Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Wordpress Security

No description

Alexander Sverdlov

on 26 September 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Wordpress Security

Wordpess Security Workshop
Wordpress Security
it's not just Wordpress. As breaking your door is not the only way to take your money.
0. Workstation Security
There are forums to sell wp-admin and joomla admin by the thousands (antichat.ru). Secure admin e-mail (gmail + 2 factor auth), updates, non-cracked OS/Software, etc.
Secure WP Install
prefix, password, username, secret key generator, change admin ID via phpmyadmin (and uninstall phpmyadmin from your VPS after that).
Shared hosting? Security?
Admin Tools
Bitvise Tunnelier
Keepass PasswordX 2.x
VPS Security
VPS security: fail2ban & logwatch, logwatch | less
IN CASE SHIT: proper forensic log preservation: compress /var/log, copy the archive, work with the copy.
Log Investigation:
Mandiant Highlighter
Plugins: trial and error, but:
1. http://wordpress.org/plugins/exploit-scanner/
2. http://wordpress.org/extend/plugins/wp-dbmanager - not just for backups. It's a red flag for MySQL vulnerabilities.
3. 2 factor auth.
4. hide ALL directories, ban ALL the offenders FOREVER. boatload of plugins for that.
$20/mo if you can afford it
by Alexander Sverdlov - http://nopasara.com
Full transcript