Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Simple Tips to Secure your WordPress

283 views

Published on

Learn why WordPress site are Hacked?
How exactly sites are Hacked?
Simple Steps to secure WordPress Site.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Simple Tips to Secure your WordPress

  1. 1. Firoz Sabaliya Simple Tips to Secure your WordPress
  2. 2. Common Reasons How WP site Hacked? Why? Steps to Secure Site
  3. 3. Most Common Reason WordPress Sites are Hacked
  4. 4. How Exactly Hackers Found WordPress Sites?
  5. 5. Google Dorks ● Open Google.com ● Type below string "index of" inurl:wp-content/
  6. 6. "index of" inurl:wp-content/
  7. 7. Google Dorks filetype:sql inurl:/wp-content/uploads
  8. 8. filetype:sql inurl:/wp-content/uploads
  9. 9. Using /?author=1 Query Parameter example.com/?author=1
  10. 10. What Hackers Do With UserName?
  11. 11. ● Get Admin UserName ● Get Common Password list from the InterNet ● Gain Admin Access Using Automated Script
  12. 12. Why My Site Hacked ?
  13. 13. Why Do Hackers Hack WordPress? ● Sending Spam Email ● Gain Access to Your Data and Mailing List ● Credit Card Information ● Download Malicious Software onto Your End User’s Machine ● Redirections
  14. 14. Quick Tips to Secure WordPress Site
  15. 15. Simple Tips to Secure WordPress ● Hide WordPress Version Number ● Change Common Username ● Change the Database Table Prefix ● Set Proper Directory Permissions ● Disallow file editing ● Prevent htaccess and wp-config.php ● Disable Server Signature.
  16. 16. Simple Tips to Secure Wordpress ● Block Access To XMLRPC ● Disable directory listing ● Prevent Brute-force attack: Change Admin URL ● Enable Captcha for Login Page and Forgot Password ● User Enumeration
  17. 17. Hide your WordPress Version Number
  18. 18. Change Common Username
  19. 19. Change the Database Table Prefix
  20. 20. Set Proper Directory Permissions
  21. 21. Disallow file editing
  22. 22. Prevent htaccess and wp-config.php
  23. 23. Block Access To XMLRPC
  24. 24. Disable Directory Listing
  25. 25. Prevent Brute-force attack
  26. 26. Captcha for Login Page and Forgot Password
  27. 27. User Enumeration
  28. 28. Import/Export Settings
  29. 29. Additional Steps ● 2-factor authentication ● Use SSL to encrypt data ● Update WordPress regularly ● Enable Auto Backup ● Avoid Themes and Plugin from unauthorised source
  30. 30. 2-factor authentication
  31. 31. Thank you @firoz2456

×