Upload File

wordpress security hardening

7

Click here to load reader

Upload: timothy-wood

Post on 03-Jul-2015

717 views

Category:

Technology


0 download

Report

DESCRIPTION

Presentation given at WordCamp

TRANSCRIPT

Page 1: WordPress Security Hardening

Security & HardeningTimothy Wood (@codearachnid)

[email protected]

Page 2: WordPress Security Hardening

Areas of compromise:• File (server) system hardening• Application software hardening• ... and YOU!

Security & Hardening - Introduction

http://www.flickr.com/photos/nbachiyski/1463351154/

Page 3: WordPress Security Hardening

.htaccess is your friend• Lock down folders• Lock IPs from admin

Secure your database • Never (EVER) use root - good user security (http://bit.ly/17vo6y)• Change up the defaults

Server scans & security to prevent and monitor• File change monitoring (http://snipit.me/u/11)• Routine backups are your friend• Lock down the server like with any other site

Security & Hardening - System Hardening

Page 4: WordPress Security Hardening

Start with good resources• Read reviews of other users• Never be the first adopter for production level• Write your own tools/plugins

Keep software up to date (core, plugins, themes, etc.)• Review changelogs on 3rd party code• Monitor "hidden" files (.htaccess) for unapproved changes• Routine blog scans http://bit.ly/JK5dw

Need to know only• Remove tell tale signs (meta, footer links, etc.)• Change up the wp-content folder

Security & Hardening - Application Hardening

Page 5: WordPress Security Hardening

• Rename and Upload the WordPress Foldero Disable links to the administration area

• Extend the file wp-config.php• Move & protect the wp-config.php file• Delete the admin User Account• Choose strong passwords • Protect the wp-admin Directory • Suppress Error Feedback on the Log-In Page• Restrict Erroneous Log-In Attempts

Security & Hardening - App. Admin HardeningFYI source of this slide can be found http://bit.ly/MA32j

Page 6: WordPress Security Hardening

• Login pages should be encrypted• Data validation should be done server-side• Manage your site via encrypted connection• Connect from a secured network• Don't share login credentials• Maintain a secure workplace

o Physicalo Software

• Use multiple layers of redundancy for protection

Security & Hardening - Application Hardening

Page 7: WordPress Security Hardening

• This presentation - http://bit.ly/1FGGa• WordPress Security Whitepaper - http://is.gd/nbjQ• Lorelle on WordPress - http://is.gd/2v9K• WordPress File Monitor - http://snipit.me/u/11• 20 WordPress Security Plug-ins And Tips To keep Hackers

Away- http://bit.ly/fim37

Security & Hardening - Credits

http://www.flickr.com/photos/donncha/134015140/


Wordpressa - Hardening en Wordpress

WordPress Hardening

Asterisk Security Hardening 1.0

ISA Server 2004 Security Hardening Guide

The Microsoft Dynamics AX 2009 Security Hardening …download.microsoft.com/.../AXSecurityHardening.pdf · Security Hardening Guide 3 Table of Contents Introduction to the Security

Security Hardening Best Practices

Seguridad y Hardening€¦ · ・.htaccess y htpasswd. syslog centralizado Security Seguridad y Hardening rsyslog rsyslog-ng logrotate. Tuneame el kernel Security Seguridad y Hardening

Hardening in WordPress I

Hardening WordPress. Few steps to more secure installation

SN-7 Security Hardening Guide

Guide Security and Hardening - openSUSE Documentation

20 Linux Server Hardening Security Tips

Network Security Hardening Guide - GovCommgovcomm.us/.../2019/02/Network-Security-Hardening-Guide.pdfThis hardening guide is intended to be a living document (Version 2.0) and will

VIVOTEK Security Hardening Guidedownload.vivotek.com/.../vivotek_security_hardening_guide_v01.pdf · Technical Videos, and Security Hardening Guide with efficient on-line assistance

Hardening Your i5OS Security

Vi35 Security Hardening Wp

Hardening en WordPress II

Hardening Mysql Security Fosdem 2013

Hardening WordPress: A guide to stop or recover from a Pwn. Hardening WordPress.pdf · Must%be%writeable from%user%and%web%server. Hardening%Wordpress Server Restrict%access%to%theadmin%panel

WordPress Security & Plugins - WPDistrict · WordPress “Hardening” Website Hosts WordPress security starts with selecting the appropriate web host for your site. Qualities of

Positive Technologies WinCC Security Hardening Guide

WebSphere Application Server 8.5 Security Hardening

Elite Security Hardening Guide

Hardening Your WordPress Website

Canon imageRUNNER ADVANCE Security Hardening …downloads.canon.com/nw/pdfs/solutions/iRADV-Security-Hardening... · Canon imageRUNNER ADVANCE Hardening Guide 3 Who’s the audience

Hardening WordPress Security

Wordpress Security & Hardening Steps

RACKSPACE PRIVATE CLOUD 12.2 SECURITY HARDENING

Hardening en WordPress I

CYBERSECURITY HARDENING GUIDE - Zenitel | … Security guide... · CYBERSECURITY HARDENING GUIDE1 CYBERSECURITY HARDENING GUIDE How to prevent or reduce the impact of security risks

Ax Security Hardening

Drupal Security Hardening

0611 Botzum WAS 60 Security Hardening

Hardening Linux Server Security

Automated Security Hardening with OpenStack-Ansible