Upgrade to Pro — share decks privately, control downloads, hide ads and more …

WordPress Security

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Zachary A Skaggs Zachary A Skaggs
February 07, 2017
Technology
1
270

WordPress Security

Exploring and patching the weakest link in your WordPress site's security...you.

Avatar for Zachary A Skaggs

Zachary A Skaggs

February 07, 2017
Tweet

Other Decks in Technology

See All in Technology
15 years with Rails and DDD (AI Edition)
Avatar for Andrzej Krzywda andrzejkrzywda
0
190
Webhook best practices for rock solid and resilient deployments
Avatar for Guillaume Laforge glaforge
1
280
茨城の思い出を振り返る ~CDKのセキュリティを添えて~ / 20260201 Mitsutoshi Matsuo
Avatar for SHIFT EVOLVE shift_evolve
PRO
1
240
Digitization部 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
6.8k
ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか
Avatar for Miki Matsumoto mikimatsumoto
0
220
Contract One Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
13k
Introduction to Sansan for Engineers / エンジニア向け会社紹介
Avatar for Sansan, Inc. sansan33
PRO
6
68k
~Everything as Codeを諦めない~ 後からCDK
Avatar for mu7889yoon / Yuta Nakamura mu7889yoon
3
330
Claude_CodeでSEOを最適化する_AI_Ops_Community_Vol.2__マーケティングx_AIはここまで進化した.pdf
Avatar for 小笠原理久 riku_423
2
540
SREのプラクティスを用いた3領域同時 マネジメントへの挑戦 〜SRE・情シス・セキュリティを統合した チーム運営術〜
Avatar for coconala_engineer coconala_engineer
2
630
ブロックテーマ、WordPress でウェブサイトをつくるということ / 2026.02.07 Gifu WordPress Meetup
Avatar for Toro_Unit (Hiroshi Urabe) torounit
0
170
SREが向き合う大規模リアーキテクチャ 〜信頼性とアジリティの両立〜
Avatar for Kuniaki Moriya zepprix
0
440

Featured

See All Featured
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
182
10k
Tell your own story through comics
Avatar for letsgokoyo letsgokoyo
1
810
The Success of Rails: Ensuring Growth for the Next 100 Years
Avatar for Eileen M. Uchitelle eileencodes
47
7.9k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
Avatar for Ines Montani inesmontani
PRO
0
210
Sam Torres - BigQuery for SEOs
Avatar for Tech SEO Connect techseoconnect
PRO
0
180
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
333
24k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
275
41k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
31
2.7k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
Avatar for Katarina Dahlin katarinadahlin
PRO
0
3.4k
Done Done
Avatar for chrislema chrislema
186
16k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9.1k
How Fast Is Fast Enough? [PerfNow 2025]
Avatar for Tammy Everts tammyeverts
3
450

Transcript

  1. WP Chattanooga 2/6/2017 Securing your SELF (Basics)

  2. Passwords

  3. How do they work? - User inputs password - Website

    “hashes” the password with complex mathematical formula - Website compares the hashed password with the stored hash - If they match, the site will log you in

  4. Yours are bad and you should feel bad.

  5. The Math of a 6 Character Password Character Types Equation

    Possibilities Brute Forced In: Numeric 10^6 1,111,110 1 second Lowercase 26^6 321,272,406 5m 21s Mixed Case 52^6 20,158,268,676 5h 35m 58s Mixed Case Numeric 62^6 57,731,386,986 16h 2m 11s MCN w/ Symbols 76^6 195,269,260,956 2d 6h 14m 29s

  6. AVERAGE Math of a 6 Character Password Character Types Equation

    Possibilities Brute Forced In: Numeric 10^6 1,111,110 1 second Lowercase 26^6 321,272,406 2m 50s Mixed Case 52^6 20,158,268,676 2h 45m Mixed Case Numeric 62^6 57,731,386,986 8h MCN w/ Symbols 76^6 195,269,260,956 1d 3h

  7. “Real” Math of an AVG 8 Character Password Character Types

    Equation Possibilities Brute Forced In: Numeric 10^6 1,111,110 <1 second Lowercase 26^6 321,272,406 <1 second Mixed Case 52^6 20,158,268,676 <1 hr Mixed Case Numeric 62^6 57,731,386,986 <3 hr MCN w/ Symbols 76^6 195,269,260,956 <9 hr

  8. Solutions for Brute Force

  9. Plugins to Detect Brute Force - Jetpack’s “Protect” feature -

    iThemes Security - WP Limit Login Attempts - Anti-Malware Security and Brute-Force Firewall - SiteGuard WP Plugin - Shield WordPress Security

  10. But none of that even matters.

  11. YOU are the weakest link, even with the best brute

    force plugin.

  12. You likely have been or will be pwned. https://haveibeenpwned.com/

  13. None

  14. Solutions for Being Pwned

  15. Password Manager Options - LastPass - Password Manager (I use

    this one and like it) - Dashlane 4 - Zoho Vault - LogMeOnce - RoboForm

  16. Password Manager - Generates a (truly) random password for every

    site you visit - Stores all password in an encrypted manner - One master password, protected locally, by 2FA, and brute force detection

  17. What is 2FA?

  18. How do you identify yourself? Three vectors: - Something you

    are (Likeness, DNA, fingerprint) - Something you have (ID Card, Phone Number) - Something you know (Password, username)

  19. Two Factor Authentication

  20. WordPress 2FA Methods - Clef - Duo - Authy -

    Google Authenticator - Rublon - WordFence

  21. But none of that even matters.

  22. YOU are the weakest link, even with the strongest password

    manager

  23. Encryption (SSL / VPN)

  24. None

  25. WITH Encryption (SSL / VPN)

  26. PWNED Username / Password / Credit Cards

  27. WITHOUT Encryption (SSL / VPN)

  28. AWW :( 8a34ee6f0378bc4637635f771e966af1

  29. None

  30. WordPress Plugins for SSL (HTTPS redirect) - Really Simple SSL

    - SSL Insecure Content Fixer - WP Force SSL

  31. Easy VPN Services - PrivateTunnel - PIA (Private Internet Access

    - Tor OR, set up your own on: - Linode - Digital Ocean - AWS

  32. EL FIN