Logins made easier and secure
by Auth0 WordPress Plugin
About Me
Md. Shahbaz Alam
CTO, Alfaaz Lingua
Full Stack Developer
Auth0 Ambassador
Mozilla Representative
GDG Ranchi Organizer
@mdsbzalam
Agenda
1. Common threats in WordPress Login
2. How to fix this?
3. How to fix this with one Plugin?
4. Why choose this approach
5. Passwords should be like Joey
Common threats in WP
Password Hacking
Hackers often use Bots which can try 1000's of passwords in seconds
Don't use passwords with less Entropy
Common threats in WP
SQL Injections
Wordpress runs on Database
it also uses PHP server-side script
it works well to deliver content quickly
But makes your WP site open to URL insertions.
Common threats in WP
Database Attack
MySQL is the most common Database used
it attracts most Hackers
the default database prefix is wp_
Common threats in WP
Brute Force Attack
Common threats in WP
Hijacking an Open User
How to fix?
Password Hacking
Choose a good password
use W0rdC@mp2k!91lo1lo
having good Password Entropy
more on Passwords in later slides
How to fix?
SQL Injections
Update to the latest version of WP
Use sites such as WP Security scan
to find vulnerabilities and fix them
Update to the latest version of PHP
Update plugins. Many vulnerabilities are found in plugins and themes
How to fix?
Database Attack
Change default database prefix
Backup your database
Replace wp_ with wp_{random string}
How to fix?
Brute Force Attack
Install a security plugin.
use advanced tactics such as htaccess password protection
Install the plugin Limit Login Attempts Reloaded.
How to fix?
Hijacking an Open User
Install the Inactive Logout plugin.
using Auth0 WordPress Plugin
using Auth0 WordPress Plugin
using Auth0 WordPress Plugin
> Automatic Installation
> Manual Installation
Installation Options:
using Auth0 WordPress Plugin
Automatic Installation
> Log into an existing WordPress site as an administrator.
> Go to Plugins > Add New in the admin menu on the left.
> Search for "Login by Auth0"
> For the Login by Auth0 plugin, click Install Now, then Activate.
choose your account type
Standard
Standard
Standard
Standard Setup
using {okta} WordPress Plugin
Why choose this approach?
> Single Plugin to secure with almost all attacks
> Single Sign-On
> Enterprise Connections
> Passwordless email and SMS
> Multi-factor Authentication
> Brute Force Protection
> Breached Password detection
Passwords should be like Joey
WHAT'S A PASSWORD?
ANYTHING THAT'S A SHARED SECRET!
PASSWORD1234
A string
RKYLHWK8@YB&YTI!8UKZH#TY?
A string
CAN BE HARD TO REMEMBER
IF COMPLEX!
A PASSWORD MANAGER CAN HELP!
CAN BE HARD TO GUESS( BY SOMEONE) IF COMPLEX!
BUT DO USE PASSWORD MANAGER SO YOU DON'T FORGET!
1234
A pincode
NOT SO HARD TO GUESS
OFTEN COMBINED WITH THE MAXIMUM ALLOWED NUMBER OF ATTEMPTS!
FAIRLY EASY TO REMEMBER
USUALLY USED ONLY WITH ACCESS TO A PHYSICAL THING
(CARDS, PHONES, KEYPADS, ...)
A pattern
A pattern
SO HOW'S YOUR PASSWORD SHOULD BE?
LIKE JOEY
LIKE JOEY
SO DON'T SHARE IT WITH ANYONE
LIKE JOEY
LIKE JOEY
USE UPPERCASE AND LOWERCASE CHARACTER
LIKE THIS?
KXnCTowPLjkTIwQ
LIKE JOEY
Joey doesn't know French, he makes it up,
So, make your Passwords randomly
LIKE JOEY
Joey has One Chandler
Your Password should only be used on one account.
xkcd: Password Strength
So how about this?
DrTdMeToEtAeBtILePe
Easy to remember!
DrTdMeToEtAeBtILePe
Doctor told be to eat Apple but I like Pineapple
Let's see another one!
MgBiStEdMoPm
Maligayang bati
Salamat
Edad mo
Paalam
Resources
Login by Auth0 WordPress Plugin
Auth0 WordPress
Auth0 WordPress Plugin GitHub Repo
{okta} WordPress Plugin GitHub Repo
https://github.com/oktadeveloper/okta-wordpress-sign-in-widget
xkcd Password Strength
@mdsbzalam
Connect with me
facebook.com/mdsbzalam
@mdsbzalam
@mdsbzalam
https://in.linkedin.com/in/mdsbzalam
mdsbzalam@gmail.com
@mdsbzalam
Slide
@mdsbzalam
Salamat
@mdsbzalam
