WordCamp US 2019 – Securing WordPress in the age of 0-Day Vulnerabilities – Rahul Nagare


0-Day Vulnerabilities

  • Recently discovered
  • No current fix
  • Already being attacked

Reference – wpvulndb.com

Why My Site?

  • They want to send your traffic somewhere else to boost SEO rank
  • They want to use your site as a “bot” to attack a targeted site.

How Do You Protect Your Site?

Protection Against Redirects

  • Hardcode your site/home URL
  • Protect your wp-config.php

Protect Against Automated Plugin Updates

  • Limit access to wp-admin, white-list admin IPs

Protect Against Code Injections

  • Block all POST requests without a valid referrer
  • Set Content-Security-Policy header

You still need to follow the standard security best practices

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.