Plugin Security: Best Practices for Hardening your WordPress Site

Lax Mariappan

Eternus Global

#WCDAVAO2019 @LaxMariappan

​

Lax Mariappan

• Co-founder of Eternus Global
• Open source enthusiast
• Halo-halo lover

Follow me @LaxMariappan

​

​

​

​

#WORDCAMPDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

dolphyquizon.com

#WORDCAMPDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

WHY?

#WCDAVAO2019 @LaxMariappan

​

Myth Vs Facts

#WCDAVAO2019 @LaxMariappan

​

Stats

#WCDAVAO2019 @LaxMariappan

​

Type of Vulnerabilities

For Site Owners

#WCDAVAO2019 @LaxMariappan

​

Secure your login credentials

#WORDCAMPDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Stay updated

#WORDCAMPDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Harden your site

#WORDCAMPDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Monitor regularly

#WORDCAMPDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Never underestimate logs

#WORDCAMPDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Consider “Static” or “headless”

#WORDCAMPDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

​

wpvulndb.com

#WCDAVAO2019 @LaxMariappan

​

Tools

Malware Scanner Sucuri

​

Scanner & Firewall like Wordfence

​

WAF like Cloudflare

​

Backup plugins like UpdraftPlus

​

​

​

Trusted Security News

WordPress News

​

Sucuri Blog

​

Wordfence Blog

​

The Hacker News

​

Kinsta Blog

​

​

​

For Developers

#WCDAVAO2019 @LaxMariappan

​

Plugin Boilerplate

​

Credits: https://wppb.me/

#WORDCAMPDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Sanitize data

#WCDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Prepare your SQL queries

#WCDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

POST vs GET

#WCDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Verify Nonces

​

#WCDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Restrict Access

​

#WCDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Review your code

#WCDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Say no to

nulled plugins

imgflip.com

#WCDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Notify admin

Credits: premium.wpmudev.org

#WCDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Be a beta tester

#WCDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Report bugs and suggest new features

#WCDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Spread the word

#WCDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Takeaways

Choose a secured hosting service & official plugins

Stay updated

Keep an eye on the site

Stick to coding standards

Get help and help others

#WCDAVAO2019 @LaxMariappan

​

Security is a team effort

Credits:star2.com

#WCDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Any questions?

#WCDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​

Salamat gid

​

​

​

​

​

* Photos of Garfield taken by me

Game of thrones images from vox.com, Esquire

#WORDCAMPDAVAO2019 @LaxMariappan

​

#WCDAVAO2019 @LaxMariappan

​