The Things!
 
Higher Order WordPress Security
Higher Order WordPress SecurityHigher Order WordPress Security
Higher Order WordPress Security
 
Jakarta WordPress Meetup #9: Introducing VVV 2
Jakarta WordPress Meetup #9: Introducing VVV 2Jakarta WordPress Meetup #9: Introducing VVV 2
Jakarta WordPress Meetup #9: Introducing VVV 2
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla
 
WordPress Performance optimization
WordPress Performance optimizationWordPress Performance optimization
WordPress Performance optimization
 
Word campktm speed-security
Word campktm speed-securityWord campktm speed-security
Word campktm speed-security
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
 
WordPress Hardening
WordPress HardeningWordPress Hardening
WordPress Hardening
 
Secrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla RevealedSecrets to a Hack-Proof Joomla Revealed
Secrets to a Hack-Proof Joomla Revealed
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
 
That's crazy! how to build single page web apps
That's crazy! how to build single page web appsThat's crazy! how to build single page web apps
That's crazy! how to build single page web apps
 
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and SecureWordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
WordPress Site Management - Keeping Your Creation Happy, Healthy and Secure
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy Style
 
Importance of-website-backups
Importance of-website-backupsImportance of-website-backups
Importance of-website-backups
 

En vedette

Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo
 
Salasanahygienia - jokamiehen kybervelvollisuus
Salasanahygienia - jokamiehen kybervelvollisuusSalasanahygienia - jokamiehen kybervelvollisuus
Salasanahygienia - jokamiehen kybervelvollisuusOtto Kekäläinen
 
Collaboration in open source - examples from MariaDB
Collaboration in open source - examples from MariaDBCollaboration in open source - examples from MariaDB
Collaboration in open source - examples from MariaDBOtto Kekäläinen
 
WordPress ja markkinointiautomaatio (DigitalTre-esitys)
WordPress ja markkinointiautomaatio (DigitalTre-esitys)WordPress ja markkinointiautomaatio (DigitalTre-esitys)
WordPress ja markkinointiautomaatio (DigitalTre-esitys)Otto Kekäläinen
 
MariaDB Developers Meetup 2016 welcome words
MariaDB Developers Meetup 2016 welcome wordsMariaDB Developers Meetup 2016 welcome words
MariaDB Developers Meetup 2016 welcome wordsOtto Kekäläinen
 
MariaDB in Debian and Ubuntu: The next million users
MariaDB in Debian and Ubuntu: The next million usersMariaDB in Debian and Ubuntu: The next million users
MariaDB in Debian and Ubuntu: The next million usersOtto Kekäläinen
 
Koodikerho: ohjelmointia alakouluissa
Koodikerho: ohjelmointia alakouluissaKoodikerho: ohjelmointia alakouluissa
Koodikerho: ohjelmointia alakouluissaOtto Kekäläinen
 
Koodikerho PEPE Pajapäivä 6.9.2016
Koodikerho PEPE Pajapäivä 6.9.2016Koodikerho PEPE Pajapäivä 6.9.2016
Koodikerho PEPE Pajapäivä 6.9.2016Otto Kekäläinen
 
MariaDB Foundation presentation and membership info
MariaDB Foundation presentation and membership infoMariaDB Foundation presentation and membership info
MariaDB Foundation presentation and membership infoOtto Kekäläinen
 
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...Otto Kekäläinen
 
Less passwords, more security: unix socket authentication and other MariaDB h...
Less passwords, more security: unix socket authentication and other MariaDB h...Less passwords, more security: unix socket authentication and other MariaDB h...
Less passwords, more security: unix socket authentication and other MariaDB h...Otto Kekäläinen
 
Koodikerho opettaa lapsille ohjelmointia (Virtuaaliopetuksen päivät 2015)
Koodikerho opettaa lapsille ohjelmointia (Virtuaaliopetuksen päivät 2015)Koodikerho opettaa lapsille ohjelmointia (Virtuaaliopetuksen päivät 2015)
Koodikerho opettaa lapsille ohjelmointia (Virtuaaliopetuksen päivät 2015)Otto Kekäläinen
 

En vedette (14)

Git best practices 2016
Git best practices 2016Git best practices 2016
Git best practices 2016
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101
 
Salasanahygienia - jokamiehen kybervelvollisuus
Salasanahygienia - jokamiehen kybervelvollisuusSalasanahygienia - jokamiehen kybervelvollisuus
Salasanahygienia - jokamiehen kybervelvollisuus
 
Collaboration in open source - examples from MariaDB
Collaboration in open source - examples from MariaDBCollaboration in open source - examples from MariaDB
Collaboration in open source - examples from MariaDB
 
Git essentials
Git essentialsGit essentials
Git essentials
 
WordPress ja markkinointiautomaatio (DigitalTre-esitys)
WordPress ja markkinointiautomaatio (DigitalTre-esitys)WordPress ja markkinointiautomaatio (DigitalTre-esitys)
WordPress ja markkinointiautomaatio (DigitalTre-esitys)
 
MariaDB Developers Meetup 2016 welcome words
MariaDB Developers Meetup 2016 welcome wordsMariaDB Developers Meetup 2016 welcome words
MariaDB Developers Meetup 2016 welcome words
 
MariaDB in Debian and Ubuntu: The next million users
MariaDB in Debian and Ubuntu: The next million usersMariaDB in Debian and Ubuntu: The next million users
MariaDB in Debian and Ubuntu: The next million users
 
Koodikerho: ohjelmointia alakouluissa
Koodikerho: ohjelmointia alakouluissaKoodikerho: ohjelmointia alakouluissa
Koodikerho: ohjelmointia alakouluissa
 
Koodikerho PEPE Pajapäivä 6.9.2016
Koodikerho PEPE Pajapäivä 6.9.2016Koodikerho PEPE Pajapäivä 6.9.2016
Koodikerho PEPE Pajapäivä 6.9.2016
 
MariaDB Foundation presentation and membership info
MariaDB Foundation presentation and membership infoMariaDB Foundation presentation and membership info
MariaDB Foundation presentation and membership info
 
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
WordPress Security 101 – WordCamp Finland 2016 presentation by Otto Kekäläine...
 
Less passwords, more security: unix socket authentication and other MariaDB h...
Less passwords, more security: unix socket authentication and other MariaDB h...Less passwords, more security: unix socket authentication and other MariaDB h...
Less passwords, more security: unix socket authentication and other MariaDB h...
 
Koodikerho opettaa lapsille ohjelmointia (Virtuaaliopetuksen päivät 2015)
Koodikerho opettaa lapsille ohjelmointia (Virtuaaliopetuksen päivät 2015)Koodikerho opettaa lapsille ohjelmointia (Virtuaaliopetuksen päivät 2015)
Koodikerho opettaa lapsille ohjelmointia (Virtuaaliopetuksen päivät 2015)
 

Similaire à WordPress security 101 - WP Turku Meetup 2.2.2017

Your WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedYour WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedAngela Bowman
 
Understanding word press security wwc-4-7-17
Understanding word press security wwc-4-7-17Understanding word press security wwc-4-7-17
Understanding word press security wwc-4-7-17Nicholas Batik
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!Marko Heijnen
 
Care and feeding of your website
Care and feeding of your websiteCare and feeding of your website
Care and feeding of your websiteShawn DeWolfe
 
A Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdfA Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdfHost It Smart
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupOyster Bay Marauders LLC
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security pptCheap SSL Coupon Code
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home OwnershipDenise (Dee) Teal
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressChelsea O'Brien
 
Word camp2011 introwordpresssecurity
Word camp2011 introwordpresssecurityWord camp2011 introwordpresssecurity
Word camp2011 introwordpresssecurityDavid Wilemski
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Vlad Lasky
 
Securing Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad LaskySecuring Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad Laskywordcampgc
 
WordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your WebsiteWordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your WebsiteReliqusConsulting
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionPratik Jagdishwala
 

Similaire à WordPress security 101 - WP Turku Meetup 2.2.2017 (20)

Your WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedYour WordPress Website Is/Not Hacked
Your WordPress Website Is/Not Hacked
 
Understanding word press security wwc-4-7-17
Understanding word press security wwc-4-7-17Understanding word press security wwc-4-7-17
Understanding word press security wwc-4-7-17
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
Wordpress best practices
Wordpress best practicesWordpress best practices
Wordpress best practices
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!
 
Locking down word press
Locking down word pressLocking down word press
Locking down word press
 
Care and feeding of your website
Care and feeding of your websiteCare and feeding of your website
Care and feeding of your website
 
A Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdfA Guide To Secure WordPress Website – A Complete Guide.pdf
A Guide To Secure WordPress Website – A Complete Guide.pdf
 
Securing your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP MeetupSecuring your WordPress website - New Port Richey WP Meetup
Securing your WordPress website - New Port Richey WP Meetup
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security ppt
 
Responsible [digital] Home Ownership
Responsible [digital] Home OwnershipResponsible [digital] Home Ownership
Responsible [digital] Home Ownership
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your Wordpress
 
Word camp2011 introwordpresssecurity
Word camp2011 introwordpresssecurityWord camp2011 introwordpresssecurity
Word camp2011 introwordpresssecurity
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011
 
Securing Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad LaskySecuring Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad Lasky
 
WordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your WebsiteWordPress Hardening: Strategies to Secure & Protect Your Website
WordPress Hardening: Strategies to Secure & Protect Your Website
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security session
 

Plus de Otto Kekäläinen

FOSDEM2021: MariaDB post-release quality assurance in Debian and Ubuntu
FOSDEM2021: MariaDB post-release quality assurance in Debian and UbuntuFOSDEM2021: MariaDB post-release quality assurance in Debian and Ubuntu
FOSDEM2021: MariaDB post-release quality assurance in Debian and UbuntuOtto Kekäläinen
 
Search in WordPress - how it works and howto customize it
Search in WordPress - how it works and howto customize itSearch in WordPress - how it works and howto customize it
Search in WordPress - how it works and howto customize itOtto Kekäläinen
 
MariaDB quality assurance in Debian and Ubuntu
MariaDB quality assurance in Debian and UbuntuMariaDB quality assurance in Debian and Ubuntu
MariaDB quality assurance in Debian and UbuntuOtto Kekäläinen
 
DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?
DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?
DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?Otto Kekäläinen
 
Technical SEO for WordPress - 2019 edition
Technical SEO for WordPress - 2019 editionTechnical SEO for WordPress - 2019 edition
Technical SEO for WordPress - 2019 editionOtto Kekäläinen
 
How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...
How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...
How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...Otto Kekäläinen
 
DebConf 2019 MariaDB packaging in Debian BoF
DebConf 2019 MariaDB packaging in Debian BoFDebConf 2019 MariaDB packaging in Debian BoF
DebConf 2019 MariaDB packaging in Debian BoFOtto Kekäläinen
 
The 5 most common reasons for a slow WordPress site and how to fix them
The 5 most common reasons for a slow WordPress site and how to fix themThe 5 most common reasons for a slow WordPress site and how to fix them
The 5 most common reasons for a slow WordPress site and how to fix themOtto Kekäläinen
 
How to investigate and recover from a security breach in WordPress
How to investigate and recover from a security breach in WordPressHow to investigate and recover from a security breach in WordPress
How to investigate and recover from a security breach in WordPressOtto Kekäläinen
 
Automatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themesAutomatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themesOtto Kekäläinen
 
10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...Otto Kekäläinen
 
Automatic testing and quality assurance for WordPress plugins
Automatic testing and quality assurance for WordPress pluginsAutomatic testing and quality assurance for WordPress plugins
Automatic testing and quality assurance for WordPress pluginsOtto Kekäläinen
 
Improving WordPress performance (xdebug and profiling)
Improving WordPress performance (xdebug and profiling)Improving WordPress performance (xdebug and profiling)
Improving WordPress performance (xdebug and profiling)Otto Kekäläinen
 
WordPress-tietoturvan perusteet
WordPress-tietoturvan perusteetWordPress-tietoturvan perusteet
WordPress-tietoturvan perusteetOtto Kekäläinen
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingOtto Kekäläinen
 
MariaDB adoption in Linux distributions and development environments
MariaDB adoption in Linux distributions and development environmentsMariaDB adoption in Linux distributions and development environments
MariaDB adoption in Linux distributions and development environmentsOtto Kekäläinen
 
DebConf16 BoF on MariaDB/MySQL packaging
DebConf16 BoF on MariaDB/MySQL packagingDebConf16 BoF on MariaDB/MySQL packaging
DebConf16 BoF on MariaDB/MySQL packagingOtto Kekäläinen
 

Plus de Otto Kekäläinen (18)

FOSDEM2021: MariaDB post-release quality assurance in Debian and Ubuntu
FOSDEM2021: MariaDB post-release quality assurance in Debian and UbuntuFOSDEM2021: MariaDB post-release quality assurance in Debian and Ubuntu
FOSDEM2021: MariaDB post-release quality assurance in Debian and Ubuntu
 
Search in WordPress - how it works and howto customize it
Search in WordPress - how it works and howto customize itSearch in WordPress - how it works and howto customize it
Search in WordPress - how it works and howto customize it
 
MariaDB quality assurance in Debian and Ubuntu
MariaDB quality assurance in Debian and UbuntuMariaDB quality assurance in Debian and Ubuntu
MariaDB quality assurance in Debian and Ubuntu
 
DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?
DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?
DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?
 
Technical SEO for WordPress - 2019 edition
Technical SEO for WordPress - 2019 editionTechnical SEO for WordPress - 2019 edition
Technical SEO for WordPress - 2019 edition
 
How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...
How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...
How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...
 
DebConf 2019 MariaDB packaging in Debian BoF
DebConf 2019 MariaDB packaging in Debian BoFDebConf 2019 MariaDB packaging in Debian BoF
DebConf 2019 MariaDB packaging in Debian BoF
 
The 5 most common reasons for a slow WordPress site and how to fix them
The 5 most common reasons for a slow WordPress site and how to fix themThe 5 most common reasons for a slow WordPress site and how to fix them
The 5 most common reasons for a slow WordPress site and how to fix them
 
How to investigate and recover from a security breach in WordPress
How to investigate and recover from a security breach in WordPressHow to investigate and recover from a security breach in WordPress
How to investigate and recover from a security breach in WordPress
 
Technical SEO for WordPress
Technical SEO for WordPressTechnical SEO for WordPress
Technical SEO for WordPress
 
Automatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themesAutomatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themes
 
10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...
 
Automatic testing and quality assurance for WordPress plugins
Automatic testing and quality assurance for WordPress pluginsAutomatic testing and quality assurance for WordPress plugins
Automatic testing and quality assurance for WordPress plugins
 
Improving WordPress performance (xdebug and profiling)
Improving WordPress performance (xdebug and profiling)Improving WordPress performance (xdebug and profiling)
Improving WordPress performance (xdebug and profiling)
 
WordPress-tietoturvan perusteet
WordPress-tietoturvan perusteetWordPress-tietoturvan perusteet
WordPress-tietoturvan perusteet
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP Profiling
 
MariaDB adoption in Linux distributions and development environments
MariaDB adoption in Linux distributions and development environmentsMariaDB adoption in Linux distributions and development environments
MariaDB adoption in Linux distributions and development environments
 
DebConf16 BoF on MariaDB/MySQL packaging
DebConf16 BoF on MariaDB/MySQL packagingDebConf16 BoF on MariaDB/MySQL packaging
DebConf16 BoF on MariaDB/MySQL packaging
 

Dernier

VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...SUHANI PANDEY
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Datingkojalkojal131
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiEscorts Call Girls
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...SUHANI PANDEY
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...SUHANI PANDEY
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceDelhi Call girls
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...SUHANI PANDEY
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 

Dernier (20)

VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 

WordPress security 101 - WP Turku Meetup 2.2.2017

  • 1. WORDPRESS SECURITY 101 what is important – and what is not WordPress Turku Meetup 2.2.2017 Otto Kekäläinen @ottokekalainen
  • 2. DEFINITION OF INFORMATION SECURITY 1. Confidentiality 2. Integrity 3. Availability
  • 3. You must keep your WordPress site secure.
  • 4. POTENTIAL CONSEQUENCES ● Corrupted orders database: webshop unable to ship anything or resolve payments ● Leaked customer database: angry customers, lawsuit for neglect of privacy laws ● Visitors get redirected to shady sites: lost reputation, marketing budget goes in vain ● Site spreads malware: Google might detect and ban from showing up in search results ● Site sends spam: could become blacklisted and legit email stops working
  • 5. “BUT MY SITE IS NOT IMPORTANT!” Your site can be used to mount further attacks! If you have clearly neglected the maintenance of your own site, you could be held partly liable for attacks on other sites.
  • 6. What is REALLY important in keeping your WordPress site secure?
  • 7. AVENUES OF UNAUTHORISED ACCESS: 1. Leaked passwords 2. Software vulnerabilities
  • 10. HTTPS, SFTP, SSH Never submit passwords over an unencrypted connection!
  • 11. Enforce HTTPS in WordPress 1. Your server needs to support HTTPS 2. Enforce in wp-config.php with: define('FORCE_SSL_ADMIN', true);
  • 12. Use captcha to avoid robot users Google reCaptcha recommended
  • 14. MINIMIZE VULNERABILITIES 1. Minimize the attack surface by minimizing the amount of software you have 2. For the software you really need, make sure you have updated to latest releases
  • 15. HOW SECURE IS WORDPRESS CORE? Security bugs per 1000 lines of code written All time: 0,1 (204 CVE entries per 2,1 million lines of code) In 2015: 0,05 (11 CVE entries per 236 000 lines of code)
  • 17. THE PROBLEM IS THE PLUGINS.
  • 19. Example case: Mossack Fonseca aka Panama papers ● The site www.mossfon.com was running WordPress ● Unauthorized access of WP lead to unauthorized access of MS Exchange email server on internal network and other sites at *.mossfon.com ● The intruders most likely came through an old and insecure version of the Revolution Slider plugin. ○ Well known vulnerability, WordPress.org even has a patch as a separate plugin (https://wordpress.org/plugins/patch-for-revolution-slider/) as Revolution Slider itself is not available at WordPress.org.
  • 20. Example case: Mossack Fonseca aka Panama papers ● Case analysis at https://www.wordfence.com/blog/2016/04/mossack-fonseca-breach-vulner able-slider-revolution/
  • 21. WP PLUGIN REVIEW GUIDELINES FOR CAPITALISTS* If the logo is red and name contains revolution, don’t install it on your system! * a small dose of parody can’t hurt?
  • 22. PLUGIN SECURITY 1. Minimize the attack surface by minimizing the amount of plugins (and themes) you have 2. For the plugins you really need, make sure you have updated to latest releases You will not minimize vulnerabilities by installing more plugins!
  • 24. NO
  • 25.
  • 26. DON’T WASTE TIME ON ● removing generator meta or hiding version numbers ● hiding login errors ● changing wp-admin location ● disabling xmlrpc ● removing readme.html or other files Only for WP geeks who love to research the pros and cons. For normal users WordPress default settings are secure.
  • 27. FALSE SENSE OF SECURITY Feels like a lot has been done when really very little has.
  • 28. Example: useless readme.html blocking = don’t!
  • 29. Example: useless readme.html blocking Versions leak anyway
  • 30. Example: useless readme.html blocking Disclaimer: WordFence was used just as an example. It still the best guy in town. Many other security plugins are much worse. ..and other WordPress integrity checks trigger
  • 31. SECURITY PLUGINS ARE NOT THE SOLUTION Scan results require interpretation. Recommended only for professionals.
  • 32. The only recommended ones: WPScan and Google Webmaster Tools Almost no false positives and no business model based on spreading fear.
  • 33. IF YOU RUN YOUR OWN SERVER Also remember to harden and keep updated ● operating system ● web server ● database server ● PHP environment
  • 34. INSTALL ONLY FROM TRUSTED SOURCES Avoid random 3rd party repositories that don’t have any maintenance policy.
  • 35. PROTECTION AGAINST DDOS What if the problem is not unauthorized access but the lack of authorized access?
  • 36. DENIAL OF SERVICE ATTACKS Detect, withstand and block ● high performance servers and good caching ● detect repeated offenders and block at network level ○ e.g. failtoban + iptables ● detect and block at http level ○ e.g. Nginx rate limiting ● If you are trying to block at PHP/WordPress level, you’ve already lost DDOS is a constant race of new techniques of attack and defence. Try to find a good hosting provider that takes care of DDOS at least on the network level.
  • 37. BACKUP AND RECOVERY Because some day, sooner or later, everything else fails.
  • 38. BACKUP GUIDELINES 1/2 Make sure your backup system meets these requirements ● automatic: not dependant on human action ● complete: both files and database ● incremental with a history: at least 30 days ● frequent: daily is good
  • 39. BACKUP GUIDELINES 2/2 ● offsite: in case access to the original site is lost ● pull, not push: original site should not have access to the backups, otherwise an attacker can delete both the original site and all backups Personal favourite: mysqldump + rdiff-backup over SSH
  • 40. ONCE MORE WITH A FEELING
  • 41. WORDPRESS SECURITY 101 1. Always follow password hygiene. 2. Use captchas to stall robot users. 3. Use HTTPS (and SFTP and SSH) – never submit passwords in plain text on any network connection. 4. Remove unnecessary software to reduce attack surface. 5. Keep WordPress plugins and all other software too updated to have all known vulnerability fixes installed. 6. Install software and update only from trusted sources. 7. Have a good backups system in place. 8. Choose a good service provider and trust them to take care of the rest.