“What could I have done to avoid being hacked?” is a question you’ll often hear after a site is hacked. In some cases the answer is complicated, but a lot of the time it’s relatively simple and there are many checklists and guides online outlining the ways sites can be hacked, plus how to secure them. However, a lot of people learn better from seeing and doing than reading (often boring) checklists. So rather than look at checklists on slides for 30 minutes, we’re going to hack into WordPress instead!
We will target a vulnerable installation of WordPress and attack the usual weaknesses to compromise the site. After every attack we perform, we will make the required changes to block the attack, and then attempt to compromise the site again, hopefully unsuccessfully this time! The goal is to think like a hacker, learning what types of vulnerabilities exist and how they are exploited, so we can better protect our sites and block hackers before they get in. By the end of the talk, we should have a secure site and an incredibly frustrated hacker.