SlideShare una empresa de Scribd logo

WordPress Security Tips

Catch Themes
Catch Themes

WordPress Security Tips By Catch Internet: http://catchinternet.com This slide will cover WordPress Hosting Servers, Example of Link Injection Hacks, How to Secure your WordPress site basics and WordPress Security Plugins

TecnologíaEmpresariales
1 de 25
WordPress Mini Word Camp 7 Basic WordPress Security Tips By Catch Internet Pvt. Ltd.
WordPress Security • WordPress popularity and usage brings in new threat • WordPress basic security is necessary for all the users • Most hackers in the internet are looking for the easy way
Purpose of the Presentation Is to Scare the crap out of you! Image by http://blog.mysanantonio.com
Purpose of the Presentation And then make everyone feel better
What We Will Cover • WordPress Hosting Servers • Example of Link Injection Hacks • How to Secure your WordPress site basics • WordPress Security Plugins
Do I Really Need To Secure WP • There is nothing valuable on my site • I only have limited visitors on my site • I thought I already was secured • Who is going to hack my site • I already turned off the comments for security
Yes You Have to Secure Your WP Check your Hosting: Well Known, Customer Service, Secure, Review Check, Linux Based, Control Panel, Backup Server Minimum Requirements • PHP 5.2.4 or greater •MySQL 5.0 or greater • The mod_rewrite Apache module
Recommended Hosting •Bluehost •MediaTemple •WestHost •DreamHost • WordPress VIP, Choppa, VPS (Premium Servers)
Hidden Link Injection Hacks • Upload/ Plugin/ Themes (TimThumb)/Core Wordpress/Multi WordPress • Uses css to hide it in style. Display:none; • Mostly used for get your SEO Ranking • Mostly initiated by basicpills.com and many other domains located at 212.117.161.190 • Another easy hacks
Hidden Link Injection Hacks •These are some of the links you will see in an infected site: <a href="http://basicpills . com/">online prescription drugs without a prescription.. <a href="http://generic-ed-pharmacy . com/">Buy Generic Viagra Onlin. <a href="http://getrxpills . com/buy/levitra.html”>levitra 10 mg.. •Mostly these spam links are all related to pharmacy products leading you to one of the following domains: antibioticsordrer.com, antibiotics-shop.com, basicpills.com, buynolvadexcheap.com, cheappillsonline.net, dacompliasale.com dlevitraonline.com, dzithromaxsbuy.com, generic-ed-pharmacy.com, getrxpills.com, kamagrasorder.com, onlineacompliacheap.com, onlinecialischeap.net, onlinelevitracheap.com, onlinelevitracheap.net, onlineviagracheap.com, onlineviagracheap.net, peampicillinonline.com, rx-prices.com, sclomidbuy.com, sdoxycyclinebuy.com, sviagrarbuy.com, vicialisabuy.com, wpropecianonline.com
How to Secure your WP Site basics • Keep your Core WordPress, Theme, Plugins Updated. • No Admin user account • Use Secure Username and Password (http://goodpassword.com/) • Folder Permission: Rule of Thumb, file 644, folder 755
How to Secure your WP Site basics •Remove WordPress Version from Header //Removing wp version generatorremove_action('wp_head', 'wp_generator'); •Use a Secret Key in wp-config.php https://api.wordpress.org/secret-key/1.1/salt/ •Change WP Table Prefix in wp-config.php $table_prefix = 'yourtable_12';
How to Secure your WP Site basics •Directories should not be left open for public browsing .htaccess Options All –Indexes •Nobody should be allowed to search your entire server. Do not use this search code in your search form <?php echo $_SERVER ['PHP_SELF']; ?> and use this instead <?phpbloginfo (‘home’); ?>
How to Secure your WP Site basics •Block WP-folder from being indexed by Search Engine. Best way to block, add the following code in your robots.txt file Disallow: /wp-* • Prevent Unnecessary Info From Being Displayed Add the following filter in function.php add_filter('login_errors',create_function('$a', "return null;"));
How to Secure your WP Site basics •Protect WordPress Admin: Use .htaccess and allow only specific IP address (http://whatismyip.com) AuthUserFile/dev/null AuthGroupFile/dev/null AuthName “Access Control” AuthType Basic <LIMIT GET> order deny, allow deny from all #IP address to Whitelist allow from xxx.xxx.xxx.xxx allow from xxx.xxx.xxx.xxx </LIMIT>
How to Secure your WP Site basics • Restrict File Access to wp-content WordPress doesn’t access the PHP files in the plugins and theme directory via HHTP. The Only request from web browser are for images, havascripts and css. In .htaccess file in wp-content Oder Allow, Deny Deny From all <Files ~ ".(css|jpe?g|png|gif|js)$"> Allow from all </files>
How to Secure your WP Site basics • Protect from Script Injections Protect from script injections and any attempt to modify the PHP GLOBALS and _REQUESTvariables. In .htaccess file in wp-content Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} (|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L]
How to Secure your WP Site basics • Fight Back Against Content Scrapers Protect you site against hot-linking and content scrapers Add the following code in your .htaccess file RewriteEngine On #Replace ?mysite.com/ with your blog url RewriteCond %{HTTP_REFERER} !^http://(.+.)?mysite.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ #Replace /images/nohotlink.jpg with your "don't hotlink" image url RewriteRule .*.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
How to Secure your WP Site basics • Protect your wp-config.php file During the server problem, wp-config.php might be shown • To Make it secure by adding the following code in .htaccess at root <FilesMatch ^wp-config.php$>deny from all</FilesMatch> • Backup Your Database and Files Schedule backup your Database and File. You can use the following plugins: •VaultPress •BAckupBuddy
WordPress Security Plugins
WordPress Security Plugins Signup in websitedefender.com
WordPress Security Plugins
WordPress Security Plugins
WordPress Security Plugins
WordPress Security Basics Thanks you For more visit our site Catchintenet.com http://catchinternet.com/blog/wordpress-security-tips/ My personal Blog Sakinshrestha.com http://sakinshrestha.com/wordpress/fix-if-your-wordpress- site-is-hacked/ http://sakinshrestha.com/wordpress/wordpress-security-tips/

Recomendados

20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for BeginnersTRB Design, Inc.
 
Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteChris Burgess
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
20 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-201720 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-2017TRB Design, Inc.
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressChelsea O'Brien
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Vlad Lasky
 

Recomendados

20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for BeginnersTRB Design, Inc.
 
Identifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteIdentifying a Compromised WordPress Site
Identifying a Compromised WordPress SiteChris Burgess
 
Building Secure WordPress Sites
Building Secure WordPress Sites Building Secure WordPress Sites
Building Secure WordPress Sites Catch Themes
 
8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress website8 Ways to Hack a WordPress website
8 Ways to Hack a WordPress websiteSiteGround.com
 
20 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-201720 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-2017TRB Design, Inc.
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressChelsea O'Brien
 
8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your Joomla8 Simple Ways to Hack Your Joomla
8 Simple Ways to Hack Your JoomlaSiteGround.com
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Vlad Lasky
 
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013Vlad Lasky
 
Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]HaMiD Fadaei
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanJeff Hoffman
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDStuartJDavidson.com
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityBrad Williams
 
Be Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better SecurityBe Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better Securitysecuriously
 
Word press security checklist
Word press security checklistWord press security checklist
Word press security checklistSanjay Dabhoya
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionPratik Jagdishwala
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013Brad Williams
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Vasile
 
Http only cookie
Http only cookieHttp only cookie
Http only cookiefool2fish
 
Basic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedBasic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedNile Flores
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015Shaiffulnizam Mohamad
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
GDPR and EA Commissioning a web site Part 6 of 8
GDPR and EA Commissioning a web site Part 6 of 8GDPR and EA Commissioning a web site Part 6 of 8
GDPR and EA Commissioning a web site Part 6 of 8Allen Woods
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersVladimír Smitka
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 

Más contenido relacionado

La actualidad más candente

Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013Vlad Lasky
 
Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]HaMiD Fadaei
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanJeff Hoffman
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDStuartJDavidson.com
 
Be Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better SecurityBe Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better Securitysecuriously
 
Word press security checklist
Word press security checklistWord press security checklist
Word press security checklistSanjay Dabhoya
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionPratik Jagdishwala
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013Brad Williams
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Vasile
 
Http only cookie
Http only cookieHttp only cookie
Http only cookiefool2fish
 
Basic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedBasic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedNile Flores
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013Thor Kristiansen
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaDre Armeda
 
GDPR and EA Commissioning a web site Part 6 of 8
GDPR and EA Commissioning a web site Part 6 of 8GDPR and EA Commissioning a web site Part 6 of 8
GDPR and EA Commissioning a web site Part 6 of 8Allen Woods
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersVladimír Smitka
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011Dre Armeda
 

La actualidad más candente (20)

Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
 
Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]Secure Wordpress - 2016[17May - Mashhad]
Secure Wordpress - 2016[17May - Mashhad]
 
Securing WordPress by Jeff Hoffman
Securing WordPress by Jeff HoffmanSecuring WordPress by Jeff Hoffman
Securing WordPress by Jeff Hoffman
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKEDWORDPRESS SECURITY: HOW TO AVOID BEING HACKED
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Be Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better SecurityBe Securious – Hack Your Own Site for Better Security
Be Securious – Hack Your Own Site for Better Security
 
Word press security checklist
Word press security checklistWord press security checklist
Word press security checklist
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
 
ResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security sessionResellerClub Ctrl+F5 - WordPress Security session
ResellerClub Ctrl+F5 - WordPress Security session
 
WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013WordPress Security WordCamp OC 2013
WordPress Security WordCamp OC 2013
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
 
Http only cookie
Http only cookieHttp only cookie
Http only cookie
 
Basic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website StartedBasic Plugin Recommendations to get your WordPress Website Started
Basic Plugin Recommendations to get your WordPress Website Started
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013WordPress Security - WordPress Meetup Copenhagen 2013
WordPress Security - WordPress Meetup Copenhagen 2013
 
Joomla! security jday2015
Joomla! security jday2015Joomla! security jday2015
Joomla! security jday2015
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre ArmedaWordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
 
GDPR and EA Commissioning a web site Part 6 of 8
GDPR and EA Commissioning a web site Part 6 of 8GDPR and EA Commissioning a web site Part 6 of 8
GDPR and EA Commissioning a web site Part 6 of 8
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invaders
 
WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011WordPress End-User Security - WordCamp Las Vegas 2011
WordPress End-User Security - WordCamp Las Vegas 2011
 

Similar a WordPress Security Tips

Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014Primary Image Ltd
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Think Media Inc.
 
WordPress
WordPressWordPress
WordPressrisager
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014Judy Wilson
 
Your WordPress Freelance Business Site
Your WordPress Freelance Business SiteYour WordPress Freelance Business Site
Your WordPress Freelance Business SiteBrian Hogg
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site MuhammadUsaid2
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and SecurityThink Media Inc.
 
Methodist University Website Training Presentation
Methodist University Website Training PresentationMethodist University Website Training Presentation
Methodist University Website Training Presentationgoldentwig
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security EssentialsAngela Bowman
 
Getting started with wordpress hosting and security
Getting started with wordpress hosting and securityGetting started with wordpress hosting and security
Getting started with wordpress hosting and securityWP Pittsburgh Meetup Group
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleKayleigh Thorpe
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best PracticesRobert Vidal
 
How to Blog - #ACR14 Social Media Bootcamp
How to Blog - #ACR14 Social Media BootcampHow to Blog - #ACR14 Social Media Bootcamp
How to Blog - #ACR14 Social Media BootcampPaul Sufka
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignJudy Wilson
 

Similar a WordPress Security Tips (20)

Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014How to Secure your WordPress Website - WordCamp UK 2014
How to Secure your WordPress Website - WordCamp UK 2014
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013
 
WordPress
WordPressWordPress
WordPress
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014
 
Setup and run wordpress: 201
Setup and run wordpress: 201Setup and run wordpress: 201
Setup and run wordpress: 201
 
Your WordPress Freelance Business Site
Your WordPress Freelance Business SiteYour WordPress Freelance Business Site
Your WordPress Freelance Business Site
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and Security
 
Methodist University Website Training Presentation
Methodist University Website Training PresentationMethodist University Website Training Presentation
Methodist University Website Training Presentation
 
WordPress Security Essentials
WordPress Security EssentialsWordPress Security Essentials
WordPress Security Essentials
 
Getting started with wordpress hosting and security
Getting started with wordpress hosting and securityGetting started with wordpress hosting and security
Getting started with wordpress hosting and security
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
 
WordPress security
WordPress securityWordPress security
WordPress security
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
How to Blog - #ACR14 Social Media Bootcamp
How to Blog - #ACR14 Social Media BootcampHow to Blog - #ACR14 Social Media Bootcamp
How to Blog - #ACR14 Social Media Bootcamp
 
Secure wordpress
Secure wordpressSecure wordpress
Secure wordpress
 
WordPress Multisite
WordPress MultisiteWordPress Multisite
WordPress Multisite
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being Hacked
 
Up and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web DesignUp and Running with WordPress - Site Shack Nashville Web Design
Up and Running with WordPress - Site Shack Nashville Web Design
 

Más de Catch Themes

Building WordPress Theme Business: My Story
Building WordPress Theme Business: My StoryBuilding WordPress Theme Business: My Story
Building WordPress Theme Business: My StoryCatch Themes
 
Speaking at WordCamps? What not to do…
Speaking at WordCamps? What not to do…Speaking at WordCamps? What not to do…
Speaking at WordCamps? What not to do…Catch Themes
 
Opening Remarks - WordCamp Kathmandu, 2016
Opening Remarks - WordCamp Kathmandu, 2016 Opening Remarks - WordCamp Kathmandu, 2016
Opening Remarks - WordCamp Kathmandu, 2016 Catch Themes
 
Breaking social barriers and creating opportunities
Breaking social barriers and creating opportunitiesBreaking social barriers and creating opportunities
Breaking social barriers and creating opportunitiesCatch Themes
 
World of Creative Designer & Front-end-Developer
World of Creative Designer & Front-end-DeveloperWorld of Creative Designer & Front-end-Developer
World of Creative Designer & Front-end-DeveloperCatch Themes
 
Approaches To WordPress Theme Development
Approaches To WordPress Theme DevelopmentApproaches To WordPress Theme Development
Approaches To WordPress Theme DevelopmentCatch Themes
 
Contributing to WordPress Theme Review at WordPress.org
Contributing to WordPress Theme Review at WordPress.orgContributing to WordPress Theme Review at WordPress.org
Contributing to WordPress Theme Review at WordPress.orgCatch Themes
 
How to get your theme on Top 15 Popular Themes at WordPress.org
How to get your theme on Top 15 Popular Themes at WordPress.orgHow to get your theme on Top 15 Popular Themes at WordPress.org
How to get your theme on Top 15 Popular Themes at WordPress.orgCatch Themes
 
Starting WordPress Theme Review
Starting WordPress Theme ReviewStarting WordPress Theme Review
Starting WordPress Theme ReviewCatch Themes
 
WordPress Uses & Scope
WordPress Uses & ScopeWordPress Uses & Scope
WordPress Uses & ScopeCatch Themes
 

Más de Catch Themes (10)

Building WordPress Theme Business: My Story
Building WordPress Theme Business: My StoryBuilding WordPress Theme Business: My Story
Building WordPress Theme Business: My Story
 
Speaking at WordCamps? What not to do…
Speaking at WordCamps? What not to do…Speaking at WordCamps? What not to do…
Speaking at WordCamps? What not to do…
 
Opening Remarks - WordCamp Kathmandu, 2016
Opening Remarks - WordCamp Kathmandu, 2016 Opening Remarks - WordCamp Kathmandu, 2016
Opening Remarks - WordCamp Kathmandu, 2016
 
Breaking social barriers and creating opportunities
Breaking social barriers and creating opportunitiesBreaking social barriers and creating opportunities
Breaking social barriers and creating opportunities
 
World of Creative Designer & Front-end-Developer
World of Creative Designer & Front-end-DeveloperWorld of Creative Designer & Front-end-Developer
World of Creative Designer & Front-end-Developer
 
Approaches To WordPress Theme Development
Approaches To WordPress Theme DevelopmentApproaches To WordPress Theme Development
Approaches To WordPress Theme Development
 
Contributing to WordPress Theme Review at WordPress.org
Contributing to WordPress Theme Review at WordPress.orgContributing to WordPress Theme Review at WordPress.org
Contributing to WordPress Theme Review at WordPress.org
 
How to get your theme on Top 15 Popular Themes at WordPress.org
How to get your theme on Top 15 Popular Themes at WordPress.orgHow to get your theme on Top 15 Popular Themes at WordPress.org
How to get your theme on Top 15 Popular Themes at WordPress.org
 
Starting WordPress Theme Review
Starting WordPress Theme ReviewStarting WordPress Theme Review
Starting WordPress Theme Review
 
WordPress Uses & Scope
WordPress Uses & ScopeWordPress Uses & Scope
WordPress Uses & Scope
 

Último

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Último (20)

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

WordPress Security Tips

  • 1. WordPress Mini Word Camp 7 Basic WordPress Security Tips By Catch Internet Pvt. Ltd.
  • 2. WordPress Security • WordPress popularity and usage brings in new threat • WordPress basic security is necessary for all the users • Most hackers in the internet are looking for the easy way
  • 3. Purpose of the Presentation Is to Scare the crap out of you! Image by http://blog.mysanantonio.com
  • 4. Purpose of the Presentation And then make everyone feel better
  • 5. What We Will Cover • WordPress Hosting Servers • Example of Link Injection Hacks • How to Secure your WordPress site basics • WordPress Security Plugins
  • 6. Do I Really Need To Secure WP • There is nothing valuable on my site • I only have limited visitors on my site • I thought I already was secured • Who is going to hack my site • I already turned off the comments for security
  • 7. Yes You Have to Secure Your WP Check your Hosting: Well Known, Customer Service, Secure, Review Check, Linux Based, Control Panel, Backup Server Minimum Requirements • PHP 5.2.4 or greater •MySQL 5.0 or greater • The mod_rewrite Apache module
  • 9. Hidden Link Injection Hacks • Upload/ Plugin/ Themes (TimThumb)/Core Wordpress/Multi WordPress • Uses css to hide it in style. Display:none; • Mostly used for get your SEO Ranking • Mostly initiated by basicpills.com and many other domains located at 212.117.161.190 • Another easy hacks
  • 10. Hidden Link Injection Hacks •These are some of the links you will see in an infected site: <a href="http://basicpills . com/">online prescription drugs without a prescription.. <a href="http://generic-ed-pharmacy . com/">Buy Generic Viagra Onlin. <a href="http://getrxpills . com/buy/levitra.html”>levitra 10 mg.. •Mostly these spam links are all related to pharmacy products leading you to one of the following domains: antibioticsordrer.com, antibiotics-shop.com, basicpills.com, buynolvadexcheap.com, cheappillsonline.net, dacompliasale.com dlevitraonline.com, dzithromaxsbuy.com, generic-ed-pharmacy.com, getrxpills.com, kamagrasorder.com, onlineacompliacheap.com, onlinecialischeap.net, onlinelevitracheap.com, onlinelevitracheap.net, onlineviagracheap.com, onlineviagracheap.net, peampicillinonline.com, rx-prices.com, sclomidbuy.com, sdoxycyclinebuy.com, sviagrarbuy.com, vicialisabuy.com, wpropecianonline.com
  • 11. How to Secure your WP Site basics • Keep your Core WordPress, Theme, Plugins Updated. • No Admin user account • Use Secure Username and Password (http://goodpassword.com/) • Folder Permission: Rule of Thumb, file 644, folder 755
  • 12. How to Secure your WP Site basics •Remove WordPress Version from Header //Removing wp version generatorremove_action('wp_head', 'wp_generator'); •Use a Secret Key in wp-config.php https://api.wordpress.org/secret-key/1.1/salt/ •Change WP Table Prefix in wp-config.php $table_prefix = 'yourtable_12';
  • 13. How to Secure your WP Site basics •Directories should not be left open for public browsing .htaccess Options All –Indexes •Nobody should be allowed to search your entire server. Do not use this search code in your search form <?php echo $_SERVER ['PHP_SELF']; ?> and use this instead <?phpbloginfo (‘home’); ?>
  • 14. How to Secure your WP Site basics •Block WP-folder from being indexed by Search Engine. Best way to block, add the following code in your robots.txt file Disallow: /wp-* • Prevent Unnecessary Info From Being Displayed Add the following filter in function.php add_filter('login_errors',create_function('$a', "return null;"));
  • 15. How to Secure your WP Site basics •Protect WordPress Admin: Use .htaccess and allow only specific IP address (http://whatismyip.com) AuthUserFile/dev/null AuthGroupFile/dev/null AuthName “Access Control” AuthType Basic <LIMIT GET> order deny, allow deny from all #IP address to Whitelist allow from xxx.xxx.xxx.xxx allow from xxx.xxx.xxx.xxx </LIMIT>
  • 16. How to Secure your WP Site basics • Restrict File Access to wp-content WordPress doesn’t access the PHP files in the plugins and theme directory via HHTP. The Only request from web browser are for images, havascripts and css. In .htaccess file in wp-content Oder Allow, Deny Deny From all <Files ~ ".(css|jpe?g|png|gif|js)$"> Allow from all </files>
  • 17. How to Secure your WP Site basics • Protect from Script Injections Protect from script injections and any attempt to modify the PHP GLOBALS and _REQUESTvariables. In .htaccess file in wp-content Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} (|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L]
  • 18. How to Secure your WP Site basics • Fight Back Against Content Scrapers Protect you site against hot-linking and content scrapers Add the following code in your .htaccess file RewriteEngine On #Replace ?mysite.com/ with your blog url RewriteCond %{HTTP_REFERER} !^http://(.+.)?mysite.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ #Replace /images/nohotlink.jpg with your "don't hotlink" image url RewriteRule .*.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
  • 19. How to Secure your WP Site basics • Protect your wp-config.php file During the server problem, wp-config.php might be shown • To Make it secure by adding the following code in .htaccess at root <FilesMatch ^wp-config.php$>deny from all</FilesMatch> • Backup Your Database and Files Schedule backup your Database and File. You can use the following plugins: •VaultPress •BAckupBuddy
  • 21. WordPress Security Plugins Signup in websitedefender.com
  • 25. WordPress Security Basics Thanks you For more visit our site Catchintenet.com http://catchinternet.com/blog/wordpress-security-tips/ My personal Blog Sakinshrestha.com http://sakinshrestha.com/wordpress/fix-if-your-wordpress- site-is-hacked/ http://sakinshrestha.com/wordpress/wordpress-security-tips/