/

WordCamp US 2019 – Securing WordPress in the age of 0-Day Vulnerabilities – Rahul Nagare

scaledynamix.com/WCUS 0-Day Vulnerabilities Recently discovered No current fix Already being attacked Reference – wpvulndb.com Why My Site? They want to send your traffic somewhere else to boost SEO rank They want to use your site as a “bot” to attack a targeted site. How Do You Protect Your Site? Protection Against Redirects Hardcode your site/home URL Protect your wp-config.php Protect Against Automated Plugin Updates Limit access to wp-admin, white-list admin IPs Protect Against Code Injections Block all POST requests without a valid referrer Set Content-Security-Policy header You still need to follow the standard security best practices
The Last Podcast On My Current Listening List

The Last Podcast On My Current Listening List

I’ve been listening to podcasts for the better part of the last 10+ years. There have been many that have come and gone, and for sure I’ve enjoyed them all. There is however 1 podcast that currently remains on my must listen to list. That is Security Now with Steve Gibson, hosted by Leo Laporte. If there is one podcast that I still can’t manage to miss it Security Now. It get’s pretty deep but also has enough light aspects that even non-geeks can get something out of it. Anyone I know that uses the Internet should give it a listen.