wordpress hardening v4

Report

Post on 18-Jan-2017

1.376 Views

Category:

Software

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Torino, 10 Novembre 2015

WORDPRESS HARDENING (LIGTH VERSION - V4)

About meBirth in Turin (Italy)Co-Founder @ mavida.comSolution architectWordPress proud usermaurizio@mavida.comhttp://www.mavida.comhttp://maurizio.mavida.comhttps://twitter.com/miziomonhttp://www.slideshare.net/miziomonhttp://www.linkedin.com/in/mauriziopelizzone

Why we need «hardening» ?

Dangers

1. Social engineering2. Password Brute force attack3. Exploit4. Human mistakes5. Server vulnerabilities6. Network vulnerabilities7. File Permissions

1. Social engineering2. Password Brute force attack3. Exploit4. Human mistakes5. Server vulnerabilities6. Network vulnerabilities7. File Permissions

1. Social engineering2. Password Brute force attack3. Exploit4. Human mistakes5. Server vulnerabilities6. Network vulnerabilities7. File Permissions

The solution

BACKUP

Checklist

Disallow access / delete readme.html

<files readme.html>Order allow,denyDeny from all</files>

ADVANCED USER

Check Admin Permission

Prevent WordPress users list

http://www.yourwebsite.com/?author=1http://www. yourwebsite.com/?author=2http://www. yourwebsite.com/?author=3http://www. yourwebsite.com/?author=4

RewriteCond %{QUERY_STRING} (^|&)author=RewriteRule . http://%{SERVER_NAME}/? [L]

ADVANCED USER

1. Hide2. Capcha3. Limit attempts4. Restrict to your IP

Secure your wp_login.php

Deny access to xmlrpc.php

ADVANCED USER

<files xmlrpc.php>Order allow,denyDeny from all</files>

Deny php execution from upload dir

Order Allow,DenyDeny from all<Files ~ "\.(xls|doc|rtf|pdf|zip|mp3|flv|swf|png|gif|jpg|ico|js|css|kmz|ttf|woff|woff2)$"> Allow from all</Files>

ADVANCED USER

Disallow plugins install / update

define('DISALLOW_FILE_EDIT', true); define('DISALLOW_FILE_MODS',true);

ADVANCED USER

Shrink plugins number

1. Remove inactive plugin2. Remove useless plugin3. Evaluate code integration

Use STRONG password

Insecure Password• giulia76• password• 123456• qwerty• matrix

Secure Password• D7u8hI928FJYusx• Z5BLl20T8by1524• TLv7p64P63V5Hr1• 6b83668I15qRP2I• Um2d4Ejd9T1ExPr

http://strongpasswordgenerator.com/

BLACKHOLE

BLACKHOLE

http://perishablepress.com/blackhole-bad-bots/

TOOLS

Codex References

• http://codex.wordpress.org/Hardening_WordPress

• http://codex.wordpress.org/Administration_Over_SSL

• http://codex.wordpress.org/Editing_wp-config.php

?

Thank you

Maurizio Pelizzone@miziomonmaurizio@mavida.comhttp://maurizio.mavida.com

http://maurizio.mavida.com/

top related

wordpress hardening (campus party mexico 4)
Technology
laser hardening
Documents
surface hardening
Documents
hardening soil
Documents
wordpress security & hardening steps
Technology
hardening. consulting. contracting. - gerster.ch der... ·...
Documents
· pdf filetufftride abp, shaft hardening, coil/ring...
Documents
influence of hardening on the microstructure and the wear...
Documents
case hardening
Documents
oracleoptimizer-v4 [modalit compatibilit...
Documents
hardening solaris
Technology
hardening in wordpress i
Technology
ensa v4 module 04 hardening physical security.pdf
Documents
work hardening
Documents
hardening wordpress: a guide to stop or recover from a pwn....
Documents
age hardening
Engineering
review duplex hardening of steels for aeroengine...
Documents
hardening rhel5 - hardening red hat enterprise linux 5
Documents
ensa v4 module 17 hardening routers.pdf
Documents
hardening en wordpress ii
Technology