Hack Invasion basic checklist for wordpress security WordPress Security Checklist

WordPress Security Checklist

AmitVijayan 00:18:00 basic checklist for wordpress security

Image result for wordpress

WordPress Security Checklist

Basic Checklist :

1. Rename user Admin to something else.

2. Change the ID field on the first user from 1 to something else.

3. Enforce strong password requirements for all system users

4. Don‟t let anybody but admins see available WP updates.

5. Remove the ability for non-admins to modify theme files.

6. Tweak the database so tables aren‟t prefixed with wp_.

7. Don‟t use the MySQL root user to access the database.

8. Limit the MySQL account used to the site database only.

9. Restrict the MySQL account so it can‟t perform destructive actions (i.e. DROP,

etc.)

10. Give the MySQL account a very long, randomised password.

11. Don‟t allow the server‟s root user access via SSH. Use an account with SUDO

privileges instead.

12. Ensure all the secret key fields in wp-config.php are completed with 16-bit SHA

keys.

13. Disallow indexes on all site folders.

14. Hide the admin area.

15. Rename the wp-content directory to something else.

16. Block bad hosts and agents with blacklists.

17. Make any .htaccess files and wp-config.php non-writeable.

18. Make the admin area inaccessible outside of work hours (handle this one with care)

19. Schedule regular database backups.

20. Restrict the length of allowed URLs to 255 characters or less.

21. Require SSL connections on the admin area (if possible; this one has an on-cost attached)

22. If possible, install and run server-side antivirus software such as ClamAV.

23. Consider restricting the server‟s FTP service to only accept connections from certain, whitelisted IP addresses (only applicable if you have at least one static IP).

24. When deploy complete, consider stopping the server‟s FTP service completely.

You can always temporarily switch it on again if required.

25. If your web server is allowing proxying (for example, if you‟re load-balancing),

ensure it‟s not configured as an open HTTP proxy.

26. Remove any open SMTP proxies on your server.

2 comments

delete

3 September 2020 at 05:39

Kripto Para BiLira Nedir? BiLira Nerelerde Kullanılır, BiLira Nasıl Çalışır?
Siber Güvenlik İnternette Nasıl Güvende Kalınır? Küçük Bir Rehber!
Sosyal Medya Güvenliği! Sosyal Medya ve İnternet!
Instagram’da Mavi Tik (Onaylı Hesap) Nasıl Alınır?
Tasarım Tişört
Baskılı Tişört
Wordpress Themes
Free Wordpress Themes
Buy Wordpress Themes
Warez Wordpress Themes
Full Wordpress Themes
Dijital Ajans
SEO Ajansı
Sosyal Medya Ajansı
Dijital Ajans
Siber Güvenlik
Kripto Para

delete

8 September 2020 at 16:29

Hisse Yorumları
coin yorum
yerli baddies

EmoticonEmoticon

Subscribe to: Post Comments (Atom)