Showing posts with label indexes. Show all posts
Showing posts with label indexes. Show all posts
Wordpress Security

Wordpress Security

Pheww...!! Its been so long that i haven't posted something interesting. I really apologize for the delay. Lets Get Started :D

In my previous tutorials, I have explained how to hack a website (that was for educational purpose only) and how to upload a shell also. Now its time to secure your website from various attacks. 

Image result for what is wordpress

What is WordPress? 

Its and open source website creation written in PHP or is the easiest and most powerful blogging and website content management system . 

With the increase in Digital Market, more and more people are creating their website to show their presence in this Digital World so there is a need to secure that world also.



WordPress Security 

1. Disable custom HTML when possible

Add this code in wp-config.php file
define( 'DISALLOW_UNFILTERED_HTML',true );

2. Remove all Default posts and comments

Remove all default posts and comments. If malicious hackers find those on your site,then it may indicate to them that you have a new wordpress site which can be easily cracked.

just to this file "wp-includes/general-template.php"

function the_generator( $type ){
echo apply_filters("the_generator',get_the_generator($type),$type)."\n";
}
After Security

function the_generator($type){
#echo apply_filters('the_generator',get_the_generator($type),$type)."\n";
}

note: make sure a hash is applied next to the echo command .

3. Delete wp-admin/install.php and wp-admin/upgrade.php

Be sure to delete /wp-admin/install.php and /wp-admin/upgrade.php after every wordpress installation or upgrade

4. Hide indexes


 Just open .htaccess file and type this code

 Options indexes   


 5.  Block Some Crucial directories
Your site's wp-includes/ directory is the most important one to block.

Find the .htaccess file there and insert

  RewriteRule ^(wp-includes)\/.*$ ./ [NC,R=301,L

If there are subdirectories, then use this code

 RewriteRule ^(wp-includes|subdirectory-name-here)\/.*$ ./ [NC,R=301,L] 

6.  Secure your Admin page with YUBICO

 http://www.yubico.com/   = PAID Plugi

7.  Limit Login Attempts


Limit the number of login attempts possible both through normal login as well as using auth cookies.

http://wordpress.org/extend/plugins/login-lockdown/



8.  Server Side Scanning Online FREE

Web-malware continues to evolve making it challenging to detect using only HTTP fingerprinting techniques, such as the ones Site Check is restricted to.



9. Install Wordpress Security Scan Plugin


This  is  a  good  plugin  which  scans  your  Wordpress  installation  and  give  the  suggestion accordingly. This plugin will check for below things:

·     Passwords
·     File Permissions
·     Database Security
·     Wordpress Admin protection 




10. Automatically Backup your site



11. Two Factor Authenticator

The Google Authenticator plugin for Wordpress gives you two-factor authentication using the
Google Authenticator app for Android/iPhone/Blackberry.


12. Using .htaccess file as a FIREWALL

 RedirectMatch 403 \
 
13. Clean out Old Unneeded Core Files

Clean out old unneeded core files with help from this free Wordpress plugin:



14. Activate Akismet Plugin

To block the comment spam automatically using Akismet Which a Wordpress plugin

15. Monitoring Your Wordpress


16. Hide Your Login Page


17. Content Security

 Try checking http://copyscape.com/


18. Check for Exploits

 http://wordpress.org/extend/plugins/exploit-scanner/                                                                

19. Select Email Address as Your Login Key


20. Change Database Prefix Plugin

 
21. Keep a log of Wordpress PHP and Database Errors


22. Outstanding Security Plugin




23. Website Defender Plugin


24. Maintenance Mode Plugin




Amit Vijayan

Amit Vijayan
Hack Ethically

About Me


I am an engineering student and i am very dedicated about Ethical Hacking. I have been learning "Ethical Hacking" for about 4 years now.
Though I'am not a pro hacker but also not a noob. I have enough knowledge to give others like me, a start for their Ethical Hacking & Cyber Security. As i keep learning new things, i keep updating them on the blog from basic to advanced level.
I started Ethical Hacking as a hobby which has now turned into my passion and i'am sure i will turn it into my profession through this blog.

Always be an Ethical Hacker.