WordCamp US 2019 – Securing WordPress in the age of 0-Day Vulnerabilities – Rahul Nagare
scaledynamix.com/WCUS 0-Day Vulnerabilities Recently discovered No current fix Already being attacked Reference – wpvulndb.com Why My Site? They want to send your traffic somewhere else to boost SEO rank They want to use your site as a “bot” to attack a targeted site. How Do You Protect Your Site? Protection Against Redirects Hardcode your site/home URL Protect your wp-config.php Protect Against Automated Plugin Updates Limit access to wp-admin, white-list admin IPs Protect Against Code Injections Block all POST requests without a valid referrer Set Content-Security-Policy header You still need to follow the standard security best practices