• Save
WordPress Security Tips
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

WordPress Security Tips

on

  • 2,089 views

WordPress Security Tips By Catch Internet: ...

WordPress Security Tips By Catch Internet:
http://catchinternet.com
This slide will cover WordPress Hosting Servers, Example of Link Injection Hacks, How to Secure your WordPress site basics and WordPress Security Plugins

Statistics

Views

Total Views
2,089
Views on SlideShare
2,087
Embed Views
2

Actions

Likes
0
Downloads
14
Comments
2

2 Embeds 2

http://www.wowpin.net 1
http://wowpin.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

WordPress Security Tips Presentation Transcript

  • 1. WordPress Mini Word Camp 7Basic WordPress Security Tips By Catch Internet Pvt. Ltd.
  • 2. WordPress Security• WordPress popularity and usage bringsin new threat• WordPress basic security is necessaryfor all the users• Most hackers in the internet are lookingfor the easy way
  • 3. Purpose of the PresentationIs to Scare the crap out of you! Image by http://blog.mysanantonio.com
  • 4. Purpose of the PresentationAnd then make everyone feel better
  • 5. What We Will Cover• WordPress Hosting Servers• Example of Link Injection Hacks• How to Secure your WordPress sitebasics• WordPress Security Plugins
  • 6. Do I Really Need To Secure WP• There is nothing valuable on my site• I only have limited visitors on my site• I thought I already was secured• Who is going to hack my site• I already turned off the comments forsecurity
  • 7. Yes You Have to Secure Your WP Check your Hosting: Well Known, Customer Service, Secure, Review Check, Linux Based, Control Panel, BackupServer Minimum Requirements• PHP 5.2.4 or greater•MySQL 5.0 or greater• The mod_rewrite Apache module
  • 8. Recommended Hosting•Bluehost•MediaTemple•WestHost•DreamHost• WordPress VIP, Choppa, VPS(Premium Servers)
  • 9. Hidden Link Injection Hacks• Upload/ Plugin/ Themes (TimThumb)/CoreWordpress/Multi WordPress• Uses css to hide it in style. Display:none;• Mostly used for get your SEO Ranking• Mostly initiated by basicpills.com and many otherdomains located at 212.117.161.190• Another easy hacks
  • 10. Hidden Link Injection Hacks•These are some of the links you will see in an infected site:<a href="http://basicpills .com/">online prescription drugs without a prescription..<a href="http://generic-ed-pharmacy . com/">Buy Generic Viagra Onlin.<a href="http://getrxpills . com/buy/levitra.html”>levitra 10 mg..•Mostly these spam links are all related to pharmacy productsleading you to one of the following domains:antibioticsordrer.com, antibiotics-shop.com, basicpills.com,buynolvadexcheap.com, cheappillsonline.net, dacompliasale.comdlevitraonline.com, dzithromaxsbuy.com, generic-ed-pharmacy.com,getrxpills.com, kamagrasorder.com, onlineacompliacheap.com,onlinecialischeap.net, onlinelevitracheap.com, onlinelevitracheap.net,onlineviagracheap.com, onlineviagracheap.net, peampicillinonline.com,rx-prices.com, sclomidbuy.com, sdoxycyclinebuy.com, sviagrarbuy.com,vicialisabuy.com, wpropecianonline.com
  • 11. How to Secure your WP Site basics• Keep your Core WordPress, Theme, PluginsUpdated.• No Admin user account• Use Secure Username and Password(http://goodpassword.com/)• Folder Permission: Rule of Thumb, file 644,folder 755
  • 12. How to Secure your WP Site basics•Remove WordPress Version from Header//Removing wp versiongeneratorremove_action(wp_head,wp_generator);•Use a Secret Key in wp-config.phphttps://api.wordpress.org/secret-key/1.1/salt/•Change WP Table Prefix in wp-config.php$table_prefix = yourtable_12;
  • 13. How to Secure your WP Site basics•Directories should not be left open forpublic browsing.htaccessOptions All –Indexes•Nobody should be allowed to search yourentire server.Do not use this search code in your searchform <?php echo $_SERVER [PHP_SELF]; ?> anduse this instead <?phpbloginfo (‘home’); ?>
  • 14. How to Secure your WP Site basics•Block WP-folder from being indexed bySearch Engine.Best way to block, add the following code inyour robots.txt fileDisallow: /wp-*• Prevent Unnecessary Info From BeingDisplayedAdd the following filter in function.phpadd_filter(login_errors,create_function($a, "return null;"));
  • 15. How to Secure your WP Site basics•Protect WordPress Admin:Use .htaccess and allow only specific IP address(http://whatismyip.com)AuthUserFile/dev/nullAuthGroupFile/dev/nullAuthName “Access Control”AuthType Basic<LIMIT GET>order deny, allowdeny from all#IP address to Whitelistallow from xxx.xxx.xxx.xxxallow from xxx.xxx.xxx.xxx</LIMIT>
  • 16. How to Secure your WP Site basics• Restrict File Access to wp-contentWordPress doesn’t access the PHP files in theplugins and theme directory via HHTP.The Only request from web browser are forimages, havascripts and css.In .htaccess file in wp-contentOder Allow, DenyDeny From all <Files ~ ".(css|jpe?g|png|gif|js)$">Allow from all</files>
  • 17. How to Secure your WP Site basics• Protect from Script InjectionsProtect from script injections and any attempt tomodify the PHP GLOBALS and_REQUESTvariables.In .htaccess file in wp-contentOptions +FollowSymLinksRewriteEngine OnRewriteCond %{QUERY_STRING} (|%3E) [NC,OR]RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})RewriteRule ^(.*)$ index.php [F,L]
  • 18. How to Secure your WP Site basics• Fight Back Against Content ScrapersProtect you site against hot-linking and contentscrapersAdd the following code in your .htaccess fileRewriteEngine On#Replace ?mysite.com/ with your blog urlRewriteCond %{HTTP_REFERER} !^http://(.+.)?mysite.com/ [NC]RewriteCond %{HTTP_REFERER} !^$#Replace /images/nohotlink.jpg with your "dont hotlink" image urlRewriteRule .*.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
  • 19. How to Secure your WP Site basics• Protect your wp-config.php fileDuring the server problem, wp-config.php mightbe shown• To Make it secure by adding the followingcode in .htaccess at root<FilesMatch ^wp-config.php$>deny from all</FilesMatch>• Backup Your Database and FilesSchedule backup your Database and File. You can use the followingplugins:•VaultPress•BAckupBuddy
  • 20. WordPress Security Plugins
  • 21. WordPress Security Plugins Signup in websitedefender.com
  • 22. WordPress Security Plugins
  • 23. WordPress Security Plugins
  • 24. WordPress Security Plugins
  • 25. WordPress Security Basics Thanks youFor more visit our siteCatchintenet.comhttp://catchinternet.com/blog/wordpress-security-tips/My personal BlogSakinshrestha.comhttp://sakinshrestha.com/wordpress/fix-if-your-wordpress-site-is-hacked/http://sakinshrestha.com/wordpress/wordpress-security-tips/