Is your Wordpress safe enough?


Published on

system, to be online so fast. But you cannot be sure your portal is safe enough. That’s why there are a lot of steps what you should have done, to have much more safe portal.
Is your Wordpress safe enough? Let's see!

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Is your Wordpress safe enough?

  1. 1. IS YOUR WORDPRESSSAFE ENOUGH?Said MuratWarsaw/ &
  2. 2. What is Wordpress?WordPress is a free and open source bloggingtool and a content management system (CMS)based on PHP and MySQL. It has many featuresincluding a plug-in architecture and a templatesystem. It was first released on May 27, 2003, byfounders Matt Mullenweg and Mike Little. As of April 2013, version 3.5 had beendownloaded over 18 million times.Matt Mullenweg
  3. 3. What about the numbers?WordPress is currently themost popular blogging systemin use on the Web, poweringover 60 million websitesworldwide.
  4. 4. Popular brands are usingWordpress!Ebay Blog
  5. 5. Popular brands are usingWordpress!Yahoo Blog
  6. 6. Popular brands are usingWordpress!CNN Blog
  7. 7. How to attack?Brute ForceIn cryptography, a brute-force attack, or exhaustivekey search, is a cryptanalytic attack that can, intheory, be used against any encrypted data.A brute-force attack is an attempt to log into anaccount by systematically trying thousands ofpasswords
  8. 8. How to attack?Brute Force
  9. 9. How to attack?Any different way to attack?
  10. 10. How to provide protectionfrom attacks?Wordpress is a ‘ready’ system, to be online sofast. But you cannot be sure your portal is safeenough. That’s why there are a lot of stepswhat you should have done, to have muchmore safe portal.Let’s go on, step by step!
  11. 11. How to provide protectionfrom attacks?A) MySQL Database;- Do not type as name of the database‘mysite_database’. Because then it’seasier to reach your database.- As Password, do not type ‘abc12345’.- As Username, do not type ‘Admin’.
  12. 12. How to provide protectionfrom attacks?B) Remove ‘Install.php’ file;After you have done the installation, justremove the ‘Install.php’ file.
  13. 13. How to provide protectionfrom attacks?C) Admin Username;You HAVE TO be careful toname your admin’s username.- Do not type ‘admin’ ,‘administrator’ or ‘manager’.- Your password also shouldhave complex letters like‘5o12cMs’.
  14. 14. How to provide protectionfrom attacks?D) Hide version of your Wordpress;You know version of your Wordpress.But others don’t have to know it,right? Then, go to ‘function.php’ andtype this line there:remove_action(wp_head, wp_generator);
  15. 15. How to provide protectionfrom attacks?E) Permissions of your files;Some of Wordpress’s files are ‘originally’ writable. But no need!Because some spams may try to reach your files unexpectly. That’swhy, let’s go to FTP and change some ‘permissions of your files’.(root directory) : 0755wp-includes/ : 0755wp-admin/ : 0755wp-admin/js/ : 0755wp-content/ : 0755wp-content/themes/ : 0755wp-content/plugins/ : 0755wp-admin/index.php : 0644.htaccess : 0644wp-config.php : 0644
  16. 16. How to provide protectionfrom attacks?F) Where is your .htaccess file?To have a safe Wordpress system, you really need to have a ‘.htaccess’file. Htaccess file has ‘redirection’ codes, as default. But you canimprove codes and have a safe Wordpress system. If you do not havethis file, just create it!# Hide signature of your Server!ServerSignature Off  # Limit of the file you upload will be max 10MB.LimitRequestBody 10240000 # Your files will not be ‘reachable’ by others. <files .htaccess>order allow,denydeny from all</files>
  17. 17. How to provide protectionfrom attacks?WP-Security Scan(Plugin)This is one the very useful plugins that should definitely be usedregularly by every WordPress blogger. This plugin can movethrough every security loophole in a few seconds. A list ofpossible vulnerabilities is then prepared, such as file passwordsor permissions, and also offers further suggestions on correctiveactions to deal with them.
  18. 18. What about SPAMS?You might get spams via comments to your posts.Spams try to be published on your pages, to makeadvertisement of their pages. But sometimes, theymay have some links, to redirect your members totheir pages automatically.
  19. 19. PluginsAkismetThe best anti-spam plugin for WordPress. Bundled with WordPress,Akismet requires a registration key, but is easy to setup and providesexcellent “set-it-and-forget-it” spam protection for WordPress.Limit Login AttemptsThe best anti login attack plugin. With Brute Force method, hackersmay try to attack your login page. Thanks to this plugin, after trying 3rdtimes, Wordpress asks users to wait some time, to try again usernameand password. Otherwise, with using wordlists, they may find logindetails.WP Activity MonitorYou may have a lot of admins, moderators or editors on yourWordpress. But it’s hard to control everyone. Moreover, how can you besure if there is no hacker who you do not know? You can control alldetails about your Wordpress.
  20. 20. TipsBack up your MySQL database regularly;You should always back up your site files and database. You should getinto the practice of regular MySQL database backups by exporting yourMySQL data as a .sql file to be stored in a safe location.Do not install every plugin you find;Users of Wordpress usually get hack because of plugins. That’s why youshould download and install plugins which are recommended byWordpress.
  21. 21. ReferencesWordpress.OrgWikipedia.OrgCyber-Warior.OrgLinuxToday.Org