wordpress hardening v4
TRANSCRIPT
![Page 1: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/1.jpg)
Torino, 10 Novembre 2015
![Page 2: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/2.jpg)
WORDPRESS HARDENING (LIGTH VERSION - V4)
![Page 3: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/3.jpg)
About meBirth in Turin (Italy)Co-Founder @ mavida.comSolution architectWordPress proud [email protected]://www.mavida.comhttp://maurizio.mavida.comhttps://twitter.com/miziomonhttp://www.slideshare.net/miziomonhttp://www.linkedin.com/in/mauriziopelizzone
![Page 4: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/4.jpg)
Why we need «hardening» ?
![Page 5: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/5.jpg)
![Page 6: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/6.jpg)
Dangers
![Page 7: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/7.jpg)
1. Social engineering2. Password Brute force attack3. Exploit4. Human mistakes5. Server vulnerabilities6. Network vulnerabilities7. File Permissions
![Page 8: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/8.jpg)
1. Social engineering2. Password Brute force attack3. Exploit4. Human mistakes5. Server vulnerabilities6. Network vulnerabilities7. File Permissions
![Page 9: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/9.jpg)
1. Social engineering2. Password Brute force attack3. Exploit4. Human mistakes5. Server vulnerabilities6. Network vulnerabilities7. File Permissions
![Page 10: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/10.jpg)
The solution
![Page 11: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/11.jpg)
BACKUP
![Page 12: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/12.jpg)
Checklist
![Page 13: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/13.jpg)
Disallow access / delete readme.html
![Page 14: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/14.jpg)
<files readme.html>Order allow,denyDeny from all</files>
ADVANCED USER
![Page 15: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/15.jpg)
Check Admin Permission
![Page 16: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/16.jpg)
Prevent WordPress users list
http://www.yourwebsite.com/?author=1http://www. yourwebsite.com/?author=2http://www. yourwebsite.com/?author=3http://www. yourwebsite.com/?author=4
![Page 17: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/17.jpg)
RewriteCond %{QUERY_STRING} (^|&)author=RewriteRule . http://%{SERVER_NAME}/? [L]
ADVANCED USER
![Page 18: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/18.jpg)
1. Hide2. Capcha3. Limit attempts4. Restrict to your IP
Secure your wp_login.php
![Page 19: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/19.jpg)
![Page 20: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/20.jpg)
![Page 21: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/21.jpg)
![Page 22: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/22.jpg)
![Page 23: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/23.jpg)
Deny access to xmlrpc.php
![Page 24: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/24.jpg)
ADVANCED USER
<files xmlrpc.php>Order allow,denyDeny from all</files>
![Page 25: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/25.jpg)
Deny php execution from upload dir
Order Allow,DenyDeny from all<Files ~ "\.(xls|doc|rtf|pdf|zip|mp3|flv|swf|png|gif|jpg|ico|js|css|kmz|ttf|woff|woff2)$"> Allow from all</Files>
ADVANCED USER
![Page 26: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/26.jpg)
Disallow plugins install / update
define('DISALLOW_FILE_EDIT', true); define('DISALLOW_FILE_MODS',true);
ADVANCED USER
![Page 27: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/27.jpg)
Shrink plugins number
1. Remove inactive plugin2. Remove useless plugin3. Evaluate code integration
![Page 28: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/28.jpg)
Use STRONG password
Insecure Password• giulia76• password• 123456• qwerty• matrix
Secure Password• D7u8hI928FJYusx• Z5BLl20T8by1524• TLv7p64P63V5Hr1• 6b83668I15qRP2I• Um2d4Ejd9T1ExPr
http://strongpasswordgenerator.com/
![Page 29: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/29.jpg)
BLACKHOLE
![Page 30: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/30.jpg)
BLACKHOLE
http://perishablepress.com/blackhole-bad-bots/
![Page 31: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/31.jpg)
TOOLS
![Page 32: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/32.jpg)
![Page 33: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/33.jpg)
![Page 34: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/34.jpg)
![Page 35: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/35.jpg)
![Page 36: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/36.jpg)
![Page 37: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/37.jpg)
![Page 38: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/38.jpg)
![Page 39: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/39.jpg)
![Page 40: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/40.jpg)
Codex References
• http://codex.wordpress.org/Hardening_WordPress
• http://codex.wordpress.org/Administration_Over_SSL
• http://codex.wordpress.org/Editing_wp-config.php
![Page 41: WordPress Hardening v4](https://reader036.vdocument.in/reader036/viewer/2022081520/587e89c81a28ab672b8b465f/html5/thumbnails/41.jpg)
?