SlideShare a Scribd company logo

WordPress Security Hardening

Download as PPT, PDF
Timothy Wood
Timothy Wood

This document discusses various methods for hardening WordPress security, including: 1) Hardening the server file system and application software through techniques like locking down folders, restricting admin access, and updating software regularly. 2) Hardening the WordPress application through steps such as renaming folders, disabling admin links, and choosing strong passwords. 3) Recommending resources on WordPress security best practices and plugins.

1 of 7
Security & Hardening Timothy Wood (@codearachnid) [email_address]
Areas of compromise: File (server) system hardening Application software hardening ... and YOU! Security & Hardening - Introduction http://www.flickr.com/photos/nbachiyski/1463351154/
.htaccess is your friend Lock down folders Lock IPs from admin Secure your database Never (EVER) use root - good user security (http://bit.ly/17vo6y) Change up the defaults     Server scans & security to prevent and monitor File change monitoring (http://snipit.me/u/11) Routine backups are your friend Lock down the server like with any other site Security & Hardening - System Hardening
Start with good resources Read reviews of other users Never be the first adopter for production level Write your own tools/plugins   Keep software up to date (core, plugins, themes, etc.) Review changelogs on 3rd party code Monitor "hidden" files (.htaccess) for unapproved changes Routine blog scans http://bit.ly/JK5dw Need to know only Remove tell tale signs (meta, footer links, etc.) Change up the wp-content folder Security & Hardening - Application Hardening
Rename and Upload the WordPress Folder Disable links to the administration area Extend the file wp-config.php Move & protect the wp-config.php file Delete the admin User Account Choose strong passwords  Protect the wp-admin Directory  Suppress Error Feedback on the Log-In Page Restrict Erroneous Log-In Attempts Security & Hardening - App. Admin Hardening FYI source of this slide can be found http://bit.ly/MA32j
Login pages should be encrypted Data validation should be done server-side Manage your site via encrypted connection Connect from a secured network Don't share login credentials Maintain a secure workplace Physical Software Use multiple layers of redundancy for protection Security & Hardening - Application Hardening
This presentation - http://bit.ly/1FGGa WordPress Security Whitepaper - http://is.gd/nbjQ Lorelle on WordPress - http://is.gd/2v9K WordPress File Monitor - http://snipit.me/u/11 20 WordPress Security Plug-ins And Tips To keep Hackers Away- http://bit.ly/fim37 Security & Hardening - Credits http://www.flickr.com/photos/donncha/134015140/

More Related Content

WordPress Security Hardening

  • 1. Security & Hardening Timothy Wood (@codearachnid) [email_address]
  • 2. Areas of compromise: File (server) system hardening Application software hardening ... and YOU! Security & Hardening - Introduction http://www.flickr.com/photos/nbachiyski/1463351154/
  • 3. .htaccess is your friend Lock down folders Lock IPs from admin Secure your database Never (EVER) use root - good user security (http://bit.ly/17vo6y) Change up the defaults     Server scans & security to prevent and monitor File change monitoring (http://snipit.me/u/11) Routine backups are your friend Lock down the server like with any other site Security & Hardening - System Hardening
  • 4. Start with good resources Read reviews of other users Never be the first adopter for production level Write your own tools/plugins   Keep software up to date (core, plugins, themes, etc.) Review changelogs on 3rd party code Monitor "hidden" files (.htaccess) for unapproved changes Routine blog scans http://bit.ly/JK5dw Need to know only Remove tell tale signs (meta, footer links, etc.) Change up the wp-content folder Security & Hardening - Application Hardening
  • 5. Rename and Upload the WordPress Folder Disable links to the administration area Extend the file wp-config.php Move & protect the wp-config.php file Delete the admin User Account Choose strong passwords  Protect the wp-admin Directory  Suppress Error Feedback on the Log-In Page Restrict Erroneous Log-In Attempts Security & Hardening - App. Admin Hardening FYI source of this slide can be found http://bit.ly/MA32j
  • 6. Login pages should be encrypted Data validation should be done server-side Manage your site via encrypted connection Connect from a secured network Don't share login credentials Maintain a secure workplace Physical Software Use multiple layers of redundancy for protection Security & Hardening - Application Hardening
  • 7. This presentation - http://bit.ly/1FGGa WordPress Security Whitepaper - http://is.gd/nbjQ Lorelle on WordPress - http://is.gd/2v9K WordPress File Monitor - http://snipit.me/u/11 20 WordPress Security Plug-ins And Tips To keep Hackers Away- http://bit.ly/fim37 Security & Hardening - Credits http://www.flickr.com/photos/donncha/134015140/