WordPress Security, Hacking Protecting, Malware Detection for wordpress website
- No Responses
- Wordpress
- By minhazulasif
WordPress Security, Hacking Protecting, Malware Detection for wordpress website
all wp security plugin: https://mega.nz/#F!WCIx3axS!G0YKkHi3vN2_qXHUNrnQyg
WordPress OPTIMIZATION-PART-02(WordPress advanced security & Hacking Protection)
FOR UR SITE SECURITY: wps-hide-login + itheme security + WORDFENCE
6 Premium Plugins – iThemes Security_Login Ninja_ Wordfence_Sucuri Security_WPS_WP OPT
https://youtu.be/JPwABrhD7rs
WP security – 01 | Wordfence Premium
Firewell & Malware Scanner and Security Hardening
https://mega.nz/file/mPYFgA4Y#enHeS3Be8QMN3HjNCsYdCeQ4cJCGfN4uxJ_LTLh5vaU
Go dashboard > Resume Installation >> give email + Would you also like to join : NO -> Tick > Continue >>
At top right > Click here to Configure ->
Download htaccess > CONTINUE -> CLOSE
WordFence > firewall > manage firewall > Web Application Firewall Status > (From dropdown)Enable & Protect > Save Changes
Advanced Firewall Options -> Enable > Delay IP and Country blocking > save
From Dashboard > Wordfence > scan > Start Scan Now >>
Now see result -> if any virus found -> it will show the affected sites
just click -“Repare Reparable files” > if not possible
just click -“Repare Reparable files” > for single singe issue > > if still not possible
just click -“delete Reparable files” > if again not possible
delete affected theme & plugin files.
WP security – 02 | iThemes Security Pro
15 premium hacking protection
https://drive.google.com/open?id=1ncx4PHpym7G-VxzoFb9yUwM1kJ07RVtK
ACTIVITY: Security Check >> >> secure site > Activate Brute Force Protection > run security check > CLOSE
Feature -01: >> Database Backups
iThemes Security Pro > Settings >
Database Backup > Configure > Create Backup Full Database >> Tick/Check -> Backup Full Database – Enable
Backup Method -> Choose (Save Locally & Email)
Tick/Check -> Compress Backup Files > Zip Database Backups (Backups to Retain: 1 )
Check n enable -> Schedule Database Backups
Backup Interval -> 30 days >> save settings
Feature -02: >> Local Brute Force Protection
“>> Local Brute Force Protection: Configure >
Max Login Attempts Per Host: 5
Max Login Attempts Per User: 10
Minutes to Remember Bad Login : 5 mints
Automatically ban “”admin”” user : TICK “
Feature-03: Banned Users (HackRepair.com’s blacklist)
Ban User > Configure settings > Enable – Enable HackRepair.com’s blacklist feature > save
Feature-04: SSL (or use – WP security – 07 | REALLY SIMPLE SSL)
SSL > Enable -> Redirect All HTTP Page Requests to HTTPS > save
Feature-05: Hide backend
advanced> hidebackend – tick -> Login Slug: say – probesh_korun // Redirection Slug : 404 > save
Feature-06: WordPress Salts (A secret key makes your site harder to hack)
Enable – WordPress Salt (It will disable – multiple password trying option – by pnishing) > save
WP security – 03 | Sucuri Security Premium
Auditing, Malware Scanner and Security Hardening
https://drive.google.com/open?id=1IiiKVcnbUY1TSsPhjQTe4um3pxxc05NZ
go to plugin
generate a key >> agree > check
see admin email is ok -> i agree > save
go dashboard > check any issue/ malware exist or not – red color files exists -> select all -> Tick.Check -> I Understand .. > delete
WP security – 04 | Login Ninja – Limit Login
HACK/PNISHING PROTECTION(Multi Login Attempt Block) + user access limit
https://mega.nz/#!3bhnwaiD!Kq7XNuZauy1X0-eP8E-KcVi5GN5edpgvGnPvqWqX4lY
settings > login ninja
- Redirections – Tab
Redirections by user roles
admin – default /normal behaive
editot / contributor / author / Subscriber – Disable login - Setings > Ban rules >
Maximum number of failed login attempts before ban : 3 times > in 5 mints
Default ban time : 1 year
Banned users -> Can’t access whole site -> msg: You are banned 🙂 - Settings > Captcha settings > enable
- Setting > Other settings > Redirect URL on logout: change logout redirect url (www.youtube.com)
WP security – 05 | WPS Hide Login
Hide login page
WP security – 07 | REALLY SIMPLE SSL
Configures your website to run over https.
https://drive.google.com/open?id=1f-JFgK2czDGgu9iNLy4HMBWln8Oo4d_G
install & activate really somple ssl plugin
Now – enable SSL
Save
This will redirect – hrrp -> to https
WP security – 08 | WP Hide & Security Enhancer
IT WILL HIDE – WEB PLATFORM – CMS – TOOLS – PLUGIN (NO ONE CAN GUESS WHAT PLATFORM YOU USE – DONT EVEN GET THE PLUGIN YOU USE.
FREE : PLUGIN > ADD NEW > WP Hide & Security Enhancer
- https://whatwpthemeisthat.com/
- www.wpthemedetector.com
- www.isitwp.com
- www.whatruns.com
*** THESE SITES CAN TRACK – WHICH WEB PLATFORM IS USED AND WHAT ARE THE THEMES & PLUGINS // NOW WE WILL HIDE EVERYTHING
CONFIGURE PLUGIN
- wp dashboard > wp hide > rewrite
- themes > type “a” in the box > save // NB: WE CAN WRITE ANY WORD / NUMBER / ANYTHING IN THE BOX
- WP Includes > type “b” in the box > save
- WP Content > type “c” in the box > save
- WP Includes > type “d” in the box > save
- Plugins > type “e” in the box > save
*** SUMMERY: THUS ONE BY ONE – KEEP WRITING -a, b, c, d, e (WE CAN WRITE ANY WORD / NUMBER / ANYTHING IN THE BOX) – each time save that From bottom
** how this plugin hide all: the plugin will write/hide – the scructure folders of a CMS – PLugis – themes – so any outside tools can not open the inner contents
Recent WP Security Plugins:(More)
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
https://wordpress.org/plugins/gotmls/
https://www.sitelock.com/ap/affiliate-plans.php?ocode=MTY5LjMuMy4zLjAuMTMuMC4wLjAuMC4wLjA
MANUAL JOBS! 80% + – Google Page Speed Checker (Mobile – 80% + Desktop – 90%)
Install – chrome extension – “Lighthouse” > then check report ! see weakness area!
lighthouse – google 3rd party – who measure google page speed – they refer https://github.com/nodejs/Release
also https://chrome.google.com/webstore/detail/lighthouse/blipmdconlkpinefehnmjammfjpmpbjk
Async JavaScript – By Frank Goossens (futtta) (Render Block – JS – CSS)
Autoptimize – By Frank Goossens (futtta) (Render Block – JS – CSS)
Wp Rocket
Wp Smash Pro – Image Optimize
Check For Virus/ Malware
https://virusscan.jotti.org
https://www.virustotal.com
https://transparencyreport.google.com/safe-browsing/search?hl=en
cpanel> Virus Scanner > home directory > scan > it will show the infected files >>
Install Free Plugin > https://wordpress.org/plugins/secupress/
if shell/malware/adware – They are dangerous
ASSIGNMENT
CMBD-05 assignment no – 25
ZYRA theme – install + activate + any one demo upload +
Now – wp security – 6 plugins – install & do all steps _ and secure the site
take snap of 6 plugins and upload the snaps – at a google docs
and submit the doc ….. link
Get zyra theme: https://drive.google.com/drive/folders/1LMivo8wlUiqa1cKXpZWXZwObwYG58U8K?usp=sharing
Recent Post
Related Post
ইকমার্স প্লাটফর্ম এর জন্য কেন শপিফাই বেছে নিবেন?
শপিফাই হচ্ছে একটি Self হোস্টেড ই-কমার্স ওয়েবসাইট বিল্ডার যেটা ব্যবহার করে আপনি খুব সহজে আপনার ই-কমার্স ব্যবসা শুরু করতে পারবেন অথবা ক্লায়েন্টদের জন্য অনলাইন শপ
August 7, 2022
No Comments
Ethical Hacking
ওয়েবসাইট ডিফেসমেন্ট কি? হ্যাকাররা কীভাবে ওয়েবসাইটগুলিকে ডিফেস করে? কিভাবে নিজেকে ওয়েবসাইট ডিফেসমেন্ট থেকে রক্ষা করবেন?
ওয়েবসাইট ডিফেসমেন্ট কি? ওয়েব ডিফেসমেন্ট হল একটি আক্রমণ যেখানে ওয়েবসাইট এর বিভিন্ন Vulnerability অথবা Web Shell আপ লোডের মাধ্যমে একটি ওয়েবসাইটে প্রবেশ করে এবং সাইটের
August 7, 2022
No Comments
Ethical Hacking
ওয়েব শেল কি? ওয়েব শেল(Web Shell) Attack কি? ওয়েব শেল কিভাবে কাজ করে? জনপ্রিয় কিছু ওয়েব শেল ও ওয়েব শেল অ্যাটাক থেকে কিভাবে সুরক্ষিত থাকা যায়?
ওয়েব শেল কি? একটি ওয়েব শেল হল একটি ম্যালিসিয়াস স্ক্রিপ্ট যা জনপ্রিয় ওয়েব অ্যাপ্লিকেশন ভাষায় লেখা হয় – PHP, JSP, বা ASP, এবং এগুলো
August 7, 2022
No Comments
