|

WordCamp US 2019 – Securing WordPress in the age of 0-Day Vulnerabilities – Rahul Nagare

ByTim Nolte Updated on
SlidesDownload

scaledynamix.com/WCUS

0-Day Vulnerabilities

  • Recently discovered
  • No current fix
  • Already being attacked

Reference – wpvulndb.com

Why My Site?

  • They want to send your traffic somewhere else to boost SEO rank
  • They want to use your site as a “bot” to attack a targeted site.

How Do You Protect Your Site?

Protection Against Redirects

  • Hardcode your site/home URL
  • Protect your wp-config.php

Protect Against Automated Plugin Updates

  • Limit access to wp-admin, white-list admin IPs

Protect Against Code Injections

  • Block all POST requests without a valid referrer
  • Set Content-Security-Policy header

You still need to follow the standard security best practices

Technical Architect

A Christ-follower, husband, father, and WordPress Developer with Forum One.

Similar Posts

  • |

    WordCamp GR 2019 – Confidently Testing WordPress – Steve Grunwell

    ByTim Nolte
    https://stevegrunwell.github.io/confidently-testing-wordpress/#/ Testing Fundamentals Automated Testing Reduces time + chance of human error Easily reproducible Gateway to CI/CD Test Types Unit – Test the smallest possible unit of an app. Often a single function Integration – How individual components interact End-to-End(E2E) – An entire path through an application Automated Testing Pyramid ROI for Testing System Under…
  • |

    WordCamp GR 2017 – Underscores & Me – Frederick Polk

    ByTim Nolte
    Frederick Polk – http://oneblackcrayon.com/ Generate your Underscores Theme: Use a custom build, with the Advanced Options, in order to tailor to your project needs. – https://underscores.me/ Underscores is Pre-built With: Sidebars Custom Logo Comments Featured Images Custom Headers Standard Core Theme Templates (404, comments, archives, header, footer) phpcs Sample Sites: amplifygr.com – Underscores, Visual Composer…

  • A Little Bit Of #WCGR With Me Camping

    ByTim Nolte
    As I headed off camping with the family this weekend I was choosing what to bring to keep my phone charged. When you are a tent camping family you only have so much room. The charging pack I received for speaking at last year’s #WordCamp Grand Rapids, and the USB conversation dongle from this year…
  • | |

    Highlights of WordCamp Grand Rapids 2018

    ByTim Nolte
    TL;DR – This year #WCGR was all about people and conversations for me. Oh, and trying my hand at speaking, which I didn’t totally bomb. Today marked the 4th WordCamp Grand Rapids that I’ve attended. Last year I was just an attendee but this year I stepped things up in a pretty bug way. I…

  • The Last Podcast On My Current Listening List

    ByTim Nolte
    I’ve been listening to podcasts for the better part of the last 10+ years. There have been many that have come and gone, and for sure I’ve enjoyed them all. There is however 1 podcast that currently remains on my must listen to list. That is Security Now with Steve Gibson, hosted by Leo Laporte….

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)