1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Question about WordPress security

Discussion in 'Blogging' started by gjrb29, Jun 25, 2011.

  1. gjrb29

    gjrb29 Registered Member

    Joined:
    Feb 8, 2009
    Messages:
    65
    Likes Received:
    15
    I am thinking start a wordpress and I have been doing days worth of searches on preventing hacks.

    I have found articles about this topic ranging from 2008-2011. I understand that Wordpress usually close up security issues in updated versions. Would all or most of these security modifications still needed to be done with the new wordpress versions today?

    Some of the security measures I found were:

    Some of the security protection measures I found through-out the DP forum and other sites are:

    1.) Remove "Powered By WordPress" at the footer

    2.)Change the default user to anything other than "Admin"

    3.)Remove Wordpress Version

    4.)Change WordPress DB Table prefix to something other than "WP_____"

    5.)Download Plugin Bad Behavior

    6.)Download Plugin "WordPress Security Scan"

    7.)Insert the code below into your .htaccess file in your "WP Admin" not the Root Folder:

    order deny,allow
    allow from xx.xx.xx.xx <<Your IP>>
    deny from all


    8.)Change List of Plugins---<<have no idea how to do this>>

    9.)Admin-- encrypted connection (SSL) <<<have no idea how to do this>>

    10.)ChMod all files to 664

    11.)Install "Limited Login Attempts"

    12.)Hide Your Login with "Stealth Login" Plugin

    13.)Install 'One Type Password' plugin to ensure stolen passwords only work with one session.

    14.)Install 'Login Encrypt' to prevent anyone from stealing your login details by hiding or encrypting password when entered.

    15.)Install 'WordPress Last Login' to detected the last time and IP that logged into the account.

    16.)Simple copy and paste the code below to your .htaccess in the root to prevent script injection and unwanted modification:

    # protect from sql injection
    Options +FollowSymLinks
    RewriteEngine On
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
    RewriteRule ^(.*)$ index.php [F,L]


    17.)No Browsing of Directory- copy this code into your .htaccess in root directory:

    # disable directory browsing
    Options All -Indexes


    18.)Protect WP-Config.php, add code to .htaccess in root directory:

    # protect wp-config.php
    <files wp-config.php>
    Order deny,allow
    Deny from all
    </files>


    19.)Protect .htaccess, place code in domain's root .htaccess file:

    # STRONG HTACCESS PROTECTION</code>
    <Files ~ "^.*\.([Hh][Tt][Aa])">
    order allow,deny
    deny from all
    satisfy all
    </Files>


    20.)Change the Name of your .htaccess

    21.)Block SE Spiders From Indexing The Admin section. Create a robot.txt file in your root directory and place code below:

    #
    User-agent: *
    Disallow: /cgi-bin
    Disallow: /wp-admin
    Disallow: /wp-includes
    Disallow: /wp-content/plugins/
    Disallow: /wp-content/cache/
    Disallow: /wp-content/themes/
    Disallow: */trackback/
    Disallow: */feed/
    Disallow: /*/feed/rss/$
    Disallow: /category/*


    22.)Theme Authenticity Checker (also known as TAC)- Scans your theme files for potentially malicious or unwanted codes

    23.) WP File Monitor- Monitors Files Under WordPress in stallion for changes. Once a change occurs you'll be notified by email.

    24.) WP-MalWatch- A WP security plugin that scans your WP nightly searching for evidence of malware.

    Thank you in advance
     
    Last edited: Jun 25, 2011
  2. justchill

    justchill Newbie

    Joined:
    Jun 24, 2011
    Messages:
    22
    Likes Received:
    0
    good share buddy
    keep sharing more
     
  3. BHopkins

    BHopkins Moderator Staff Member Moderator Jr. VIP

    Joined:
    Dec 31, 2010
    Messages:
    2,431
    Likes Received:
    1,518
    Gender:
    Male
    Occupation:
    ORM and SEO company owner
    Location:
    California
    Home Page:
    Wow, what do you plan to put on your blog that is so worthy of such lengthy security measures? I have over 80 wordpress installs and I get a couple hacked with injects every few years. Hardly worth spending "days" researching ways to prevent it.
     
  4. thisisacoolname

    thisisacoolname Junior Member

    Joined:
    Aug 6, 2010
    Messages:
    191
    Likes Received:
    71
    wow. that's a lot. can't use them all but will be using the two plugins limit log in and stealth login.

    maybe that'll be enough :) thanks for the share buddy
     
  5. adam007

    adam007 Newbie

    Joined:
    Jun 28, 2011
    Messages:
    17
    Likes Received:
    1
    thanks a lot bro i want it make some bug in WP :D