protect yo self or wreck yo self wordpress rest api & security sean borsodi | wordcamp...
TRANSCRIPT
![Page 1: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/1.jpg)
PROTECT YO SELF OR WRECK YO SELF
WordPress REST API & Security
Sean Borsodi | WordCamp Fayetteville 2015
![Page 2: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/2.jpg)
TOPICS
SECURITYREST APIWORDPRESS
![Page 3: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/3.jpg)
WORDPRESS
What is WordPress?
![Page 4: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/4.jpg)
CMSDB
WORDPRESS
![Page 5: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/5.jpg)
CMSDB
WORDPRESS
CORE
![Page 6: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/6.jpg)
CMSDB
WORDPRESS
CORE
API
![Page 7: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/7.jpg)
CMSDB
WORDPRESS
CORE
API
REST API
![Page 8: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/8.jpg)
REST API
![Page 9: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/9.jpg)
REST API
What is it good for?
![Page 10: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/10.jpg)
REST API
Absolutely everything. Say it again y’all!
![Page 11: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/11.jpg)
REST API
API
RESTful Development
HTTP Headers
Authentication
![Page 12: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/12.jpg)
REST API
API
Application Programming Interface(API) is a set of routines, protocols,
and tools for building software.
![Page 13: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/13.jpg)
REST API
![Page 14: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/14.jpg)
REST API
![Page 15: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/15.jpg)
REST API
![Page 16: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/16.jpg)
REST API
![Page 17: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/17.jpg)
REST API
RESTful Development
Representational State Transfer(REST) is a software architecture style
for building scalable web services.
![Page 18: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/18.jpg)
REST API
![Page 19: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/19.jpg)
REST API
![Page 20: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/20.jpg)
REST API
![Page 21: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/21.jpg)
REST API
HTTP Headers
Hypertext Transfer Protocol(HTTP) headers define the parameters of
the HTTP request and response messages.
![Page 22: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/22.jpg)
REST API
![Page 23: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/23.jpg)
REST API
![Page 24: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/24.jpg)
REST API
![Page 25: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/25.jpg)
REST API
Authentication
Method of authenticating the API requests: Cookie, Basic, OAuth, HMAC
![Page 26: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/26.jpg)
SECURITY
You have been hacked!
Cross-site request forgery(CSRF) - uses a trusted users session.
Playback Attack - an intercepted request and is resent.
![Page 27: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/27.jpg)
SECURITY
Cookie Authentication
Is the basic authentication included with WordPress. When you log in
to your dashboard, this sets up cookies in your browser.
![Page 28: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/28.jpg)
SECURITY
![Page 29: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/29.jpg)
SECURITY
Basic Authentication
Is an optional authentication handler for external clients. Basic
authentication requires you to pass the username and password
with each request.
![Page 30: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/30.jpg)
SECURITY
OAuth Authentication
Is the main authentication handler for external clients. OAuth
uses tokens that enables clients to access the API.
![Page 31: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/31.jpg)
SECURITY
![Page 32: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/32.jpg)
SECURITY
![Page 33: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/33.jpg)
SECURITY
![Page 34: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/34.jpg)
SECURITY
HMAC Authentication
Hash-based Message Authentication Code(HMAC) is a hash
function that is considered practically impossible to invert.
![Page 35: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/35.jpg)
SECURITY
![Page 36: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/36.jpg)
SECURITY
![Page 37: PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015](https://reader036.vdocuments.us/reader036/viewer/2022062805/5697bfe91a28abf838cb6b15/html5/thumbnails/37.jpg)
Thank You(Questions || Comments || Suggestions)
Sean Borsodi | WordCamp Fayetteville 2015