MASIGNASUKAv102
6510051498749449419

Secure WordPress حماية الووردبريس

Secure WordPress حماية الووردبريس
Add Comments
7/27/2015
[d2ae-url]

http://wpsecure.net/secure-wordpress

حماية الووردبريس


Secure WordPress حماية الووردبريس

Secure WordPress



Secure WordPress


حماية الووردبريس

 

Blog security 101,  how to lock down your WordPress site. Most of these techniques are easy to implement for a beginner or recover from if something goes wrong. If your new to WordPress please read our basic guide before proceeding with this one.


1. Delete the Admin login

The default Admin login and privileges makes an easy target for any exploit. You should delete this user account right away. The steps:
1. Login with the default Admin account
2. Create a new user with a unique name with Admin privileges  <— very important
3. Login with “new” user and delete the Admin user.

Note: This step can also be quickly done on a fresh install by changing the default user name to something other than “Admin”.
1. Change your WordPress Nickname

Bots will scrape your sites posts looking for author tags and then use the names it find as your login username, this is a very effective attack vector for guessing through brute force. In your WP admin click your Profile or Users and add a Nickname ( or First Name) and then select “Display name publicly as” something different from your actual login username!
2. Schedule regular backups

Regular backups are a must and having tiered backups is even better. That means backing up the WordPress database and also your server disk. There are several backup plugins and services that will back your data up. It is also very advisable to ask your host about disk based backups and remember to read the fine print.schedule
3. Get some WordPress security keys

WordPress has implemented encrypted security keys for information stored in your cookies.
These keys go into your wp-config.php and you can find a random number key generator on the official wordpress.org site here https://api.wordpress.org/secret-key/1.1/salt/ . Hit refresh on your browser to get new keys and copy/paste the whole thing into your wp-config.php.

4. Rename the database prefix pre-installation only!

This is for PRE-INSTALL ONLY. We cover doing this to a live site in the advanced guide as doing this wrong will kill your site. If your starting with a fresh new install, you have an option during the install screen to change the database prefix. All default WordPress installs use the database prefix of “wp_”which makes any exploiter’s job much easier, change this prefix to something unique.

5. Limit your plugin and theme use and delete unused ones.

Not only are many plugins and themes insecure but they can slow your site down to a crawl. Limit your plugin use as much as you can, delete unused plugins and themes and keep them updated. Keeping your system clean not only reduces fingerprinting and rogue code from being exploited but if something does happen to infect your site, it is much easier to manage.
6. Move wp-config up one directory and lock it down

The wp-config.php file contains all your WordPress database credentials, you can move this file up one directory on your server, outside the web root which can protect it from any browser based attacks. It it also a good idea to change the permissions on it to 600.

7. Limit login attempts

Plugin use for security can be an afterthought, and relying on something to protect what is already insecure is bad practice. The plugin Limit Login Attempts on the other hand is very useful as it prevents too many failed logins to your site and locks out brute force attacks. It can even log IP’s that are failing to get in.
8. Check your file and directory permissions

File and directory permissions can be tricky depending on the host. In the majority of cases you want to have files set to 644 or 640 and folders set to 755 or 750. You should never have to set anything to .777 unless your host has been mis-configured, EVER! The golden rule with permissions is to set them as low as you can while keeping the site in working order.
9. Hide version info

Hiding the WP version info is a small step to prevent bots from crawling your site, it does not prevent fingerprinting, but every little bit helps. In your theme’s functions.php add the following:











1

2

3

4

5


// remove version info from head and feeds

function complete_version_removal() {

    return '';

}

add_filter('the_generator', 'complete_version_removal');




10. Enable ssl login

Enable ssl login if your site has an ssl certificate. To enable ssl your site must be reachable by using https. You can enable this just for the login or for the whole Admin in your wp-config.php. SSL login will encrypt the data you send to WordPress and is especially helpful to thwart man-in-the-middle attacks.











1

2

3

4

5

6


// this goes in your wp-config.php file

//

//for just the login

 define('FORCE_SSL_LOGIN', true);

//for the whole admin

define('FORCE_SSL_ADMIN', true);




11. Don’t allow search bots to browse your directories

Google search can crawl unwanted urls and expose them to hackers. It’s best to prevent Google bot and any other bots that follow robots.txt ( not all of them do) from indexing anything but your content. The robot.txt goes in your site’s root folder and is just a text file.











1

2

3

4

5

6

7

8

9


User-agent: *


Disallow: /feed/

Disallow: /trackback/

Disallow: /wp-admin/

Disallow: /wp-content/

Disallow: /wp-includes/

Disallow: /xmlrpc.php

Disallow: /wp-




12. Disable user registration.

Yes you can disable user registration in the Admin, so if your running a small blog or CMS and don’t have multiple people sharing, go ahead and disable user registration completely under your General settings.

13. Disable theme and plugin edits/updates

Prevent users from being able to edit or update sensitive files via the admin.











1

2


define('DISALLOW_FILE_EDIT',true); //edits

define('DISALLOW_FILE_MODS',true); //updates




14. Basic .htaccess Rules

Some basic rules that you can add to your root .htaccess file, more advanced rules are covered in the advanced guide as messing around here can break your site, but these won’t do much other than protect you.











1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22


//limit indexing of directories

Options All -Indexes


//protect the htaccess file,

//this is done by default with apache config file,

// but you never know.


order allow,deny

deny from all



//disable the server signature

ServerSignature Off


//limit file uploads to 10mb

LimitRequestBody 10240000


// protect wpconfig.php.

//If you followed step 6 this is not necessary.


order allow,deny

deny from all




15. Delete the readme and any unnecessary files.

WordPress has a default readme.html, and many plugins and themes also come with one. It’s best to just delete them as they can be used for fingerprinting or general snooping and often contain version info. Also keep your folders clean of any junk files.

M

  1. kreftsiden.no

    Secure WordPress حماية الووردبريس

    ردحذف
  2. marketing

    Secure WordPress حماية الووردبريس

    ردحذف
  3. Fortnite Hacks

    Secure WordPress حماية الووردبريس

    ردحذف
  4. Fortnite esp

    Secure WordPress حماية الووردبريس

    ردحذف
  5. Fortnite esp

    Secure WordPress حماية الووردبريس

    ردحذف
  6. Fortnite Cheat

    Secure WordPress حماية الووردبريس

    ردحذف
  7. fortnite hack

    Secure WordPress حماية الووردبريس

    ردحذف
  8. Fortnite Hacks

    Secure WordPress حماية الووردبريس

    ردحذف
  9. fortnite hack

    Secure WordPress حماية الووردبريس

    ردحذف
  10. Fortnite Hack Free Downloa

    Secure WordPress حماية الووردبريس

    ردحذف
  11. fortnite hack

    Secure WordPress حماية الووردبريس

    ردحذف
  12. Fortnite CHEAT Free Downloa

    Secure WordPress حماية الووردبريس

    ردحذف
  13. fortnite hack

    Secure WordPress حماية الووردبريس

    ردحذف
  14. Fortnite esp

    Secure WordPress حماية الووردبريس

    ردحذف
  15. Fortnite Cheat

    Secure WordPress حماية الووردبريس

    ردحذف
  16. Fortnite Hack Free Downloa

    Secure WordPress حماية الووردبريس

    ردحذف
  17. Fortnite Cheat

    Secure WordPress حماية الووردبريس

    ردحذف
  18. Fortnite Hack Free Downloa

    Secure WordPress حماية الووردبريس

    ردحذف
  19. fortnite aimbot

    Secure WordPress حماية الووردبريس

    ردحذف
  20. Fortnite Cheat

    Secure WordPress حماية الووردبريس

    ردحذف
  21. Fortnite Wallhack

    Secure WordPress حماية الووردبريس

    ردحذف
  22. Fortnite CHEAT Free Downloa

    Secure WordPress حماية الووردبريس

    ردحذف
  23. design,

    Secure WordPress حماية الووردبريس

    ردحذف
  24. toppery

    Secure WordPress حماية الووردبريس

    ردحذف
  25. porn videos

    Secure WordPress حماية الووردبريس

    ردحذف
  26. vurl.in

    Secure WordPress حماية الووردبريس

    ردحذف
  27. more here

    Secure WordPress حماية الووردبريس

    ردحذف