8
TUTORIAL TIPS KEAMANAN WEBSITE WORDPRESS Posted on Saturday, April 13th, 2013 Berikut adalah tutorial tips cara mengamankan (security) website WordPress Anda : 1. Update dan upgrade versi instalasi WordPress disertai pula plugins dan template nya. 2. Ubah password admin ke level yang lebih sulit. Kombinasi huruf, angka dan karakter, misal: hyei%*5sg68a 3. Install plugins keamanan (security) seperti Better WP Security Langkah tambahan untuk memperkuat keamanan WordPress Anda (Opsional, ada yang sudah ditangani oleh plugin Better WP Security) : 1. Hilangkan privileges DROP pada setiap user database WordPress. Caranya dari Cpanel -> Mysql Databases -> klik nama user databasenya. 2. Hapus file README (readme.html) dan LICENSE (license.txt) melalui Cpanel -> File Manager -> public_html (sudah ditangani oleh plugin Better WP Security)

TUTORIAL TIPS KEAMANAN WEBSITE WORDPRESS.docx

Embed Size (px)

DESCRIPTION

Tutorial untuk keamanan website yang dibuat dengan menggunakan wordpress

Citation preview

Page 1: TUTORIAL TIPS KEAMANAN WEBSITE WORDPRESS.docx

TUTORIAL TIPS KEAMANAN WEBSITE WORDPRESSPosted on Saturday, April 13th, 2013

Berikut adalah tutorial tips cara mengamankan (security) website WordPress Anda :

1. Update dan upgrade versi instalasi WordPress disertai pula plugins dan template nya.

2. Ubah password admin ke level yang lebih sulit. Kombinasi huruf, angka dan karakter, misal:

hyei%*5sg68a

3. Install plugins keamanan (security) seperti Better WP Security

Langkah tambahan untuk memperkuat keamanan WordPress Anda (Opsional, ada yang sudah

ditangani oleh plugin Better WP Security) :

1. Hilangkan privileges DROP pada setiap user database WordPress. Caranya dari Cpanel ->

Mysql Databases -> klik nama user databasenya.

2. Hapus file README (readme.html) dan LICENSE (license.txt) melalui Cpanel -> File Manager

-> public_html (sudah ditangani oleh plugin Better WP Security)

Page 2: TUTORIAL TIPS KEAMANAN WEBSITE WORDPRESS.docx

3. Pindahkan (move) file wp-config.php ke direktori diatas nya. Path sebelumnya adalah

/home/userCpanel/public_html/wp-config.php setelah move menjadi /home/userCpanel/wp-

config.php kemudian ubah permission file baru ke 400. WordPress akan otomatis mencari

kesana.

 

4. Cegah semua pihak membaca file .htaccess dengan menambahkan script (sudah ditangani

oleh plugin Better WP Security) :

<Files .htaccess>

 order allow,deny

 deny from all

</Files>

Page 3: TUTORIAL TIPS KEAMANAN WEBSITE WORDPRESS.docx

5. Cegah akses ke wp-admin hanya untuk beberapa IP yang anda gunakan (berlaku untuk

pengguna layanan internet dengan IP statis), melalui CPanel -> File Manager (centang Show

Hidden Files (dotfiles)) -> public_html -> klik dan edit file .htaccess, masukan script dibawah ini

lalu save changes

<files wp-login.php>

order deny,allow

deny from all

# whitelist IP Pertama anda

allow from xxx.xxx.xxx.xxx

#whitelist IP Kedua anda (jika ada)

allow from xxx.xxx.xxx.xxx

#dan seterusnya

allow from xxx.xxx.xxx.xxx

</files>

6. Instal beberapa plugins rekomendasi untuk keamanan semisal wp-security-scan, wordpress-

firewall, ms-user-management, Stealth Login, ultimate-security-scanner, Exploit Scanner,

Timthumb Vulnerability Scanner, wordfence. Ini sesuai kebutuhan saja.

7. Perbanyak berdoa 

Page 4: TUTORIAL TIPS KEAMANAN WEBSITE WORDPRESS.docx

Greeting BinusHacker Family,

Komunitas dan organisasi wordpress di Indonesia (wordpress.or.id) mengumumkan beberapa plugin

WordPress yang teridentifikasi mengandung celah keamanan yang dapat dimanfaatkan orang lain untuk

menyusupkan file ke blog kita. Namun pada website www.binushacker.net tercinta ini, kami tambahkandaftar

lengkap plugins wordpress yang memiliki celah keamanan pada tahun 2012 ini.

Berikut ini daftar wordpress exploit, wordpress vulnerabilities list, sql injection wordpress, wordpress

vulnerabilities scanner, wordpress vulnerabilities 2012, wordpress security vulnerabilities, wordpress

hacking, wordpress hacking 2012, wordpress hacking, wordpress hacked, wordpress hacking attacks.

Metode XSS

WordPress DX-Contribute Plugin 1.1.0 – XSS

Post-views plugin 2.6.1. – XSS

WP e-Commerce 1.1.1 – XSS

WordPress WooCommerce Predictive Search Plugin 1.0.6. – XSS

Video Lead Form 0.5 – XSS

Pretty Link Lite Plugin 1.6.0 – XSS

WP125 plugin 1.4.5. XSS

Ultimate TinyMCE plugin 3.6. – XSS

Wysija Newsletters Plugin 2.1.7. – XSS

WordPress Carousel Slideshow 3.10 – XSS

BuddyStream plugin 2.6.2 – XSS

NextGEN Gallery 1.9.7 – XSS

Amazon Associate plugin 2.0 – XSS

SQL Injection

Hitasoft FLV Player Plugin 1.1 SQL Injection

AJAX Post Search Plugin 1.1 – SQL Injection

Lainnya

Advanced Custom Fields Plugin 3.5.2. – Arbitrary file inclusion

vTiger CRM Lead Capture 1.1.0. – unspecified errors

WP-Filebase Plugin 0.2.9.24. – unspecified errors

Berikut Daftar Lengkap WordPress Plugin Yang Memiliki Celah Keamanan 2012:

Welcart e-Commerce December 14, 2012

Knews Multilingual Newsletters December 14, 2012

Page 5: TUTORIAL TIPS KEAMANAN WEBSITE WORDPRESS.docx

Bulk update many plugins added December 7, 2012

All Video Gallery November 2, 2012

WordPress Spider Catalog November 2, 2012

Slideshow ( jquery image gallery) Plugin November 2, 2012

FoxyPress Plugin November 2, 2012

GRAND FlAGallery Plugin October 28, 2012

FireStorm Professional Real Estate October 28, 2012

WordPress Poll Plugin October 28, 2012

Thank You Counter October 28, 2012

UnGallery plugin October 28, 2012

Zingiri Bookings plugin October 28, 2012

WordPress Wordfence Plugin October 23, 2012

WordPress White Label CMS October 22, 2012

Download Shortcode Plugin October 22, 2012

Pinterest “Pin It” Button Lite October 6, 2012

Spider Calendar October 6, 2012

ABC Test September 27, 2012

Token Manager plugin September 27, 2012

Sexy Add Template September 27, 2012

Notices Ticker September 27, 2012

WP-TopBar September 21, 2012

MF Gig Calendar September 21, 2012

Answer-my-question September 21, 2012

Cloudsafe365 August 29, 2012

Image news slider August 29, 2012

Count Per Day plugin August 29, 2012

Zingiri Web Shop August 22, 2012

Mz-jajak August 15, 2012

Postie August 13, 2012

Vitamin Plugin August 9, 2012

G-Lock Double Opt-in August 3, 2012

GD Star Rating July 26, 2012

Mac Photo Gallery plugin July 26, 2012

Backup July 26, 2012

Flexi Quote Rotator July 26, 2012

Get Off Malicious Scripts July 26, 2012

LeagueManager plugin July 18, 2012

Resume Submissions & Job Postings July 18, 2012

Paid Memberships Pro July 16, 2012

Global Content Blocks July 16, 2012

The Guardian News Feed plugin July 11, 2012

WP Symposium July 11, 2012

Leaflet Maps Marker July 11, 2012

Artiss Code Embed July 11, 2012

Front-end Editor July 11, 2012

WP Socializer July 8, 2012

PHPFreeChat plugin July 8, 2012

Knews Multilingual Newsletters July 8, 2012

Contus Vblog plugin July 8, 2012

Custom tables plugin July 8, 2012

Church_admin Plugin July 7, 2012

Page 6: TUTORIAL TIPS KEAMANAN WEBSITE WORDPRESS.docx

MoodThingy plugin July 7, 2012

Quick Post Widget July 7, 2012

Email newsletter July 7, 2012

Quotes Collection Plugin July 4, 2012

Count Per Day plugin July 4, 2012

Zingiri Web Shop July 4, 2012

Job Manager June 29, 2012

N-Media Mailchimp June 24, 2012

TheCartPress plugin June 21, 2012

Zingiri Web Shop June 17, 2012

Kk Star Ratings June 17, 2012

Easy Contact Forms Export June 17, 2012

WpStoreCart June 17, 2012

MAC PHOTO GALLERY June 17, 2012

Top Quark Architecture June 17, 2012

Tinymce Thumbnail Gallery June 17, 2012

WP-Property June 9, 2012

Front End Upload June 9, 2012

FoxyPress June 9, 2012

WordPress VideoWhisper Video Presentation June 9, 2012

Omni Secure Files Plugin June 9, 2012

HTML5 AV Manager Plugin June 9, 2012

Google Maps Via Store Locator Plus June 9, 2012

WordPress Font Uploader June 9, 2012

MM Forms Community June 9, 2012

ALO EasyMail Newsletter May 31, 2012

WordPress WassUp Plugin May 21, 2012

WP Easy Gallery Plugin May 17, 2012

WP Easy Gallery Plugin May 17, 2012

GRAND Flash Album May 17, 2012

WordPress CataBlog Plugin May 17, 2012

WordPress Dynamic Widgets Plugin May 17, 2012

WordPress Network Publisher May 16, 2012

WordPress WP Forum Server May 16, 2012

Media Library Categories Plugin May 16, 2012

PDF & Print Button Joliprint Plugin May 16, 2012

CodeStyling Localization May 16, 2012

2 Click Social Media Buttons May 16, 2012

WordPress Newsletter Manager Plugin May 16, 2012

Mingle Forum May 16, 2012

SoundCloud Is Gold May 16, 2012

Subscribe2 May 16, 2012

WP-FaceThumb May 15, 2012

User Photo Plugin May 11, 2012

Zingiri Web Shop May 3, 2012

ShareYourCart Plugin April 27, 2012

WordPress Sharebar Plugin April 23, 2012

WP Survey And Quiz Tool April 23, 2012

Zingiri Web Shop April 23, 2012

WordPress Download Manager April 23, 2012

Sh-slideshow April 14, 2012

Page 7: TUTORIAL TIPS KEAMANAN WEBSITE WORDPRESS.docx

WP Marketplace Plugin April 11, 2012

Nmedia Users File Uploader April 11, 2012

Another WordPress Classifieds Plugin April 5, 2012

BuddyPress April 5, 2012

CMS Tree Page March 27, 2012

WordPress Image News slider March 26, 2012

Blaze Slideshow March 26, 2012

WordPress Carousel Slideshow Plugin March 26, 2012

Video Embed & Thumbnail Generator Plugin February 27, 2012

Magn WP Drag and Drop Upload February 27, 2012

SB Uploader February 27, 2012

WordPress Absolute Privacy Plugin February 27, 2012

S2Member Pro WordPress membership plugin February 27, 2012

AllWebMenus WordPress Menu Plugin January 26, 2012

Theme Tuner January 26, 2012

WP e-Commerce January 26, 2012

My Calendar Plugin January 26, 2012

uCan Post plugin January 26, 2012

NextGEN Gallery January 26, 2012

Count Per Day Plugin January 16, 2012

Pay With Tweet Plugin January 16, 2012

Whois Search Plugin January 4, 2012

TheCartPress Plugin January 4, 2012

Connections January 2, 2012

WP Symposium January 2, 2012

Daftar lengkap ada disini: http://wpsecure.net/category/expl oits

Semoga menjadi informasi yang bermanfaat dan dapat digunakan untuk memperbaiki wordpress masing-

masing