nina sebescen dr brian butler inst 741 december 12 th 2013 n.
Skip this Video
Loading SlideShow in 5 Seconds..
WordPress Security PowerPoint Presentation
Download Presentation
WordPress Security

Loading in 2 Seconds...

play fullscreen
1 / 14

WordPress Security - PowerPoint PPT Presentation

  • Uploaded on

Nina Sebescen Dr. Brian Butler INST 741 December 12 th , 2013. Security. Project Objectives. Find out what specific security issues exist with installations and find ways to prevent them

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'WordPress Security' - chaney-nichols

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
nina sebescen dr brian butler inst 741 december 12 th 2013
Nina Sebescen

Dr. Brian Butler

INST 741

December 12th, 2013 Security

project objectives
Project Objectives
  • Find out what specific security issues exist with installations and find ways to preventthem
  • Offer one-stop place to get more consolidated information on security issues
  • Increase user awareness about security issues
project motivation
Project Motivation
  • has an architectural model that is prone to security attacks
    • Standardization
    • Use of plugins
  • Users who are not aware of this problem, often get hacked
project deliverables
Project Deliverables
  • security plugins bundle –
  • Step-by-step video tutorial on how to install the bundle and configure the plugins
  • Articles written about security issues posted on MIM Central to increase user awareness
current knowledge and gaps
Current Knowledge and Gaps
  • The vast majority of users only become aware of security issues after being hacked
  • There are various blogs/tutorials available online but none of them consolidate all the information
  • There are YouTube videos available for specific plugins if you know what to search for. Very few provide information about multiple security plugins working together.
  • Not much information is available about creating WordPress plugin bundles
  • Read online blogs and various references to understand where the security issues are and how they can be prevented
  • Conducted a survey to understand user awareness about security issues
main findings
Main Findings platform is very vulnerable to hacking attacks

  • Popularity (over 60 million people use
  • Ease of use which attracts wide variety of users
  • Standardized architecture and installation packages
  • Default admin user account and DB ID 1
  • Default DB prefix wp_
  • Default file system structure
  • Plugin usage
things to be aware of
Things To Be Aware Of
  • Hosting company choice
  • Local machine firewall and antivirus
  • FTP usage (SFTP preferred)
  • DB and file system backups
  • Admin account (application and DB)
  • Login security
  • Security plugins
  • Spam
survey findings user awareness
Survey Findings – User Awareness
  • 19 users participated mainly from UMD
  • 58% not aware of any security issues
  • 42% left the default admin user
  • 84% didn’t change the DB prefix
  • 74% doesn’t do any scheduled DB backups
  • 79% doesn’t do any scheduled file system backups
  • 53% will start from scratch in case their site gets hacked
  • 48% specify huge time loss in case their site gets hacked
  • 90% has no security plugins installed
  • 21% had their websites compromised
  • Create a plugin bundle ( and a tutorial to explain in detail how each of the plugins works
  • Better WP Security
  • Conditional Captcha for WordPress
  • Sucuri Security – SiteCheck Malware Scanner
  • Google Authenticator
  • Increase user awareness about security issues through posting articles on MIM Central
address questions raised
Address Questions Raised
  • How will the bundle be updated going forward?
  • Bundle is a set of plugins, so every plugin needs to be updated individually through a Dashboard
  • How will the bundle creation be tested?
  • New hosting domain has been setup to test the bundle and all the plugin configuration
  • How will the bundle be tested to ensure site security?
  • Individual tests, checking spammed comments, and logs for activity
future considerations
Future Considerations
  • Install Akismet plugin for additional spam protection
  • Install Clef mobile app and plugin for two-factor authentication
  • (various articles about WordPress)
  • (support page, plugins page)