ClickIT Smart Technologies can help you to setup firewalls such as CSF, UFW, Iptables and PfSense/Sonicwall Firewall Appliance designed to mitigate common botnets, brute-force and malware attacks. Implementing a firewall will ensure you are the only one connecting to your remote management system. It will also help you to get legitimate visitors and not disturb your traffic analysis.
2. ClickIT Technologies has
offered more than five thousand
migration services worldwide.
Let us help you with the painful
task of moving your app, your
server or your website.
3. WordPress is by far the most popular CMS on the internet for blogging, not only
for a friendly user but for attackers and hacking attempts. WordPress is always
upgrading and improving thanks to their team of developers and community which
makes it easier to detect any bug or error on it.
We know that if you run a WordPress site, you care about protection (which
involves your data and your customer’s and visitor’s data). Here is a summary of
the practices you can apply to your WordPress site in order to make it safer.
Remember that these actions don’t guarantee a 100% protection against hacking
attempts, but will protect you for the majority of the attacks.
Protect your WordPress Admin Area
WordPress admin area must not be where everybody logins and modify anything
that they want. What you should do is restrict the access to the people who really
needs it. If your site is not for front-end creation, your visitors or customers should
not be able to access your /wp-admin folder. You can add add these lines to the
.htaccess file in your WordPress admin folder replacing xx.xxx.xxx.xxx with your
IP address.
order deny,allow Deny from all Allow from xx.xxx.xxx.xxx
4. Don’t use admin username
People often forget changing their username “admin” to a complex or safer one. As
admin username is very popular attackers often make brute force attacks to your
admin login and others attack simply by naming your username differently. If
you’re installing a new WordPress site, you will be asked for username during the
WordPress installation process.
Remove WordPress Header
WordPress can add a lot of stuff in your header for various services, this will
remove everything, but take care, it also removes some functionality ( for instance if
someone is looking for your RSS feed). If you want to keep some just comment the
line out.
1 // remove junk from head 2 remove_action('wp_head', 'feed_links', 2); 3 remove_action('wp_head',
'feed_links_extra', 3); 4 remove_action('wp_head', 'rsd_link'); 5 remove_action('wp_head',
'wlwmanifest_link'); 6 remove_action('wp_head', 'index_rel_link'); 7 remove_action('wp_head',
'parent_post_rel_link', 10, 0); 8 remove_action('wp_head', 'start_post_rel_link', 10, 0); 9
remove_action('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0); 10 remove_action('wp_head',
'wp_generator'); 11 remove_action('wp_head', 'wp_shortlink_wp_head', 10, 0); 12
remove_action('wp_head', 'noindex', 1);
5. Monitoring your files for changes
When an attack happens, it always leave traces. Either on the logs or on the file
system (new files, modified files, etc). If you are using OSSEC for example, it will
monitor your files and alert you when they change.
Schedule Local Backups
Regular backups are a must and having tiered backups is even better. That means
backing up the WordPress database and also your server disk. There are several
backup plugins and services that will back your data up, wordpress or server
side its very important to have at least 1 backup monthly.
Wordfence Plugin
Wordfence plugin is a complete Anti-Virus and Firewall for your WordPress. It
not only protects your site from many possible attacks but also keeps you off
Google’s SEO blacklist, repairs hacked files, even if you don’t have backups. It
also includes some features like login brute force protection, hiding your
WordPress version number, blocking fake google crawlers and many other
security elements. Remember Wordfence offer the free and the paid version for
enterprises.
6. Akismet Plugin
Akismet is a really good plugin which checks your comments against the
Akismet Web service to see if they look like spam or not and lets you review the
spam it catches under your blog’s “Comments” admin screen.
Login Lockdown
Login Lockdown checks for a specific ip which is trying to login to your site but
it never happens. It will block that IP after a certain number of attempts and will
disable any request of it for a certain amount of time. Currently, the plugin
defaults to a 1-hour lock out of an IP block after 3 failed login attempts within 5
minutes. This can be modified via the Options panel. Administrators can release
locked out IP ranges manually from the panel.
Protect your computer from Virus/Malware
Protecting your computer from malware or virus is not hard. Remember that
WordPress allows you to upload any file or plugins, thats why any file that you
want to upload, must be clean in order to maintain your wordpress folder free
from virus and malware.
7. Here are some actions you may need to take in order to do it:
1. Install an antivirus program
2. Use a firewall
3. Use a pop-up blocker with your browser
4. Keep your computer updated
5. Don’t open email attachments unless you’re expecting them
WordPress & Plugin Up-to-date
It is really important to keep your WordPress version up to date since there are always
vulnerabilities which can be hard to exploit but you need to get them fixed ASAP.
Remember that if you are going to update your WordPress to the latest version you must
check your plugins and compatibility with all your setup.
Use Strong Passwords
You will be surprised that most of the people who own a blog site or any website often set
“password” or “123456” as their personal account passwords. Its not hard to guess what
will happen to their site with those passwords. We recommend using complete phrases
instead of words and numbers.
Article Source: -http://clickittechcloudcomputing.tumblr.com/post/148730384346/tips-
for-wordpress-security