Logins made easier and secure

by Auth0 WordPress Plugin

About Me

Md. Shahbaz Alam

CTO, Alfaaz Lingua

Full Stack Developer

Auth0 Ambassador

Mozilla Representative

GDG Ranchi Organizer

 

@mdsbzalam

 

Agenda

1. Common threats in WordPress Login

2. How to fix this?

3. How to fix this with one Plugin?

4. Why choose this approach

5. Passwords should be like Joey

Common threats in WP

Password Hacking

Hackers often use Bots which can try 1000's of passwords in seconds

Don't use passwords with less Entropy

Common threats in WP

SQL Injections

Wordpress runs on Database

it also uses PHP server-side script

it works well to deliver content quickly

But makes your WP site open to URL insertions.

Common threats in WP

Database Attack

MySQL is the most common Database used

it attracts most Hackers

the default database prefix is wp_

Common threats in WP

Brute Force Attack

Common threats in WP

Hijacking an Open User

How to fix?

Password Hacking

Choose a good password

use W0rdC@mp2k!91lo1lo

having good Password Entropy

more on Passwords in later slides

How to fix?

SQL Injections

Update to the latest version of WP

Use sites such as WP Security scan

to find vulnerabilities and fix them

Update to the latest version of PHP

Update plugins. Many vulnerabilities are found in plugins and themes

How to fix?

Database Attack

Change default database prefix

Backup your database

Replace wp_ with wp_{random string}

How to fix?

Brute Force Attack

Install a security plugin.

use advanced tactics such as htaccess password protection

Install the plugin Limit Login Attempts Reloaded.

How to fix?

Hijacking an Open User

Install the Inactive Logout plugin.

using Auth0 WordPress Plugin

using Auth0 WordPress Plugin

using Auth0 WordPress Plugin

> Automatic Installation

> Manual Installation

Installation Options:

using Auth0 WordPress Plugin

Automatic Installation

> Log into an existing WordPress site as an administrator.

> Go to Plugins > Add New in the admin menu on the left.

> Search for "Login by Auth0"

> For the Login by Auth0 plugin, click Install Now, then Activate.

choose your account type

Standard

Standard

Standard

Standard Setup

using {okta} WordPress Plugin

Why choose this approach?

> Single Plugin to secure with almost all attacks

> Single Sign-On

> Enterprise Connections

> Passwordless email and SMS

> Multi-factor Authentication

> Brute Force Protection

> Breached Password detection

Passwords should be like Joey

WHAT'S A PASSWORD?

ANYTHING THAT'S A SHARED SECRET!

PASSWORD1234

A string

RKYLHWK8@YB&YTI!8UKZH#TY?

A string

CAN BE HARD TO REMEMBER

IF COMPLEX!

A PASSWORD MANAGER CAN HELP!

CAN BE HARD TO GUESS( BY SOMEONE) IF COMPLEX!

BUT DO USE PASSWORD MANAGER SO YOU DON'T FORGET!

1234

A pincode

NOT SO HARD TO GUESS

OFTEN COMBINED WITH THE MAXIMUM ALLOWED NUMBER OF ATTEMPTS!

FAIRLY EASY TO REMEMBER

USUALLY USED ONLY WITH ACCESS TO A PHYSICAL THING

(CARDS, PHONES, KEYPADS, ...)

A pattern

A pattern

SO HOW'S YOUR PASSWORD SHOULD BE?

LIKE JOEY

LIKE JOEY

SO DON'T SHARE IT WITH ANYONE

LIKE JOEY

LIKE JOEY

USE UPPERCASE AND LOWERCASE CHARACTER

LIKE THIS?

KXnCTowPLjkTIwQ

LIKE JOEY

Joey doesn't know French, he makes it up,

So, make your Passwords randomly

LIKE JOEY

Joey has One Chandler

Your Password should only be used on one account.

xkcd: Password Strength

So how about this?

DrTdMeToEtAeBtILePe

Easy to remember!

DrTdMeToEtAeBtILePe

Doctor told be to eat Apple but I like Pineapple

Let's see another one!

MgBiStEdMoPm

Maligayang bati

Salamat

Edad mo

Paalam

Resources

Login by Auth0 WordPress Plugin

https://auth0.com/docs/cms/wordpress

Auth0 WordPress

https://auth0.com/wordpress

Auth0 WordPress Plugin GitHub Repo

https://github.com/auth0/wp-auth0

xkcd Password Strength

https://xkcd.com/936/

@mdsbzalam

Connect with me

Facebook

facebook.com/mdsbzalam

Twitter

@mdsbzalam

Instagram

@mdsbzalam

LinkedIn

https://in.linkedin.com/in/mdsbzalam

E-mail

mdsbzalam@gmail.com

@mdsbzalam

Slide

@mdsbzalam

Salamat

@mdsbzalam

Made with Slides.com