1 / 7

Tips for WordPress Security

ClickIT Smart Technologies can help you to setup firewalls such as CSF, UFW, Iptables and PfSense/Sonicwall Firewall Appliance designed to mitigate common botnets, brute-force and malware attacks. Implementing a firewall will ensure you are the only one connecting to your remote management system. It will also help you to get legitimate visitors and not disturb your traffic analysis.

Télécharger la présentation

Tips for WordPress Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Tips for WordPressSecurity ClickIT Technologies has offered more than five thousand migration services worldwide. Let us help you with the painful task of moving your app, your server or your website.

  2. WordPress is by far the most popular CMS on the internet for blogging, not only for a friendly user but for attackers and hacking attempts. WordPress is always upgrading and improving thanks to their team of developers and community which makes it easier to detect any bug or error on it. We know that if you run a WordPress site, you care about protection (which involves your data and your customer’s and visitor’s data). Here is a summary of the practices you can apply to your WordPress site in order to make it safer. Remember that these actions don’t guarantee a 100% protection against hacking attempts, but will protect you for the majority of the attacks. Protect your WordPress Admin Area WordPress admin area must not be where everybody logins and modify anything that they want. What you should do is restrict the access to the people who really needs it. If your site is not for front-end creation, your visitors or customers should not be able to access your /wp-admin folder. You can add add these lines to the .htaccess file in your WordPress admin folder replacing xx.xxx.xxx.xxx with your IP address. order deny,allow Deny from all Allow from xx.xxx.xxx.xxx

  3. Don’t use admin username People often forget changing their username “admin” to a complex or safer one. As admin username is very popular attackers often make brute force attacks to your admin login and others attack simply by naming your username differently. If you’re installing a new WordPress site, you will be asked for username during the WordPress installation process. Remove WordPress Header WordPress can add a lot of stuff in your header for various services, this will remove everything, but take care, it also removes some functionality ( for instance if someone is looking for your RSS feed). If you want to keep some just comment the line out. 1 // remove junk from head 2 remove_action('wp_head', 'feed_links', 2); 3 remove_action('wp_head', 'feed_links_extra', 3); 4 remove_action('wp_head', 'rsd_link'); 5 remove_action('wp_head', 'wlwmanifest_link'); 6 remove_action('wp_head', 'index_rel_link'); 7 remove_action('wp_head', 'parent_post_rel_link', 10, 0); 8 remove_action('wp_head', 'start_post_rel_link', 10, 0); 9 remove_action('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0); 10 remove_action('wp_head', 'wp_generator'); 11 remove_action('wp_head', 'wp_shortlink_wp_head', 10, 0); 12 remove_action('wp_head', 'noindex', 1);

  4. Monitoring your files for changes When an attack happens, it always leave traces. Either on the logs or on the file system (new files, modified files, etc). If you are using OSSEC for example, it will monitor your files and alert you when they change. Schedule Local Backups Regular backups are a must and having tiered backups is even better. That means backing up the WordPress database and also your server disk. There are several backup plugins and services that will back your data up, wordpress or server side its very important to have at least 1 backup monthly. WordfencePlugin Wordfenceplugin is a complete Anti-Virus and Firewall for your WordPress. It not only protects your site from many possible attacks but also keeps you off Google’s SEO blacklist, repairs hacked files, even if you don’t have backups. It also includes some features like login brute force protection, hiding your WordPress version number, blocking fake google crawlers and many other security elements. Remember Wordfence offer the free and the paid version for enterprises.

  5. AkismetPlugin Akismet is a really good plugin which checks your comments against the Akismet Web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen. Login Lockdown Login Lockdown checks for a specific ip which is trying to login to your site but it never happens. It will block that IP after a certain number of attempts and will disable any request of it for a certain amount of time. Currently, the plugin defaults to a 1-hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel. Protect your computer from Virus/Malware Protecting your computer from malware or virus is not hard. Remember that WordPress allows you to upload any file or plugins, thats why any file that you want to upload, must be clean in order to maintain your wordpress folder free from virus and malware.

  6. Here are some actions you may need to take in order to do it: Install an antivirus program Use a firewall Use a pop-up blocker with your browser Keep your computer updated Don’t open email attachments unless you’re expecting them WordPress & Plugin Up-to-date It is really important to keep your WordPress version up to date since there are always vulnerabilities which can be hard to exploit but you need to get them fixed ASAP. Remember that if you are going to update your WordPress to the latest version you must check your plugins and compatibility with all your setup. Use Strong Passwords You will be surprised that most of the people who own a blog site or any website often set “password” or “123456” as their personal account passwords. Its not hard to guess what will happen to their site with those passwords. We recommend using complete phrases instead of words and numbers. Article Source: -http://clickittechcloudcomputing.tumblr.com/post/148730384346/tips-for-wordpress-security

More Related