Your SlideShare is downloading. ×
WordPress Security Tips
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

WordPress Security Tips


Published on

WordPress Security Tips By Catch Internet: …

WordPress Security Tips By Catch Internet:
This slide will cover WordPress Hosting Servers, Example of Link Injection Hacks, How to Secure your WordPress site basics and WordPress Security Plugins

Published in: Technology, Business
  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. WordPress Mini Word Camp 7Basic WordPress Security Tips By Catch Internet Pvt. Ltd.
  • 2. WordPress Security• WordPress popularity and usage bringsin new threat• WordPress basic security is necessaryfor all the users• Most hackers in the internet are lookingfor the easy way
  • 3. Purpose of the PresentationIs to Scare the crap out of you! Image by
  • 4. Purpose of the PresentationAnd then make everyone feel better
  • 5. What We Will Cover• WordPress Hosting Servers• Example of Link Injection Hacks• How to Secure your WordPress sitebasics• WordPress Security Plugins
  • 6. Do I Really Need To Secure WP• There is nothing valuable on my site• I only have limited visitors on my site• I thought I already was secured• Who is going to hack my site• I already turned off the comments forsecurity
  • 7. Yes You Have to Secure Your WP Check your Hosting: Well Known, Customer Service, Secure, Review Check, Linux Based, Control Panel, BackupServer Minimum Requirements• PHP 5.2.4 or greater•MySQL 5.0 or greater• The mod_rewrite Apache module
  • 8. Recommended Hosting•Bluehost•MediaTemple•WestHost•DreamHost• WordPress VIP, Choppa, VPS(Premium Servers)
  • 9. Hidden Link Injection Hacks• Upload/ Plugin/ Themes (TimThumb)/CoreWordpress/Multi WordPress• Uses css to hide it in style. Display:none;• Mostly used for get your SEO Ranking• Mostly initiated by and many otherdomains located at• Another easy hacks
  • 10. Hidden Link Injection Hacks•These are some of the links you will see in an infected site:<a href="http://basicpills .com/">online prescription drugs without a prescription..<a href="http://generic-ed-pharmacy . com/">Buy Generic Viagra Onlin.<a href="http://getrxpills . com/buy/levitra.html”>levitra 10 mg..•Mostly these spam links are all related to pharmacy productsleading you to one of the following,,,,,,,,,,,,,,,,,,,,,,
  • 11. How to Secure your WP Site basics• Keep your Core WordPress, Theme, PluginsUpdated.• No Admin user account• Use Secure Username and Password(• Folder Permission: Rule of Thumb, file 644,folder 755
  • 12. How to Secure your WP Site basics•Remove WordPress Version from Header//Removing wp versiongeneratorremove_action(wp_head,wp_generator);•Use a Secret Key in wp-config.php•Change WP Table Prefix in wp-config.php$table_prefix = yourtable_12;
  • 13. How to Secure your WP Site basics•Directories should not be left open forpublic browsing.htaccessOptions All –Indexes•Nobody should be allowed to search yourentire server.Do not use this search code in your searchform <?php echo $_SERVER [PHP_SELF]; ?> anduse this instead <?phpbloginfo (‘home’); ?>
  • 14. How to Secure your WP Site basics•Block WP-folder from being indexed bySearch Engine.Best way to block, add the following code inyour robots.txt fileDisallow: /wp-*• Prevent Unnecessary Info From BeingDisplayedAdd the following filter in function.phpadd_filter(login_errors,create_function($a, "return null;"));
  • 15. How to Secure your WP Site basics•Protect WordPress Admin:Use .htaccess and allow only specific IP address( “Access Control”AuthType Basic<LIMIT GET>order deny, allowdeny from all#IP address to Whitelistallow from from</LIMIT>
  • 16. How to Secure your WP Site basics• Restrict File Access to wp-contentWordPress doesn’t access the PHP files in theplugins and theme directory via HHTP.The Only request from web browser are forimages, havascripts and css.In .htaccess file in wp-contentOder Allow, DenyDeny From all <Files ~ ".(css|jpe?g|png|gif|js)$">Allow from all</files>
  • 17. How to Secure your WP Site basics• Protect from Script InjectionsProtect from script injections and any attempt tomodify the PHP GLOBALS and_REQUESTvariables.In .htaccess file in wp-contentOptions +FollowSymLinksRewriteEngine OnRewriteCond %{QUERY_STRING} (|%3E) [NC,OR]RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})RewriteRule ^(.*)$ index.php [F,L]
  • 18. How to Secure your WP Site basics• Fight Back Against Content ScrapersProtect you site against hot-linking and contentscrapersAdd the following code in your .htaccess fileRewriteEngine On#Replace ? with your blog urlRewriteCond %{HTTP_REFERER} !^http://(.+.)? [NC]RewriteCond %{HTTP_REFERER} !^$#Replace /images/nohotlink.jpg with your "dont hotlink" image urlRewriteRule .*.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
  • 19. How to Secure your WP Site basics• Protect your wp-config.php fileDuring the server problem, wp-config.php mightbe shown• To Make it secure by adding the followingcode in .htaccess at root<FilesMatch ^wp-config.php$>deny from all</FilesMatch>• Backup Your Database and FilesSchedule backup your Database and File. You can use the followingplugins:•VaultPress•BAckupBuddy
  • 20. WordPress Security Plugins
  • 21. WordPress Security Plugins Signup in
  • 22. WordPress Security Plugins
  • 23. WordPress Security Plugins
  • 24. WordPress Security Plugins
  • 25. WordPress Security Basics Thanks youFor more visit our siteCatchintenet.com personal BlogSakinshrestha.com