|

WordCamp US 2019 – Securing WordPress in the age of 0-Day Vulnerabilities – Rahul Nagare

ByTim Nolte Updated on
SlidesDownload

scaledynamix.com/WCUS

0-Day Vulnerabilities

  • Recently discovered
  • No current fix
  • Already being attacked

Reference – wpvulndb.com

Why My Site?

  • They want to send your traffic somewhere else to boost SEO rank
  • They want to use your site as a “bot” to attack a targeted site.

How Do You Protect Your Site?

Protection Against Redirects

  • Hardcode your site/home URL
  • Protect your wp-config.php

Protect Against Automated Plugin Updates

  • Limit access to wp-admin, white-list admin IPs

Protect Against Code Injections

  • Block all POST requests without a valid referrer
  • Set Content-Security-Policy header

You still need to follow the standard security best practices

Technical Architect

A Christ-follower, husband, father, and WordPress Developer with Forum One.

Similar Posts

Looking Back on 2017, the Year of Firsts
/ / / /

Looking Back on 2017, the Year of Firsts

ByTim Nolte
I don’t recall if I’ve ever written any sort of year-in-review blog post or even social media post, but this year I have had so many firsts that I wanted to reflect on and share my thanks for. Health In the health department I not only reached my initial target goal weight but actually surpassed it, and my second target. I think this year I’ve weighed the least that I have in 26 years. I have always struggled with my weight and living a more healthy lifestyle. I attribute my success primarily to my wife, and also to the encouragement of many friends and family. I also had to have a lot of self-determination as well, but that was only had by seeing the impact my…
WordCamp Grand Rapids 2018 Swag
/ /

Highlights of WordCamp Grand Rapids 2018

ByTim Nolte Updated on
TL;DR – This year #WCGR was all about people and conversations for me. Oh, and trying my hand at speaking, which I didn’t totally bomb. Today marked the 4th WordCamp Grand Rapids that I’ve attended. Last year I was just an attendee but this year I stepped things up in a pretty bug way. I was not only a volunteer at the Happiness Bar, but I helped with organize the event, and was even one of the speakers. One of the things I love about #WordCamp Grand Rapids, and the #WordPress community is the people. Yet again I felt welcomed as a member of the community, valued for my experiences as a developer and user of WordPress, and encouraged when I had doubts of being…
/

WordCamp US 2019 – Just Enough React for WordPress – Shannon Smith

ByTim Nolte Updated on
New Block Editor Discover the Possibilities Block templates Blocks instead of custom fields, shortcodes, etc How Does the New Block Editor Work? Uses React, JavaScript/JSX Blocks are like plugins There is a Core Layer & Editorial Layer React abstraction is built-in Cool Stuff Blocks can be reusable Backend Workflow-only blocks Block level locking – you can remove blocks that are not needed. React Uses JSON literals It’s in the HTML but doesn’t negatively affect the HTML Templates You can create block templates Can be assigned to existing post types You can have nested templates Compatibility Shortcodes Will continue to work as before but contained within a block Custom Post Types Metaboxes Can be converted to blocks Can be used in the block editor Themes You…
WordCamp GR 2017 – WP-API: The Good, the Bad, and the Ugly – J Andrew Scott
/

WordCamp GR 2017 – WP-API: The Good, the Bad, and the Ugly – J Andrew Scott

ByTim Nolte
J Andrew Scott – http://rubberchickenfarm.com/ History of APIs RSS Advantages Fast & reliable Easy to consume Almost no technical footprint Disadvantages Read-only Static content No authentication No user-driven content (i.e. comments, favorites, etc) DIY API Advantages Dynamic content User-driven content App & user authentication Roles & permissions based Connected applications Disadvantages DIY OAuth Redundant URI scheme Mediocre performance Large technical footprint WP-API Advantages Succinct URI scheme Improved performance Small technical footprint Available in WordPress core Disadvantages Granular transactions No batch uploads Increased number of API calls What once required 2 web servers now required 12-15 servers WP-API Disadvantage Factors & Solutions Number of content types Solution: consolidate endpoints Volume of individual API calls Solution: batch processing endpoints Frequency of individual API calls Solution: page-level caching Lessons…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)