wordpress security hardening
DESCRIPTION
Presentation given at WordCampTRANSCRIPT
Security & HardeningTimothy Wood (@codearachnid)
Areas of compromise:• File (server) system hardening• Application software hardening• ... and YOU!
Security & Hardening - Introduction
http://www.flickr.com/photos/nbachiyski/1463351154/
.htaccess is your friend• Lock down folders• Lock IPs from admin
Secure your database • Never (EVER) use root - good user security (http://bit.ly/17vo6y)• Change up the defaults
Server scans & security to prevent and monitor• File change monitoring (http://snipit.me/u/11)• Routine backups are your friend• Lock down the server like with any other site
Security & Hardening - System Hardening
Start with good resources• Read reviews of other users• Never be the first adopter for production level• Write your own tools/plugins
Keep software up to date (core, plugins, themes, etc.)• Review changelogs on 3rd party code• Monitor "hidden" files (.htaccess) for unapproved changes• Routine blog scans http://bit.ly/JK5dw
Need to know only• Remove tell tale signs (meta, footer links, etc.)• Change up the wp-content folder
Security & Hardening - Application Hardening
• Rename and Upload the WordPress Foldero Disable links to the administration area
• Extend the file wp-config.php• Move & protect the wp-config.php file• Delete the admin User Account• Choose strong passwords • Protect the wp-admin Directory • Suppress Error Feedback on the Log-In Page• Restrict Erroneous Log-In Attempts
Security & Hardening - App. Admin HardeningFYI source of this slide can be found http://bit.ly/MA32j
• Login pages should be encrypted• Data validation should be done server-side• Manage your site via encrypted connection• Connect from a secured network• Don't share login credentials• Maintain a secure workplace
o Physicalo Software
• Use multiple layers of redundancy for protection
Security & Hardening - Application Hardening
• This presentation - http://bit.ly/1FGGa• WordPress Security Whitepaper - http://is.gd/nbjQ• Lorelle on WordPress - http://is.gd/2v9K• WordPress File Monitor - http://snipit.me/u/11• 20 WordPress Security Plug-ins And Tips To keep Hackers
Away- http://bit.ly/fim37
Security & Hardening - Credits
http://www.flickr.com/photos/donncha/134015140/