Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
8 WAYS TO HACK A WORDPRESS SITE WordCamp Porto 2013 Daniel Kanchev
Before We Begin… • 7+ Years of WordPress experience • 5 years with SiteGround • Love FOSS • Addicted to extreme and...
Why should YOU care?
1. OUTDATED WORDPRESS CORE
1. OUTDATED WORDPRESS CORE • WP 3.7.1 - MAINTENANCE RELEASE • WP 3.6.1 - SECURITY RELEASE • WP 3.5.2 - SECURITY RELEA...
1. OUTDATED WORDPRESS CORE • WP 3.7.1 - MAINTENANCE RELEASE • WP 3.6.1 - SECURITY RELEASE • WP 3.5.2 - SECURITY RELEA...
UPDATE, UPDATE, UPDATE!
2. OUTDATED PLUGINS/THEMES
WP PLUGINS SECURITY STATE “Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins ...
NOTABLE EXAMPLES • timthumb.php Security Vulnerability
 • W3 Total Cache Vulnerability
LIVE DEMONSTRATION
3. UPDATED BUT STILL VULNERABLE
FREE THEMES/PLUGINS ?! “8 out of 10 sites included base64 encoding in their themes.” Siobhan McKeown
TRUSTED DEVELOPERS
USE WAF
4. WEAK LOGIN DETAILS
Do you log in with username “admin” ?
KEEP
 CALM AND LET ME SHOW YOU WHY
CHANGE THE ADMIN USER UPDATE wp_users SET user_login = ‘Yourname+_admin’ where user_login = ‘admin’;
STRONG PASSWORDS Use a whole sentence or a favourite quote: Comedy is acting out optimism!
5. MALWARE
SECURE YOUR COMPUTERS • Keep your OS and all programs updated • Install Anti-Virus software • Use personal firewalls ...
6. VULNERABLE SERVER SOFTWARE
WATCHA TALKIN ABOUT
SOME EXAMPLES • PHP-CGI Vulnerability - versions before 5.3.12/5.4.2 • MySQL/MariaDB Vulnerability - versions before 5....
• Update server software • Follow security bulletins • Hire professional sysadmins
7. INCORRECTLY CONFIGURED SERVER
APACHE SYMLINK VULNERABILITY The Problem: public_html/fred.txt —> /home/otheracct/public_html/wp-config.php The Solution: ...
• Find a good host • Hire professional sysadmins
8. WRONG PERMISSIONS + ISOLATION
THE CORRECT PERMISSIONS Folders: 755 • Files: 644 • wp-config.php: 444 •
SSH COMMAND TO CORRECT PERMISSIONS • find /wordpress -type d -exec chmod 755 {} ; ! ! • find /wordpress -type f -exec chm...
GENERAL GUIDELINES • Use Secret Keys - http://api.wordpress.org/secret- key/1.1/salt • Move • Use wp-config.php to paren...
QUESTIONS ?
THANK YOU! Daniel Kanchev
 @dvkanchev daniel.k@siteground.com
http://slideshare.net/siteground
REFERENCES • http://blog.sucuri.net/2013/05/from-a-site-compromise-to-fullroot-access-symlinks-to-root-part-i.html • ht...
8 Ways to Hack a WordPress website
Upcoming SlideShare
Loading in …5
×

8 Ways to Hack a WordPress website

192,972 views

Published on

Presented by Daniel Kanchev

Published in: Technology, Business
no profile picture user
  • If u need a hand in making your writing assignments - visit ⇒ www.HelpWriting.net ⇐ for more detailed information.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Ich kann eine Website empfehlen. Er hat mir wirklich geholfen. ⇒ www.WritersHilfe.com ⇐ Zufrieden und beeindruckt.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hi there! I just wanted to share a list of sites that helped me a lot during my studies: .................................................................................................................................... www.EssayWrite.best - Write an essay .................................................................................................................................... www.LitReview.xyz - Summary of books .................................................................................................................................... www.Coursework.best - Online coursework .................................................................................................................................... www.Dissertations.me - proquest dissertations .................................................................................................................................... www.ReMovie.club - Movies reviews .................................................................................................................................... www.WebSlides.vip - Best powerpoint presentations .................................................................................................................................... www.WritePaper.info - Write a research paper .................................................................................................................................... www.EddyHelp.com - Homework help online .................................................................................................................................... www.MyResumeHelp.net - Professional resume writing service .................................................................................................................................. www.HelpWriting.net - Help with writing any papers ......................................................................................................................................... Save so as not to lose
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • One of the key benefits of ⇒ HelpWriting.net ⇐ clients is that you communicate with writer directly and manage your order personally.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Follow the link, new dating source: ❶❶❶ http://bit.ly/39sFWPG ❶❶❶
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
Show More
Show More

8 Ways to Hack a WordPress website

  1. 1. 8 WAYS TO HACK A WORDPRESS SITE WordCamp Porto 2013 Daniel Kanchev
  2. 2. Before We Begin… • 7+ Years of WordPress experience • 5 years with SiteGround • Love FOSS • Addicted to extreme and not so secure sports
  3. 3. Why should YOU care?
  4. 4. 1. OUTDATED WORDPRESS CORE
  5. 5. 1. OUTDATED WORDPRESS CORE • WP 3.7.1 - MAINTENANCE RELEASE • WP 3.6.1 - SECURITY RELEASE • WP 3.5.2 - SECURITY RELEASE • WP 3.5.1 - SECURITY RELEASE • WP 3.4.2 - SECURITY RELEASE • WP 3.4.1 - SECURITY RELEASE • WP 3.3.3 - SECURITY RELEASE • WP 3.3.2 - SECURITY RELEASE • WP 3.3.1 - SECURITY RELEASE • WP 3.2.1 - MAINTENANCE RELEASE
  6. 6. 1. OUTDATED WORDPRESS CORE • WP 3.7.1 - MAINTENANCE RELEASE • WP 3.6.1 - SECURITY RELEASE • WP 3.5.2 - SECURITY RELEASE • WP 3.5.1 - SECURITY RELEASE • WP 3.4.2 - SECURITY RELEASE • WP 3.4.1 - SECURITY RELEASE • WP 3.3.3 - SECURITY RELEASE • WP 3.3.2 - SECURITY RELEASE • WP 3.3.1 - SECURITY RELEASE • WP 3.2.1 - MAINTENANCE RELEASE 80%
  7. 7. UPDATE, UPDATE, UPDATE!
  8. 8. 2. OUTDATED PLUGINS/THEMES
  9. 9. WP PLUGINS SECURITY STATE “Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection” http://www.checkmarx.com/wp-content/uploads/2013/06/The-Security-State-of-WordPressTop-50-Plugins.pdf
  10. 10. NOTABLE EXAMPLES • timthumb.php Security Vulnerability
 • W3 Total Cache Vulnerability
  11. 11. LIVE DEMONSTRATION
  12. 12. 3. UPDATED BUT STILL VULNERABLE
  13. 13. FREE THEMES/PLUGINS ?! “8 out of 10 sites included base64 encoding in their themes.” Siobhan McKeown
  14. 14. TRUSTED DEVELOPERS
  15. 15. USE WAF
  16. 16. 4. WEAK LOGIN DETAILS
  17. 17. Do you log in with username “admin” ?
  18. 18. KEEP
 CALM AND LET ME SHOW YOU WHY
  19. 19. CHANGE THE ADMIN USER UPDATE wp_users SET user_login = ‘Yourname+_admin’ where user_login = ‘admin’;
  20. 20. STRONG PASSWORDS Use a whole sentence or a favourite quote: Comedy is acting out optimism!
  21. 21. 5. MALWARE
  22. 22. SECURE YOUR COMPUTERS • Keep your OS and all programs updated • Install Anti-Virus software • Use personal firewalls • Open • Use sites via HTTPS whenever possible SSH or SFTP instead of FTP
  23. 23. 6. VULNERABLE SERVER SOFTWARE
  24. 24. WATCHA TALKIN ABOUT
  25. 25. SOME EXAMPLES • PHP-CGI Vulnerability - versions before 5.3.12/5.4.2 • MySQL/MariaDB Vulnerability - versions before 5.5.25 • Apache range header DoS - versions before 2.2.20
  26. 26. • Update server software • Follow security bulletins • Hire professional sysadmins
  27. 27. 7. INCORRECTLY CONFIGURED SERVER
  28. 28. APACHE SYMLINK VULNERABILITY The Problem: public_html/fred.txt —> /home/otheracct/public_html/wp-config.php The Solution: Add to httpd.conf or .htaccess file: SymLinksIfOwnerMatch
  29. 29. • Find a good host • Hire professional sysadmins
  30. 30. 8. WRONG PERMISSIONS + ISOLATION
  31. 31. THE CORRECT PERMISSIONS Folders: 755 • Files: 644 • wp-config.php: 444 •
  32. 32. SSH COMMAND TO CORRECT PERMISSIONS • find /wordpress -type d -exec chmod 755 {} ; ! ! • find /wordpress -type f -exec chmod 644 {} ;
  33. 33. GENERAL GUIDELINES • Use Secret Keys - http://api.wordpress.org/secret- key/1.1/salt • Move • Use wp-config.php to parent folder SSL for wp-login.php • Allow admin access only from certain IPs
  34. 34. QUESTIONS ?
  35. 35. THANK YOU! Daniel Kanchev
 @dvkanchev [email protected]
  36. 36. http://slideshare.net/siteground
  37. 37. REFERENCES • http://blog.sucuri.net/2013/05/from-a-site-compromise-to-fullroot-access-symlinks-to-root-part-i.html • http://httpd.apache.org/security/CVE-2011-3192.txt • http://thehackernews.com/2012/06/cve-2012-2122-seriousmysql.html • http://blog.spiderlabs.com/2012/05/php-cgi-exploitation-byexample.html • http://www.checkmarx.com/wp-content/uploads/2013/06/TheSecurity-State-of-WordPress-Top-50-Plugins.pdf

×