|

WordCamp US 2019 – Securing WordPress in the age of 0-Day Vulnerabilities – Rahul Nagare

ByTim Nolte Updated on
SlidesDownload

scaledynamix.com/WCUS

0-Day Vulnerabilities

  • Recently discovered
  • No current fix
  • Already being attacked

Reference – wpvulndb.com

Why My Site?

  • They want to send your traffic somewhere else to boost SEO rank
  • They want to use your site as a “bot” to attack a targeted site.

How Do You Protect Your Site?

Protection Against Redirects

  • Hardcode your site/home URL
  • Protect your wp-config.php

Protect Against Automated Plugin Updates

  • Limit access to wp-admin, white-list admin IPs

Protect Against Code Injections

  • Block all POST requests without a valid referrer
  • Set Content-Security-Policy header

You still need to follow the standard security best practices

Technical Architect

A Christ-follower, husband, father, and WordPress Developer with Forum One.

Similar Posts

  • | |

    WordPress DevOps – WordCamp Grand Rapids 2018

    ByTim Nolte
    1. Introductions Development History High School 1996 – Personal School Website – image maps with cgi-bin processing written in C 1996 – Davisco Foods International (First Freelance Job) – static HTML site College 2000 – Inspiration Point Christian Camp & Retreat Center – perl for form processing, PHP template-based site Post-College 2002 – Cross Roads…

  • A Little Bit Of #WCGR With Me Camping

    ByTim Nolte
    As I headed off camping with the family this weekend I was choosing what to bring to keep my phone charged. When you are a tent camping family you only have so much room. The charging pack I received for speaking at last year’s #WordCamp Grand Rapids, and the USB conversation dongle from this year…
  • | |

    Highlights of WordCamp Grand Rapids 2018

    ByTim Nolte
    TL;DR – This year #WCGR was all about people and conversations for me. Oh, and trying my hand at speaking, which I didn’t totally bomb. Today marked the 4th WordCamp Grand Rapids that I’ve attended. Last year I was just an attendee but this year I stepped things up in a pretty bug way. I…
  • | | | |

    WordPress Meetup 3/21/19

    ByTim Nolte
    Show & Tell WPRig – Morten Rand-Hendrickson (to be next guest speaker) Bold Grid Cloud WordPress Repo Testing – WordPress Theme/Plugin Tester Poopy.Life – Temporary WordPress Installs BrowserStack – Website/Browser Testing Service Grav – Static Site CMS Statamic – Static Site Generator Hugo – Static Site Generator Strattic – Static Site Generator for WordPress Caldera…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)