|

WordCamp US 2019 – Securing WordPress in the age of 0-Day Vulnerabilities – Rahul Nagare

ByTim Nolte Updated on
SlidesDownload

scaledynamix.com/WCUS

0-Day Vulnerabilities

  • Recently discovered
  • No current fix
  • Already being attacked

Reference – wpvulndb.com

Why My Site?

  • They want to send your traffic somewhere else to boost SEO rank
  • They want to use your site as a “bot” to attack a targeted site.

How Do You Protect Your Site?

Protection Against Redirects

  • Hardcode your site/home URL
  • Protect your wp-config.php

Protect Against Automated Plugin Updates

  • Limit access to wp-admin, white-list admin IPs

Protect Against Code Injections

  • Block all POST requests without a valid referrer
  • Set Content-Security-Policy header

You still need to follow the standard security best practices

Technical Architect

A Christ-follower, husband, father, and WordPress Developer with Forum One.

Similar Posts

  • WordCamp GR 2017 – Elementary, My Dear Coder – Nicole Paschen Caylor

    ByTim Nolte
    Nicole Paschen Caylor – https://github.com/nicolepaschen Code.org The Hour of Code Kodable – paid program, self-guided game Tynker – tynker.com Code Spark Academy Computer Science Curriculum Uses drag-n-drop code blocks Points out more efficient ways of accomplishing task ScratchJr – found on PBS Kids as well(provides more familiar characters) Scratch – for older kids Tips for Success Site with your child Explain things to your child as you go along Resources: Lego Mindstorms Hello World – book on Python programming CS Unplugged – free, downloadable, offline, ages 9+ Grand Valley State University, Pew Campus, Grand Rapids, MI
  • / /

    Highlights of WordCamp Grand Rapids 2018

    ByTim Nolte Updated on
    TL;DR – This year #WCGR was all about people and conversations for me. Oh, and trying my hand at speaking, which I didn’t totally bomb. Today marked the 4th WordCamp Grand Rapids that I’ve attended. Last year I was just an attendee but this year I stepped things up in a pretty bug way. I was not only a volunteer at the Happiness Bar, but I helped with organize the event, and was even one of the speakers. One of the things I love about #WordCamp Grand Rapids, and the #WordPress community is the people. Yet again I felt welcomed as a member of the community, valued for my experiences as a developer and user of WordPress, and encouraged when I had doubts of being…
  • /

    WordCamp GR 2019 – Confidently Testing WordPress – Steve Grunwell

    ByTim Nolte Updated on
    https://stevegrunwell.github.io/confidently-testing-wordpress/#/ Testing Fundamentals Automated Testing Reduces time + chance of human error Easily reproducible Gateway to CI/CD Test Types Unit – Test the smallest possible unit of an app. Often a single function Integration – How individual components interact End-to-End(E2E) – An entire path through an application Automated Testing Pyramid ROI for Testing System Under Test (SUT) The system we’re currently testing: A single method A class A whole feature WordPress Testing is Complicated Tightly-coupled system Difficult to test anything in true isolation Testing Toolbox PhpUnit – https://phpunit.de/ Structure Test Suite – Collection of test classes Test Class (class) – Collection of test methods Test Case (method) – A single scenario to be tested Assertions True or False Equality Verify Contents – contains, regular expression…
  • /

    Using WordPress As My Note Taking Tool

    ByTim Nolte Updated on
    So this past Sunday, in a continued effort to find my replacement note taking tool for Evernote, I decided to give my blog a try as a not taking tool. I have the Android app on my phone and tablet so that step made things fairly easy. For the most part things went very well, except I still don’t like the lack of Post Format editing support in the mobile app. I still had to switch over to the web to refine my final note the way I liked it to be. Did some Googling to see what other people’s experiences have been with trying this. Might have to give some of their suggestions a try as well. WordPress as a note taking tool Use…
  • / / / /

    WordPress Meetup 3/21/19

    ByTim Nolte
    Show & Tell WPRig – Morten Rand-Hendrickson (to be next guest speaker) Bold Grid Cloud WordPress Repo Testing – WordPress Theme/Plugin Tester Poopy.Life – Temporary WordPress Installs BrowserStack – Website/Browser Testing Service Grav – Static Site CMS Statamic – Static Site Generator Hugo – Static Site Generator Strattic – Static Site Generator for WordPress Caldera Forms – WordPress Form Generator https://www.simplystatic.co/ https://www.hardypress.com/ WordPress Related Job Market Job Options Non-Technical WordPress Website Work Content – articles, documentation Editing Strategy Auditing SEO – implementing, auditing, specialization Services Marketing Social media management community engagement Help Others Administration Business Management Project Management Support Non-WordPress Businesses Looking to start something new in WordPress Finding A Job Continue Where You Started Examine Your Experiences Get Out There Have Conversations Getting Hired…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)