Your SlideShare is downloading. ×
Is your Wordpress safe enough?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Is your Wordpress safe enough?

2,836
views

Published on

system, to be online so fast. But you cannot be sure your portal is safe enough. That’s why there are a lot of steps what you should have done, to have much more safe portal. …

system, to be online so fast. But you cannot be sure your portal is safe enough. That’s why there are a lot of steps what you should have done, to have much more safe portal.
Is your Wordpress safe enough? Let's see!

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,836
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IS YOUR WORDPRESSSAFE ENOUGH?Said MuratWarsaw/Polandwww.saidmurat.net & info@saidmurat.net
  • 2. What is Wordpress?WordPress is a free and open source bloggingtool and a content management system (CMS)based on PHP and MySQL. It has many featuresincluding a plug-in architecture and a templatesystem. It was first released on May 27, 2003, byfounders Matt Mullenweg and Mike Little. As of April 2013, version 3.5 had beendownloaded over 18 million times.Matt Mullenweg
  • 3. What about the numbers?WordPress is currently themost popular blogging systemin use on the Web, poweringover 60 million websitesworldwide.
  • 4. Popular brands are usingWordpress!Ebay Blog
  • 5. Popular brands are usingWordpress!Yahoo Blog
  • 6. Popular brands are usingWordpress!CNN Blog
  • 7. How to attack?Brute ForceIn cryptography, a brute-force attack, or exhaustivekey search, is a cryptanalytic attack that can, intheory, be used against any encrypted data.A brute-force attack is an attempt to log into anaccount by systematically trying thousands ofpasswords
  • 8. How to attack?Brute Force
  • 9. How to attack?Any different way to attack?
  • 10. How to provide protectionfrom attacks?Wordpress is a ‘ready’ system, to be online sofast. But you cannot be sure your portal is safeenough. That’s why there are a lot of stepswhat you should have done, to have muchmore safe portal.Let’s go on, step by step!
  • 11. How to provide protectionfrom attacks?A) MySQL Database;- Do not type as name of the database‘mysite_database’. Because then it’seasier to reach your database.- As Password, do not type ‘abc12345’.- As Username, do not type ‘Admin’.
  • 12. How to provide protectionfrom attacks?B) Remove ‘Install.php’ file;After you have done the installation, justremove the ‘Install.php’ file.
  • 13. How to provide protectionfrom attacks?C) Admin Username;You HAVE TO be careful toname your admin’s username.- Do not type ‘admin’ ,‘administrator’ or ‘manager’.- Your password also shouldhave complex letters like‘5o12cMs’.
  • 14. How to provide protectionfrom attacks?D) Hide version of your Wordpress;You know version of your Wordpress.But others don’t have to know it,right? Then, go to ‘function.php’ andtype this line there:remove_action(wp_head, wp_generator);
  • 15. How to provide protectionfrom attacks?E) Permissions of your files;Some of Wordpress’s files are ‘originally’ writable. But no need!Because some spams may try to reach your files unexpectly. That’swhy, let’s go to FTP and change some ‘permissions of your files’.(root directory) : 0755wp-includes/ : 0755wp-admin/ : 0755wp-admin/js/ : 0755wp-content/ : 0755wp-content/themes/ : 0755wp-content/plugins/ : 0755wp-admin/index.php : 0644.htaccess : 0644wp-config.php : 0644
  • 16. How to provide protectionfrom attacks?F) Where is your .htaccess file?To have a safe Wordpress system, you really need to have a ‘.htaccess’file. Htaccess file has ‘redirection’ codes, as default. But you canimprove codes and have a safe Wordpress system. If you do not havethis file, just create it!# Hide signature of your Server!ServerSignature Off  # Limit of the file you upload will be max 10MB.LimitRequestBody 10240000 # Your files will not be ‘reachable’ by others. <files .htaccess>order allow,denydeny from all</files>
  • 17. How to provide protectionfrom attacks?WP-Security Scan(Plugin)This is one the very useful plugins that should definitely be usedregularly by every WordPress blogger. This plugin can movethrough every security loophole in a few seconds. A list ofpossible vulnerabilities is then prepared, such as file passwordsor permissions, and also offers further suggestions on correctiveactions to deal with them.
  • 18. What about SPAMS?You might get spams via comments to your posts.Spams try to be published on your pages, to makeadvertisement of their pages. But sometimes, theymay have some links, to redirect your members totheir pages automatically.
  • 19. PluginsAkismetThe best anti-spam plugin for WordPress. Bundled with WordPress,Akismet requires a registration key, but is easy to setup and providesexcellent “set-it-and-forget-it” spam protection for WordPress.Limit Login AttemptsThe best anti login attack plugin. With Brute Force method, hackersmay try to attack your login page. Thanks to this plugin, after trying 3rdtimes, Wordpress asks users to wait some time, to try again usernameand password. Otherwise, with using wordlists, they may find logindetails.WP Activity MonitorYou may have a lot of admins, moderators or editors on yourWordpress. But it’s hard to control everyone. Moreover, how can you besure if there is no hacker who you do not know? You can control alldetails about your Wordpress.
  • 20. TipsBack up your MySQL database regularly;You should always back up your site files and database. You should getinto the practice of regular MySQL database backups by exporting yourMySQL data as a .sql file to be stored in a safe location.Do not install every plugin you find;Users of Wordpress usually get hack because of plugins. That’s why youshould download and install plugins which are recommended byWordpress.
  • 21. ReferencesWordpress.OrgWikipedia.OrgCyber-Warior.OrgLinuxToday.Org

×