Access Denied: Keeping yourself off an attacker’s radar

Paul Gilzow (wpDirAuth, Presentation)

Locking down recon to reduce ability to detect (fingerprint) what’s running.

https://builtwith.com/ualr.edu
https://wpscan.org/

Counter measures

Use apache mod_authz

File protection

  • protect wp-content (no reason for php files to be able to be directly executed in wp-content, implicitly deny everything and whitelist things that are allowed—things that need to be downloaded as web assets for the browser)
  • protect wp-includes (deny everything except wp-tinymce
  • protect wp-admin (lock to ip ranges? except for admin-ajax.php?)
  • protect the root directory (lock wp-login.php to ip ranges, block xmlrpc, readme, license)

User protection

  • disable the redirect from ?author=# to pretty permalinks
  • remove permalink from author profile page output
  • remove user-specific class
  • modify WordPress’s overly informative error messages to force a default error message
  • USE SSO for your auth instead of local accounts!

[IDEA] use git to roll through a history of commits to incrementally show changes for a presentation

Baking in the SEO

Slow pages have poor SEO ratings. There are plugins that can improve site performance, and your choice of hosting provider can have the greatest impact on the speed of your site.

Slow pages have poor SEO ratings. There are plugins that can improve site performance, and your choice of hosting provider can have the greatest impact on the speed of your site.

Continue reading “Baking in the SEO”

Google[x]: Building a Moonshot Factory

Moonshots are seemingly impossible and yet impossibly-important ideas that through science and technology can be brought to reality. Google[x] is a moonshot factory full of optimists who are focused on changing the world by seeking out massive unsolved problems that — when solved — will profoundly and positively alter the way we live. You may have heard of self-driving cars and Google Glass, but here we’ll give a glimpse of the ethos, style, and people behind Google[x].

Then, from 4-6pm, come to our “Solve for X” exploration session at Bat Bar to engage in pushing forward moonshots — radical technology-based proposals for solving global problems (register at goo.gl/m0R4n and join the community at SolveforX.com).

Continue reading “Google[x]: Building a Moonshot Factory”