Many large scale websites use WordPress for their blog or even as the main site (Sony, Best Buy, Ebay, Wired, the list goes on) . As any easy to use and intuitive (idiot proof) application, the most common vulnerability is the user and in WordPress, the editor or admin's dictionary password, second most is the fact that many of the plugins either have un-published or un-patched vulnerabilities. I will demonstrate how using targeted attacks can lead to building a botnet with any demographic you desire. I will show how to attack a WordPress site and more specifically their subscribers/readers and usable payloads will be demonstrated, as well as how to protect default WordPress installations.
Phyr3wall William Wallace is an experienced Software Engineer with more than 10 years of progressive production development. William is currently working as a web application engineer assigned to scale and secure several large scale blogs that are currently using WordPress.