WordPress Security

This meetup will be about useful tips for hardening your WordPress Security. These days WordPress has become a very popular CMS, for end users, developers, but also for hackers. All the reason more to make sure your site or your clients' sites are secure.

We will get into the following:

Introduction

Backdoors, Injections, Pharma Hack, Malicious Redirects, Defacements

Updates and Backups, Keep your own house clean

• Server Access - secure setup: SFTP, SSL, Patches, ..

Cross Site Contamination Measures - *Nix file and directory Permission, Apache File and Directory Hardening

• WordPress Setup Tweaks: wp config authentication keys, hide or remove wp files that give away useful intel, database prefix

• Brute Force Preventive measures

• PHP Execution Blocker

• Security Tools (WP Plugins, online and commandline based scan tools, blacklists)

NB Will try not to exceed 50 minutes so ~ 10 minutes per point.