Upload
w2s-solutions
View
108
Download
4
Embed Size (px)
Citation preview
• No doubt that today world’s greatest content management
system is WordPress . More than 75 million websites built on
WordPress till now and nearly 6 new posts / blogs are
published every second.
• WordPress is most popular business website today because it is,
^ Open source
^ Easy to access and manage
^ More theme and plugin options
^ SEO friendly
^ Blog
• Over 29 thousand plugins developed, 98 versions and 75
million websites runs on WordPress. There are chances of
websites are vulnerable to security attacks.
Introduction
Protect you login
Secure wp-config.php
Secure wp-content directory
Block search engine spiders in admin
Protect .htacess file
Install SSL certificate
Other Best Practices
How to avoid security breach:
Dear Readers, My apologies for the interruption:
W2S Solutions have published few more topics, hope it will be helpful to
you:
5 Inbound Marketing Strategies That Can Draw Your Customers Like
Bees
4 Tips for Automating Workflow
A Blueprint for Disruptive Thinking
Mobile App Development Trends to Look Out for in 2017
How to hire a Chief Technology Officer for your business?
The Ultimate List of The Best Mobile APP Development Tools –
Infographics
Why W2S is an Enterprise Apps Development Company
Why Enterprises Should Build an Android App
Strong user name and password: 8% of the total website is
being hacked due to weaker password. I recommend having
strong password with pattern as upper/lower keys, numbers
and symbols. Something like “catchSahara12!@”. Keep
changing it every 60 days.
Limit login attempts: Limit the number of failed login
attempts and restrict IP after that. By blocking access to wp-
login.php we can block unauthorized users, for this you need
to edit .htacess file.
Delete Inactive User accounts
Update WordPress version, Themes and Plugins
Exploits may occur within days, its necessary to keep
wordpress version, themes and plugins up to date.
Protect you login:
All the keys and access information will be in wp-config.php
file. By editing .htacess file in the root directory of wordpress
we can secure wp-config.php. The following code denies
everyone access to the wp-config.php file,
# protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all
</files>
You can also add wordpress authentication keys to wp-
config.php it helps better encryption of user data.
Secure wp-config.php:
Specific users should only able to access specific files types
within this directory. This file type includes .jpeg, .gif, .png, .js,
.css, .xml. You need to limit the access, below code with help
to allow access only to pictures, Javascripts, CSS and XML files
not other data. This code should be implemented in .htacess
file within the wp-content folder.
Order deny,allow
Deny from all
<Files ~ “.(xml|css|jpe?g|png|gif|js)$”>
Allow from all
</Files>
Secure wp-content directory:
You should not index the admin section otherwise search
engine spiders crawl over your entire content unless they are
told no to do so. To prevent wordpress hack from blocking
spiders from indexing, create a robots.txt file in root directory
with following code,
#
User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*
Block search engine spiders in admin:
.htaccess files are used to specify the security restrictions for the
particular directory. Hypertext access allow for decentralized
management of configuration when placed inside the web tree.
To avoid .htaccess hacks include the below code in domain root
.htaccess file.
# STRONG HTACCESS PROTECTION</code>
<Files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>
Protect .htacess file:
It allows you to login securely via https. This encrypts the data
you and users to your site transfer via the site, such as when
submitting contact forms or using login in pages. Otherwise, data
is transferred like a postcard in the mail, meaning anyone who’s
looking can read it.
If you want to use HTTPS when logging into your WordPress
dashboard, then you can use one of the codes below and add
them to wp-config.php.
define(‘FORCE_SSL_LOGIN’, true);
The code above forces WordPress to use SSL when logging into
your administration panel but only when logging in. It does not
enforce the use of SSL while using your dashboard.
Instead of doing this manually you can also just add a plugin like
WordPress HTTPS (SSL)
Install SSL certificate:
Backup your files on regular basis
Install WP Security Scan
Change table prefix
Prevent directory browsing
Prevent script injection
Proper server without any virus
Don’t login in public wifi networks
Use secure hosting
Hide dashboard login errors
Install WP firewall
Use SSH instead of FTP…
Read more about : Secure your wordpress website
Other Best Practices:
NO.1, 1ST FLOOR, MRK ARCADE,200 FEET RADIAL ROAD, THORAIPAKKAM,
CHENNAI, INDIA - 600097.PH: +91 44-6050 6059
9820 IVALENES HOPE DR,AUSTIN TX 78717.
PH: +1 512 375 4345
5838 BURBANK ROAD SE, CALGARY,ALBERTA, CANADA T2H 1Z3
PH: +1 403 926 3660
https://www.w2ssolutions.com/
WORDPRESS WEBSITE DEVELOPMENT SERVICES CHENNAI