Tuesday, 20 November 2018

An Introduction to WordPress Penetration Testing


Recently I had Tim Nash, the WordPress platform lead at 34SP.com, speak at the local WordPress meetup I help run. It’s the third time Tim has spoken at the meetup, and in the past he has spoken about site security and performance but this time he spoke about a handful of case studies of hackings; how the sites were exploited and what could be done to mitigate the vulnerability. Tim’s talk was essentially a scaryhelpful introduction to penetration testing (or pentesting) with a WordPress flavor. It got me thinking just how secure the sites I manage are and perhaps I should really look deeper into site security further than just the fundamentals of WordPress security.
What is Penetration Testing
The deeper you get into site security, the darker it gets. Penetration testing is the practice of simulating an attack on a system, network, app or website to identify vulnerabilities that might be exploited.
In simple terms, you become the hacker to protect your site. But that means any testing you perform needs to be authorized by the site or system owner (read: your boss or client needs to give the thumbs up), and to avoid arrest and criminal charges (keep in mind I’m not
Source: https://managewp.org/articles/18123/an-introduction-to-wordpress-penetration-testing



source https://williechiu40.wordpress.com/2018/11/20/an-introduction-to-wordpress-penetration-testing/

No comments:

Post a Comment