SlideShare ist ein Scribd-Unternehmen logo

WordPress Security Tips

Catch Themes
Catch Themes

WordPress Security Tips By Catch Internet: http://catchinternet.com This slide will cover WordPress Hosting Servers, Example of Link Injection Hacks, How to Secure your WordPress site basics and WordPress Security Plugins

TechnologieBusiness
1 von 25
WordPress Mini Word Camp 7 Basic WordPress Security Tips By Catch Internet Pvt. Ltd.
WordPress Security • WordPress popularity and usage brings in new threat • WordPress basic security is necessary for all the users • Most hackers in the internet are looking for the easy way
Purpose of the Presentation Is to Scare the crap out of you! Image by http://blog.mysanantonio.com
Purpose of the Presentation And then make everyone feel better
What We Will Cover • WordPress Hosting Servers • Example of Link Injection Hacks • How to Secure your WordPress site basics • WordPress Security Plugins
Do I Really Need To Secure WP • There is nothing valuable on my site • I only have limited visitors on my site • I thought I already was secured • Who is going to hack my site • I already turned off the comments for security
Yes You Have to Secure Your WP Check your Hosting: Well Known, Customer Service, Secure, Review Check, Linux Based, Control Panel, Backup Server Minimum Requirements • PHP 5.2.4 or greater •MySQL 5.0 or greater • The mod_rewrite Apache module
Recommended Hosting •Bluehost •MediaTemple •WestHost •DreamHost • WordPress VIP, Choppa, VPS (Premium Servers)
Hidden Link Injection Hacks • Upload/ Plugin/ Themes (TimThumb)/Core Wordpress/Multi WordPress • Uses css to hide it in style. Display:none; • Mostly used for get your SEO Ranking • Mostly initiated by basicpills.com and many other domains located at 212.117.161.190 • Another easy hacks
Hidden Link Injection Hacks •These are some of the links you will see in an infected site: <a href="http://basicpills . com/">online prescription drugs without a prescription.. <a href="http://generic-ed-pharmacy . com/">Buy Generic Viagra Onlin. <a href="http://getrxpills . com/buy/levitra.html”>levitra 10 mg.. •Mostly these spam links are all related to pharmacy products leading you to one of the following domains: antibioticsordrer.com, antibiotics-shop.com, basicpills.com, buynolvadexcheap.com, cheappillsonline.net, dacompliasale.com dlevitraonline.com, dzithromaxsbuy.com, generic-ed-pharmacy.com, getrxpills.com, kamagrasorder.com, onlineacompliacheap.com, onlinecialischeap.net, onlinelevitracheap.com, onlinelevitracheap.net, onlineviagracheap.com, onlineviagracheap.net, peampicillinonline.com, rx-prices.com, sclomidbuy.com, sdoxycyclinebuy.com, sviagrarbuy.com, vicialisabuy.com, wpropecianonline.com
How to Secure your WP Site basics • Keep your Core WordPress, Theme, Plugins Updated. • No Admin user account • Use Secure Username and Password (http://goodpassword.com/) • Folder Permission: Rule of Thumb, file 644, folder 755
How to Secure your WP Site basics •Remove WordPress Version from Header //Removing wp version generatorremove_action('wp_head', 'wp_generator'); •Use a Secret Key in wp-config.php https://api.wordpress.org/secret-key/1.1/salt/ •Change WP Table Prefix in wp-config.php $table_prefix = 'yourtable_12';
How to Secure your WP Site basics •Directories should not be left open for public browsing .htaccess Options All –Indexes •Nobody should be allowed to search your entire server. Do not use this search code in your search form <?php echo $_SERVER ['PHP_SELF']; ?> and use this instead <?phpbloginfo (‘home’); ?>
How to Secure your WP Site basics •Block WP-folder from being indexed by Search Engine. Best way to block, add the following code in your robots.txt file Disallow: /wp-* • Prevent Unnecessary Info From Being Displayed Add the following filter in function.php add_filter('login_errors',create_function('$a', "return null;"));
How to Secure your WP Site basics •Protect WordPress Admin: Use .htaccess and allow only specific IP address (http://whatismyip.com) AuthUserFile/dev/null AuthGroupFile/dev/null AuthName “Access Control” AuthType Basic <LIMIT GET> order deny, allow deny from all #IP address to Whitelist allow from xxx.xxx.xxx.xxx allow from xxx.xxx.xxx.xxx </LIMIT>
How to Secure your WP Site basics • Restrict File Access to wp-content WordPress doesn’t access the PHP files in the plugins and theme directory via HHTP. The Only request from web browser are for images, havascripts and css. In .htaccess file in wp-content Oder Allow, Deny Deny From all <Files ~ ".(css|jpe?g|png|gif|js)$"> Allow from all </files>
How to Secure your WP Site basics • Protect from Script Injections Protect from script injections and any attempt to modify the PHP GLOBALS and _REQUESTvariables. In .htaccess file in wp-content Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} (|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L]
How to Secure your WP Site basics • Fight Back Against Content Scrapers Protect you site against hot-linking and content scrapers Add the following code in your .htaccess file RewriteEngine On #Replace ?mysite.com/ with your blog url RewriteCond %{HTTP_REFERER} !^http://(.+.)?mysite.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ #Replace /images/nohotlink.jpg with your "don't hotlink" image url RewriteRule .*.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
How to Secure your WP Site basics • Protect your wp-config.php file During the server problem, wp-config.php might be shown • To Make it secure by adding the following code in .htaccess at root <FilesMatch ^wp-config.php$>deny from all</FilesMatch> • Backup Your Database and Files Schedule backup your Database and File. You can use the following plugins: •VaultPress •BAckupBuddy
WordPress Security Plugins
WordPress Security Plugins Signup in websitedefender.com
WordPress Security Plugins
WordPress Security Plugins
WordPress Security Plugins
WordPress Security Basics Thanks you For more visit our site Catchintenet.com http://catchinternet.com/blog/wordpress-security-tips/ My personal Blog Sakinshrestha.com http://sakinshrestha.com/wordpress/fix-if-your-wordpress- site-is-hacked/ http://sakinshrestha.com/wordpress/wordpress-security-tips/

Empfohlen

20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for BeginnersTRB Design, Inc.
 
Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteChris Burgess
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
20 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-201720 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-2017TRB Design, Inc.
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressChelsea O'Brien
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Vlad Lasky
 

Empfohlen

20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for BeginnersTRB Design, Inc.
 
Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteChris Burgess
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
20 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-201720 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-2017TRB Design, Inc.
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressChelsea O'Brien
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Vlad Lasky
 
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013Vlad Lasky
 
Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]HaMiD Fadaei
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanJeff Hoffman
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDStuartJDavidson.com
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityBrad Williams
 
Be Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better SecurityBe Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better Securitysecuriously
 
Word press security checklist
Word press security checklistWord press security checklist
Word press security checklistSanjay Dabhoya
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionPratik Jagdishwala
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013Brad Williams
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Vasile
 
Http only cookie
Http only cookieHttp only cookie
Http only cookiefool2fish
 
Basic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedBasic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedNile Flores
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015Shaiffulnizam Mohamad
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
GDPR and EA Commissioning a web site Part 6 of 8
GDPR and EA Commissioning a web site Part 6 of 8GDPR and EA Commissioning a web site Part 6 of 8
GDPR and EA Commissioning a web site Part 6 of 8Allen Woods
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersVladimír Smitka
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 

Weitere ähnliche Inhalte

Was ist angesagt?

Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013Vlad Lasky
 
Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]HaMiD Fadaei
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanJeff Hoffman
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDStuartJDavidson.com
 
Be Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better SecurityBe Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better Securitysecuriously
 
Word press security checklist
Word press security checklistWord press security checklist
Word press security checklistSanjay Dabhoya
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionPratik Jagdishwala
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013Brad Williams
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Vasile
 
Http only cookie
Http only cookieHttp only cookie
Http only cookiefool2fish
 
Basic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedBasic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedNile Flores
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
GDPR and EA Commissioning a web site Part 6 of 8
GDPR and EA Commissioning a web site Part 6 of 8GDPR and EA Commissioning a web site Part 6 of 8
GDPR and EA Commissioning a web site Part 6 of 8Allen Woods
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersVladimír Smitka
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 

Was ist angesagt? (20)

Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
 
Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff Hoffman
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Be Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better SecurityBe Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better Security
 
Word press security checklist
Word press security checklistWord press security checklist
Word press security checklist
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security session
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
 
Http only cookie
Http only cookieHttp only cookie
Http only cookie
 
Basic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedBasic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website Started
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
 
GDPR and EA Commissioning a web site Part 6 of 8
GDPR and EA Commissioning a web site Part 6 of 8GDPR and EA Commissioning a web site Part 6 of 8
GDPR and EA Commissioning a web site Part 6 of 8
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invaders
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011
 

Ähnlich wie WordPress Security Tips

Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Think Media Inc.
 
WordPress
WordPressWordPress
WordPressrisager
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014Judy Wilson
 
Your WordPress Freelance Business Site
Your WordPress Freelance Business SiteYour WordPress Freelance Business Site
Your WordPress Freelance Business SiteBrian Hogg
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site MuhammadUsaid2
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and SecurityThink Media Inc.
 
Methodist University Website Training Presentation
Methodist University Website Training PresentationMethodist University Website Training Presentation
Methodist University Website Training Presentationgoldentwig
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security EssentialsAngela Bowman
 
Getting started with wordpress hosting and security
Getting started with wordpress hosting and securityGetting started with wordpress hosting and security
Getting started with wordpress hosting and securityWP Pittsburgh Meetup Group
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleKayleigh Thorpe
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best PracticesRobert Vidal
 
How to Blog - #ACR14 Social Media Bootcamp
How to Blog - #ACR14 Social Media BootcampHow to Blog - #ACR14 Social Media Bootcamp
How to Blog - #ACR14 Social Media BootcampPaul Sufka
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignJudy Wilson
 

Ähnlich wie WordPress Security Tips (20)

Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013
 
WordPress
WordPressWordPress
WordPress
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014
 
Setup and run wordpress: 201
Setup and run wordpress: 201Setup and run wordpress: 201
Setup and run wordpress: 201
 
Your WordPress Freelance Business Site
Your WordPress Freelance Business SiteYour WordPress Freelance Business Site
Your WordPress Freelance Business Site
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and Security
 
Methodist University Website Training Presentation
Methodist University Website Training PresentationMethodist University Website Training Presentation
Methodist University Website Training Presentation
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
 
Getting started with wordpress hosting and security
Getting started with wordpress hosting and securityGetting started with wordpress hosting and security
Getting started with wordpress hosting and security
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
 
WordPress security
WordPress securityWordPress security
WordPress security
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
How to Blog - #ACR14 Social Media Bootcamp
How to Blog - #ACR14 Social Media BootcampHow to Blog - #ACR14 Social Media Bootcamp
How to Blog - #ACR14 Social Media Bootcamp
 
Secure wordpress
Secure wordpressSecure wordpress
Secure wordpress
 
WordPress Multisite
WordPress MultisiteWordPress Multisite
WordPress Multisite
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web Design
 

Mehr von Catch Themes

Building WordPress Theme Business: My Story
Building WordPress Theme Business: My StoryBuilding WordPress Theme Business: My Story
Building WordPress Theme Business: My StoryCatch Themes
 
Speaking at WordCamps? What not to do…
Speaking at WordCamps? What not to do…Speaking at WordCamps? What not to do…
Speaking at WordCamps? What not to do…Catch Themes
 
Opening Remarks - WordCamp Kathmandu, 2016
Opening Remarks - WordCamp Kathmandu, 2016 Opening Remarks - WordCamp Kathmandu, 2016
Opening Remarks - WordCamp Kathmandu, 2016 Catch Themes
 
Breaking social barriers and creating opportunities
Breaking social barriers and creating opportunitiesBreaking social barriers and creating opportunities
Breaking social barriers and creating opportunitiesCatch Themes
 
World of Creative Designer & Front-end-Developer
World of Creative Designer & Front-end-DeveloperWorld of Creative Designer & Front-end-Developer
World of Creative Designer & Front-end-DeveloperCatch Themes
 
Approaches To WordPress Theme Development
Approaches To WordPress Theme DevelopmentApproaches To WordPress Theme Development
Approaches To WordPress Theme DevelopmentCatch Themes
 
Contributing to WordPress Theme Review at WordPress.org
Contributing to WordPress Theme Review at WordPress.orgContributing to WordPress Theme Review at WordPress.org
Contributing to WordPress Theme Review at WordPress.orgCatch Themes
 
How to get your theme on Top 15 Popular Themes at WordPress.org
How to get your theme on Top 15 Popular Themes at WordPress.orgHow to get your theme on Top 15 Popular Themes at WordPress.org
How to get your theme on Top 15 Popular Themes at WordPress.orgCatch Themes
 
Starting WordPress Theme Review
Starting WordPress Theme ReviewStarting WordPress Theme Review
Starting WordPress Theme ReviewCatch Themes
 
WordPress Uses & Scope
WordPress Uses & ScopeWordPress Uses & Scope
WordPress Uses & ScopeCatch Themes
 

Mehr von Catch Themes (10)

Building WordPress Theme Business: My Story
Building WordPress Theme Business: My StoryBuilding WordPress Theme Business: My Story
Building WordPress Theme Business: My Story
 
Speaking at WordCamps? What not to do…
Speaking at WordCamps? What not to do…Speaking at WordCamps? What not to do…
Speaking at WordCamps? What not to do…
 
Opening Remarks - WordCamp Kathmandu, 2016
Opening Remarks - WordCamp Kathmandu, 2016 Opening Remarks - WordCamp Kathmandu, 2016
Opening Remarks - WordCamp Kathmandu, 2016
 
Breaking social barriers and creating opportunities
Breaking social barriers and creating opportunitiesBreaking social barriers and creating opportunities
Breaking social barriers and creating opportunities
 
World of Creative Designer & Front-end-Developer
World of Creative Designer & Front-end-DeveloperWorld of Creative Designer & Front-end-Developer
World of Creative Designer & Front-end-Developer
 
Approaches To WordPress Theme Development
Approaches To WordPress Theme DevelopmentApproaches To WordPress Theme Development
Approaches To WordPress Theme Development
 
Contributing to WordPress Theme Review at WordPress.org
Contributing to WordPress Theme Review at WordPress.orgContributing to WordPress Theme Review at WordPress.org
Contributing to WordPress Theme Review at WordPress.org
 
How to get your theme on Top 15 Popular Themes at WordPress.org
How to get your theme on Top 15 Popular Themes at WordPress.orgHow to get your theme on Top 15 Popular Themes at WordPress.org
How to get your theme on Top 15 Popular Themes at WordPress.org
 
Starting WordPress Theme Review
Starting WordPress Theme ReviewStarting WordPress Theme Review
Starting WordPress Theme Review
 
WordPress Uses & Scope
WordPress Uses & ScopeWordPress Uses & Scope
WordPress Uses & Scope
 

Kürzlich hochgeladen

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Kürzlich hochgeladen (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

WordPress Security Tips

  • 1. WordPress Mini Word Camp 7 Basic WordPress Security Tips By Catch Internet Pvt. Ltd.
  • 2. WordPress Security • WordPress popularity and usage brings in new threat • WordPress basic security is necessary for all the users • Most hackers in the internet are looking for the easy way
  • 3. Purpose of the Presentation Is to Scare the crap out of you! Image by http://blog.mysanantonio.com
  • 4. Purpose of the Presentation And then make everyone feel better
  • 5. What We Will Cover • WordPress Hosting Servers • Example of Link Injection Hacks • How to Secure your WordPress site basics • WordPress Security Plugins
  • 6. Do I Really Need To Secure WP • There is nothing valuable on my site • I only have limited visitors on my site • I thought I already was secured • Who is going to hack my site • I already turned off the comments for security
  • 7. Yes You Have to Secure Your WP Check your Hosting: Well Known, Customer Service, Secure, Review Check, Linux Based, Control Panel, Backup Server Minimum Requirements • PHP 5.2.4 or greater •MySQL 5.0 or greater • The mod_rewrite Apache module
  • 9. Hidden Link Injection Hacks • Upload/ Plugin/ Themes (TimThumb)/Core Wordpress/Multi WordPress • Uses css to hide it in style. Display:none; • Mostly used for get your SEO Ranking • Mostly initiated by basicpills.com and many other domains located at 212.117.161.190 • Another easy hacks
  • 10. Hidden Link Injection Hacks •These are some of the links you will see in an infected site: <a href="http://basicpills . com/">online prescription drugs without a prescription.. <a href="http://generic-ed-pharmacy . com/">Buy Generic Viagra Onlin. <a href="http://getrxpills . com/buy/levitra.html”>levitra 10 mg.. •Mostly these spam links are all related to pharmacy products leading you to one of the following domains: antibioticsordrer.com, antibiotics-shop.com, basicpills.com, buynolvadexcheap.com, cheappillsonline.net, dacompliasale.com dlevitraonline.com, dzithromaxsbuy.com, generic-ed-pharmacy.com, getrxpills.com, kamagrasorder.com, onlineacompliacheap.com, onlinecialischeap.net, onlinelevitracheap.com, onlinelevitracheap.net, onlineviagracheap.com, onlineviagracheap.net, peampicillinonline.com, rx-prices.com, sclomidbuy.com, sdoxycyclinebuy.com, sviagrarbuy.com, vicialisabuy.com, wpropecianonline.com
  • 11. How to Secure your WP Site basics • Keep your Core WordPress, Theme, Plugins Updated. • No Admin user account • Use Secure Username and Password (http://goodpassword.com/) • Folder Permission: Rule of Thumb, file 644, folder 755
  • 12. How to Secure your WP Site basics •Remove WordPress Version from Header //Removing wp version generatorremove_action('wp_head', 'wp_generator'); •Use a Secret Key in wp-config.php https://api.wordpress.org/secret-key/1.1/salt/ •Change WP Table Prefix in wp-config.php $table_prefix = 'yourtable_12';
  • 13. How to Secure your WP Site basics •Directories should not be left open for public browsing .htaccess Options All –Indexes •Nobody should be allowed to search your entire server. Do not use this search code in your search form <?php echo $_SERVER ['PHP_SELF']; ?> and use this instead <?phpbloginfo (‘home’); ?>
  • 14. How to Secure your WP Site basics •Block WP-folder from being indexed by Search Engine. Best way to block, add the following code in your robots.txt file Disallow: /wp-* • Prevent Unnecessary Info From Being Displayed Add the following filter in function.php add_filter('login_errors',create_function('$a', "return null;"));
  • 15. How to Secure your WP Site basics •Protect WordPress Admin: Use .htaccess and allow only specific IP address (http://whatismyip.com) AuthUserFile/dev/null AuthGroupFile/dev/null AuthName “Access Control” AuthType Basic <LIMIT GET> order deny, allow deny from all #IP address to Whitelist allow from xxx.xxx.xxx.xxx allow from xxx.xxx.xxx.xxx </LIMIT>
  • 16. How to Secure your WP Site basics • Restrict File Access to wp-content WordPress doesn’t access the PHP files in the plugins and theme directory via HHTP. The Only request from web browser are for images, havascripts and css. In .htaccess file in wp-content Oder Allow, Deny Deny From all <Files ~ ".(css|jpe?g|png|gif|js)$"> Allow from all </files>
  • 17. How to Secure your WP Site basics • Protect from Script Injections Protect from script injections and any attempt to modify the PHP GLOBALS and _REQUESTvariables. In .htaccess file in wp-content Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} (|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L]
  • 18. How to Secure your WP Site basics • Fight Back Against Content Scrapers Protect you site against hot-linking and content scrapers Add the following code in your .htaccess file RewriteEngine On #Replace ?mysite.com/ with your blog url RewriteCond %{HTTP_REFERER} !^http://(.+.)?mysite.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ #Replace /images/nohotlink.jpg with your "don't hotlink" image url RewriteRule .*.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
  • 19. How to Secure your WP Site basics • Protect your wp-config.php file During the server problem, wp-config.php might be shown • To Make it secure by adding the following code in .htaccess at root <FilesMatch ^wp-config.php$>deny from all</FilesMatch> • Backup Your Database and Files Schedule backup your Database and File. You can use the following plugins: •VaultPress •BAckupBuddy
  • 21. WordPress Security Plugins Signup in websitedefender.com
  • 25. WordPress Security Basics Thanks you For more visit our site Catchintenet.com http://catchinternet.com/blog/wordpress-security-tips/ My personal Blog Sakinshrestha.com http://sakinshrestha.com/wordpress/fix-if-your-wordpress- site-is-hacked/ http://sakinshrestha.com/wordpress/wordpress-security-tips/