PROTECT YO SELF OR WRECK YO SELF

WordPress REST API & Security

Sean Borsodi | WordCamp Fayetteville 2015

TOPICS

SECURITYREST APIWORDPRESS

WORDPRESS

What is WordPress?

CMSDB

WORDPRESS

CMSDB

WORDPRESS

CORE

CMSDB

WORDPRESS

CORE

API

CMSDB

WORDPRESS

CORE

API

REST API

REST API

REST API

What is it good for?

REST API

Absolutely everything. Say it again y’all!

REST API

API

RESTful Development

HTTP Headers

Authentication

REST API

API

Application Programming Interface(API) is a set of routines, protocols,

and tools for building software.

REST API

REST API

REST API

REST API

REST API

RESTful Development

Representational State Transfer(REST) is a software architecture style

for building scalable web services.

REST API

REST API

REST API

REST API

HTTP Headers

Hypertext Transfer Protocol(HTTP) headers define the parameters of

the HTTP request and response messages.

REST API

REST API

REST API

REST API

Authentication

Method of authenticating the API requests: Cookie, Basic, OAuth, HMAC

SECURITY

You have been hacked!

Cross-site request forgery(CSRF) - uses a trusted users session.

Playback Attack - an intercepted request and is resent.

SECURITY

Cookie Authentication

Is the basic authentication included with WordPress. When you log in

to your dashboard, this sets up cookies in your browser.

SECURITY

SECURITY

Basic Authentication

Is an optional authentication handler for external clients. Basic

authentication requires you to pass the username and password

with each request.

SECURITY

OAuth Authentication

Is the main authentication handler for external clients. OAuth

uses tokens that enables clients to access the API.

SECURITY

SECURITY

SECURITY

SECURITY

HMAC Authentication

Hash-based Message Authentication Code(HMAC) is a hash

function that is considered practically impossible to invert.

SECURITY

SECURITY

Thank You(Questions || Comments || Suggestions)

Sean Borsodi | WordCamp Fayetteville 2015