Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

SEGURIDAD EN WP [II]

No description
by

Jorge Websec

on 29 October 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of SEGURIDAD EN WP [II]

START
WP-CONFIG
define(‘DISALLOW_FILE_EDIT’, true);
//Bloquea modificaciones en archivos a través del editor...
define(‘DISALLOW_FILE_MODS’,true);
//No permite subir plugins y themes.
PLUGINS DE SEGURIDAD
Ithemes security (muy completo)
WordFence
Akismet
WordPressA Security Plugin (para prevenir plugins y themes vulnerables)
Es fundamental...
El core debe estar actualizado...
Los themes esten actualizados...
Los plugins esten actualizados...
No usar themes y plugins de pagos piratas...
Si usas plantillas y plugins piratas...
- https://sitecheck.sucuri.net/
- CodeGuard
- Antivirus
SEGURIDAD EN WP [II]
Instalación y configuración de seguridad
Si el servidor acepta SSL -->
define(‘FORCE_SSL_ADMIN’, true);
Cambiar directorio wp-config
Quita la información de la db y sitúala en un directorio protegido
<?php include("/home/USER/wp-config.php");?>
@WPsecurity_ES
¿PREPARADOS
PARA LA BATALLA?
¿Qué son los hooks?
Trabajar con la API de WP.
Existen de 2 tipos:
add_action: insertar código en ciertos puntos.
add_filter: modifica funciones del core de WP
REMOVE_ACTION/FILTER:
remove_action('wp_head', 'wp_generator');
Ejm:
WPHARDENING
git clone https://github.com/elcodigok/wphardening.git
Full transcript