Embed Size (px)
DESCRIPTION
Tutorial untuk keamanan website yang dibuat dengan menggunakan wordpress
Citation preview
TUTORIAL TIPS KEAMANAN WEBSITE WORDPRESSPosted on Saturday, April 13th, 2013
Berikut adalah tutorial tips cara mengamankan (security) website WordPress Anda :
1. Update dan upgrade versi instalasi WordPress disertai pula plugins dan template nya.
2. Ubah password admin ke level yang lebih sulit. Kombinasi huruf, angka dan karakter, misal:
hyei%*5sg68a
3. Install plugins keamanan (security) seperti Better WP Security
Langkah tambahan untuk memperkuat keamanan WordPress Anda (Opsional, ada yang sudah
ditangani oleh plugin Better WP Security) :
1. Hilangkan privileges DROP pada setiap user database WordPress. Caranya dari Cpanel ->
Mysql Databases -> klik nama user databasenya.
2. Hapus file README (readme.html) dan LICENSE (license.txt) melalui Cpanel -> File Manager
-> public_html (sudah ditangani oleh plugin Better WP Security)
3. Pindahkan (move) file wp-config.php ke direktori diatas nya. Path sebelumnya adalah
/home/userCpanel/public_html/wp-config.php setelah move menjadi /home/userCpanel/wp-
config.php kemudian ubah permission file baru ke 400. WordPress akan otomatis mencari
kesana.
4. Cegah semua pihak membaca file .htaccess dengan menambahkan script (sudah ditangani
oleh plugin Better WP Security) :
<Files .htaccess>
order allow,deny
deny from all
</Files>
5. Cegah akses ke wp-admin hanya untuk beberapa IP yang anda gunakan (berlaku untuk
pengguna layanan internet dengan IP statis), melalui CPanel -> File Manager (centang Show
Hidden Files (dotfiles)) -> public_html -> klik dan edit file .htaccess, masukan script dibawah ini
lalu save changes
<files wp-login.php>
order deny,allow
deny from all
# whitelist IP Pertama anda
allow from xxx.xxx.xxx.xxx
#whitelist IP Kedua anda (jika ada)
allow from xxx.xxx.xxx.xxx
#dan seterusnya
allow from xxx.xxx.xxx.xxx
</files>
6. Instal beberapa plugins rekomendasi untuk keamanan semisal wp-security-scan, wordpress-
firewall, ms-user-management, Stealth Login, ultimate-security-scanner, Exploit Scanner,
Timthumb Vulnerability Scanner, wordfence. Ini sesuai kebutuhan saja.
7. Perbanyak berdoa
Greeting BinusHacker Family,
Komunitas dan organisasi wordpress di Indonesia (wordpress.or.id) mengumumkan beberapa plugin
WordPress yang teridentifikasi mengandung celah keamanan yang dapat dimanfaatkan orang lain untuk
menyusupkan file ke blog kita. Namun pada website www.binushacker.net tercinta ini, kami tambahkandaftar
lengkap plugins wordpress yang memiliki celah keamanan pada tahun 2012 ini.
Berikut ini daftar wordpress exploit, wordpress vulnerabilities list, sql injection wordpress, wordpress
vulnerabilities scanner, wordpress vulnerabilities 2012, wordpress security vulnerabilities, wordpress
hacking, wordpress hacking 2012, wordpress hacking, wordpress hacked, wordpress hacking attacks.
Metode XSS
WordPress DX-Contribute Plugin 1.1.0 – XSS
Post-views plugin 2.6.1. – XSS
WP e-Commerce 1.1.1 – XSS
WordPress WooCommerce Predictive Search Plugin 1.0.6. – XSS
Video Lead Form 0.5 – XSS
Pretty Link Lite Plugin 1.6.0 – XSS
WP125 plugin 1.4.5. XSS
Ultimate TinyMCE plugin 3.6. – XSS
Wysija Newsletters Plugin 2.1.7. – XSS
WordPress Carousel Slideshow 3.10 – XSS
BuddyStream plugin 2.6.2 – XSS
NextGEN Gallery 1.9.7 – XSS
Amazon Associate plugin 2.0 – XSS
SQL Injection
Hitasoft FLV Player Plugin 1.1 SQL Injection
AJAX Post Search Plugin 1.1 – SQL Injection
Lainnya
Advanced Custom Fields Plugin 3.5.2. – Arbitrary file inclusion
vTiger CRM Lead Capture 1.1.0. – unspecified errors
WP-Filebase Plugin 0.2.9.24. – unspecified errors
Berikut Daftar Lengkap WordPress Plugin Yang Memiliki Celah Keamanan 2012:
Welcart e-Commerce December 14, 2012
Knews Multilingual Newsletters December 14, 2012
Bulk update many plugins added December 7, 2012
All Video Gallery November 2, 2012
WordPress Spider Catalog November 2, 2012
Slideshow ( jquery image gallery) Plugin November 2, 2012
FoxyPress Plugin November 2, 2012
GRAND FlAGallery Plugin October 28, 2012
FireStorm Professional Real Estate October 28, 2012
WordPress Poll Plugin October 28, 2012
Thank You Counter October 28, 2012
UnGallery plugin October 28, 2012
Zingiri Bookings plugin October 28, 2012
WordPress Wordfence Plugin October 23, 2012
WordPress White Label CMS October 22, 2012
Download Shortcode Plugin October 22, 2012
Pinterest “Pin It” Button Lite October 6, 2012
Spider Calendar October 6, 2012
ABC Test September 27, 2012
Token Manager plugin September 27, 2012
Sexy Add Template September 27, 2012
Notices Ticker September 27, 2012
WP-TopBar September 21, 2012
MF Gig Calendar September 21, 2012
Answer-my-question September 21, 2012
Cloudsafe365 August 29, 2012
Image news slider August 29, 2012
Count Per Day plugin August 29, 2012
Zingiri Web Shop August 22, 2012
Mz-jajak August 15, 2012
Postie August 13, 2012
Vitamin Plugin August 9, 2012
G-Lock Double Opt-in August 3, 2012
GD Star Rating July 26, 2012
Mac Photo Gallery plugin July 26, 2012
Backup July 26, 2012
Flexi Quote Rotator July 26, 2012
Get Off Malicious Scripts July 26, 2012
LeagueManager plugin July 18, 2012
Resume Submissions & Job Postings July 18, 2012
Paid Memberships Pro July 16, 2012
Global Content Blocks July 16, 2012
The Guardian News Feed plugin July 11, 2012
WP Symposium July 11, 2012
Leaflet Maps Marker July 11, 2012
Artiss Code Embed July 11, 2012
Front-end Editor July 11, 2012
WP Socializer July 8, 2012
PHPFreeChat plugin July 8, 2012
Knews Multilingual Newsletters July 8, 2012
Contus Vblog plugin July 8, 2012
Custom tables plugin July 8, 2012
Church_admin Plugin July 7, 2012
MoodThingy plugin July 7, 2012
Quick Post Widget July 7, 2012
Email newsletter July 7, 2012
Quotes Collection Plugin July 4, 2012
Count Per Day plugin July 4, 2012
Zingiri Web Shop July 4, 2012
Job Manager June 29, 2012
N-Media Mailchimp June 24, 2012
TheCartPress plugin June 21, 2012
Zingiri Web Shop June 17, 2012
Kk Star Ratings June 17, 2012
Easy Contact Forms Export June 17, 2012
WpStoreCart June 17, 2012
MAC PHOTO GALLERY June 17, 2012
Top Quark Architecture June 17, 2012
Tinymce Thumbnail Gallery June 17, 2012
WP-Property June 9, 2012
Front End Upload June 9, 2012
FoxyPress June 9, 2012
WordPress VideoWhisper Video Presentation June 9, 2012
Omni Secure Files Plugin June 9, 2012
HTML5 AV Manager Plugin June 9, 2012
Google Maps Via Store Locator Plus June 9, 2012
WordPress Font Uploader June 9, 2012
MM Forms Community June 9, 2012
ALO EasyMail Newsletter May 31, 2012
WordPress WassUp Plugin May 21, 2012
WP Easy Gallery Plugin May 17, 2012
WP Easy Gallery Plugin May 17, 2012
GRAND Flash Album May 17, 2012
WordPress CataBlog Plugin May 17, 2012
WordPress Dynamic Widgets Plugin May 17, 2012
WordPress Network Publisher May 16, 2012
WordPress WP Forum Server May 16, 2012
Media Library Categories Plugin May 16, 2012
PDF & Print Button Joliprint Plugin May 16, 2012
CodeStyling Localization May 16, 2012
2 Click Social Media Buttons May 16, 2012
WordPress Newsletter Manager Plugin May 16, 2012
Mingle Forum May 16, 2012
SoundCloud Is Gold May 16, 2012
Subscribe2 May 16, 2012
WP-FaceThumb May 15, 2012
User Photo Plugin May 11, 2012
Zingiri Web Shop May 3, 2012
ShareYourCart Plugin April 27, 2012
WordPress Sharebar Plugin April 23, 2012
WP Survey And Quiz Tool April 23, 2012
Zingiri Web Shop April 23, 2012
WordPress Download Manager April 23, 2012
Sh-slideshow April 14, 2012
WP Marketplace Plugin April 11, 2012
Nmedia Users File Uploader April 11, 2012
Another WordPress Classifieds Plugin April 5, 2012
BuddyPress April 5, 2012
CMS Tree Page March 27, 2012
WordPress Image News slider March 26, 2012
Blaze Slideshow March 26, 2012
WordPress Carousel Slideshow Plugin March 26, 2012
Video Embed & Thumbnail Generator Plugin February 27, 2012
Magn WP Drag and Drop Upload February 27, 2012
SB Uploader February 27, 2012
WordPress Absolute Privacy Plugin February 27, 2012
S2Member Pro WordPress membership plugin February 27, 2012
AllWebMenus WordPress Menu Plugin January 26, 2012
Theme Tuner January 26, 2012
WP e-Commerce January 26, 2012
My Calendar Plugin January 26, 2012
uCan Post plugin January 26, 2012
NextGEN Gallery January 26, 2012
Count Per Day Plugin January 16, 2012
Pay With Tweet Plugin January 16, 2012
Whois Search Plugin January 4, 2012
TheCartPress Plugin January 4, 2012
Connections January 2, 2012
WP Symposium January 2, 2012
Daftar lengkap ada disini: http://wpsecure.net/category/expl oits
Semoga menjadi informasi yang bermanfaat dan dapat digunakan untuk memperbaiki wordpress masing-
masing
