Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
WordPress Security
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Zachary A Skaggs
February 07, 2017
Technology
270
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
WordPress Security
Exploring and patching the weakest link in your WordPress site's security...you.
Zachary A Skaggs
February 07, 2017
Other Decks in Technology
See All in Technology
IaC コードを資産へ:AWS CDK 社内ライブラリと横断展開 / aws-summit-japan-2026
gotok365
10
1.6k
初めてのDatabricks勉強会
taka_aki
2
170
AWS Security Agent といっしょに脅威モデリングをやってみよう
amarelo_n24
1
210
クラウドファンディング版StackChan 3体(4体)をインタラクティブな体験型作品にして展示もした話 / スタックチャンお誕生日会2026
you
PRO
0
190
事業会社における 機械学習・推薦システム技術の活用事例と必要な能力 / ml-recsys-in-layerx-wantedly-2026
yuya4
0
160
從觀望到全公司落地:AI Agentic Coding 導入實戰 — 流程整合與安全治理
appleboy
0
110
WebGIS AI Agentの紹介
_shimizu
0
580
Multi-Agent並列開発を 安全に回すための技術 / Technology for Safely Multi-Agent Parallel Development
tooppoo
0
210
“詰む”前に仕組みを作れ 〜技術の波に溺れないためのキャッチアップ術〜
takasyou
7
4k
LayerX コーポレートエンジニアリング室におけるサプライチェーンセキュリティへの取り組み / Supply Chain Security at LayerX Corporate Engineering
yuyatakeyama
3
850
AI-DLCを “そのまま導入しなかった”話 ~組織に合わせてアジャストした 私たちの実践共有~
hiroramos4
PRO
1
440
クレデンシャル流出 ― 攻撃 3 時間 vs 復旧 10 時間。この非対称性にどう備えるか
kazzpapa3
3
590
Featured
See All Featured
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
350
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.6k
Utilizing Notion as your number one productivity tool
mfonobong
4
330
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
170
How to Think Like a Performance Engineer
csswizardry
28
2.7k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
23k
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.5k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
123
22k
Designing for Timeless Needs
cassininazir
1
260
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
750
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.7k
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
400
Transcript
WP Chattanooga 2/6/2017 Securing your SELF (Basics)
Passwords
How do they work? - User inputs password - Website
“hashes” the password with complex mathematical formula - Website compares the hashed password with the stored hash - If they match, the site will log you in
Yours are bad and you should feel bad.
The Math of a 6 Character Password Character Types Equation
Possibilities Brute Forced In: Numeric 10^6 1,111,110 1 second Lowercase 26^6 321,272,406 5m 21s Mixed Case 52^6 20,158,268,676 5h 35m 58s Mixed Case Numeric 62^6 57,731,386,986 16h 2m 11s MCN w/ Symbols 76^6 195,269,260,956 2d 6h 14m 29s
AVERAGE Math of a 6 Character Password Character Types Equation
Possibilities Brute Forced In: Numeric 10^6 1,111,110 1 second Lowercase 26^6 321,272,406 2m 50s Mixed Case 52^6 20,158,268,676 2h 45m Mixed Case Numeric 62^6 57,731,386,986 8h MCN w/ Symbols 76^6 195,269,260,956 1d 3h
“Real” Math of an AVG 8 Character Password Character Types
Equation Possibilities Brute Forced In: Numeric 10^6 1,111,110 <1 second Lowercase 26^6 321,272,406 <1 second Mixed Case 52^6 20,158,268,676 <1 hr Mixed Case Numeric 62^6 57,731,386,986 <3 hr MCN w/ Symbols 76^6 195,269,260,956 <9 hr
Solutions for Brute Force
Plugins to Detect Brute Force - Jetpack’s “Protect” feature -
iThemes Security - WP Limit Login Attempts - Anti-Malware Security and Brute-Force Firewall - SiteGuard WP Plugin - Shield WordPress Security
But none of that even matters.
YOU are the weakest link, even with the best brute
force plugin.
You likely have been or will be pwned. https://haveibeenpwned.com/
None
Solutions for Being Pwned
Password Manager Options - LastPass - Password Manager (I use
this one and like it) - Dashlane 4 - Zoho Vault - LogMeOnce - RoboForm
Password Manager - Generates a (truly) random password for every
site you visit - Stores all password in an encrypted manner - One master password, protected locally, by 2FA, and brute force detection
What is 2FA?
How do you identify yourself? Three vectors: - Something you
are (Likeness, DNA, fingerprint) - Something you have (ID Card, Phone Number) - Something you know (Password, username)
Two Factor Authentication
WordPress 2FA Methods - Clef - Duo - Authy -
Google Authenticator - Rublon - WordFence
But none of that even matters.
YOU are the weakest link, even with the strongest password
manager
Encryption (SSL / VPN)
None
WITH Encryption (SSL / VPN)
PWNED Username / Password / Credit Cards
WITHOUT Encryption (SSL / VPN)
AWW :( 8a34ee6f0378bc4637635f771e966af1
None
WordPress Plugins for SSL (HTTPS redirect) - Really Simple SSL
- SSL Insecure Content Fixer - WP Force SSL
Easy VPN Services - PrivateTunnel - PIA (Private Internet Access
- Tor OR, set up your own on: - Linode - Digital Ocean - AWS
EL FIN