CodemanBD

WordPress Security, Hacking Protecting, Malware Detection for wordpress website

WordPress Security, Hacking Protecting, Malware Detection for wordpress website

WordPress Security, Hacking Protecting, Malware Detection for wordpress website
all wp security plugin: https://mega.nz/#F!WCIx3axS!G0YKkHi3vN2_qXHUNrnQyg
WordPress OPTIMIZATION-PART-02(WordPress advanced security & Hacking Protection)
FOR UR SITE SECURITY: wps-hide-login + itheme security + WORDFENCE
6 Premium Plugins – iThemes Security_Login Ninja_ Wordfence_Sucuri Security_WPS_WP OPT
https://youtu.be/JPwABrhD7rs
WP security – 01 | Wordfence Premium
Firewell & Malware Scanner and Security Hardening
https://mega.nz/file/mPYFgA4Y#enHeS3Be8QMN3HjNCsYdCeQ4cJCGfN4uxJ_LTLh5vaU

Go dashboard > Resume Installation >> give email + Would you also like to join : NO -> Tick > Continue >>
At top right > Click here to Configure ->
Download htaccess > CONTINUE -> CLOSE
WordFence > firewall > manage firewall > Web Application Firewall Status > (From dropdown)Enable & Protect > Save Changes
Advanced Firewall Options -> Enable > Delay IP and Country blocking > save
From Dashboard > Wordfence > scan > Start Scan Now >>
Now see result -> if any virus found -> it will show the affected sites
just click -“Repare Reparable files” > if not possible
just click -“Repare Reparable files” > for single singe issue > > if still not possible
just click -“delete Reparable files” > if again not possible
delete affected theme & plugin files.
WP security – 02 | iThemes Security Pro
15 premium hacking protection
https://drive.google.com/open?id=1ncx4PHpym7G-VxzoFb9yUwM1kJ07RVtK

ACTIVITY: Security Check >> >> secure site > Activate Brute Force Protection > run security check > CLOSE
Feature -01: >> Database Backups

iThemes Security Pro > Settings >
Database Backup > Configure > Create Backup Full Database >> Tick/Check -> Backup Full Database – Enable
Backup Method -> Choose (Save Locally & Email)
Tick/Check -> Compress Backup Files > Zip Database Backups (Backups to Retain: 1 )
Check n enable -> Schedule Database Backups
Backup Interval -> 30 days >> save settings
Feature -02: >> Local Brute Force Protection
“>> Local Brute Force Protection: Configure >
Max Login Attempts Per Host: 5
Max Login Attempts Per User: 10
Minutes to Remember Bad Login : 5 mints
Automatically ban “”admin”” user : TICK “
Feature-03: Banned Users (HackRepair.com’s blacklist)
Ban User > Configure settings > Enable – Enable HackRepair.com’s blacklist feature > save
Feature-04: SSL (or use – WP security – 07 | REALLY SIMPLE SSL)
SSL > Enable -> Redirect All HTTP Page Requests to HTTPS > save
Feature-05: Hide backend
advanced> hidebackend – tick -> Login Slug: say – probesh_korun // Redirection Slug : 404 > save
Feature-06: WordPress Salts (A secret key makes your site harder to hack)
Enable – WordPress Salt (It will disable – multiple password trying option – by pnishing) > save
WP security – 03 | Sucuri Security Premium
Auditing, Malware Scanner and Security Hardening
https://drive.google.com/open?id=1IiiKVcnbUY1TSsPhjQTe4um3pxxc05NZ
go to plugin
generate a key >> agree > check
see admin email is ok -> i agree > save
go dashboard > check any issue/ malware exist or not – red color files exists -> select all -> Tick.Check -> I Understand .. > delete
WP security – 04 | Login Ninja – Limit Login
HACK/PNISHING PROTECTION(Multi Login Attempt Block) + user access limit
https://mega.nz/#!3bhnwaiD!Kq7XNuZauy1X0-eP8E-KcVi5GN5edpgvGnPvqWqX4lY
settings > login ninja

  1. Redirections – Tab
    Redirections by user roles
    admin – default /normal behaive
    editot / contributor / author / Subscriber – Disable login
  2. Setings > Ban rules >
    Maximum number of failed login attempts before ban : 3 times > in 5 mints
    Default ban time : 1 year
    Banned users -> Can’t access whole site -> msg: You are banned 🙂
  3. Settings > Captcha settings > enable
  1. Setting > Other settings > Redirect URL on logout: change logout redirect url (www.youtube.com)
    WP security – 05 | WPS Hide Login
    Hide login page

WP security – 07 | REALLY SIMPLE SSL
Configures your website to run over https.
https://drive.google.com/open?id=1f-JFgK2czDGgu9iNLy4HMBWln8Oo4d_G

install & activate really somple ssl plugin
Now – enable SSL
Save
This will redirect – hrrp -> to https

WP security – 08 | WP Hide & Security Enhancer
IT WILL HIDE – WEB PLATFORM – CMS – TOOLS – PLUGIN (NO ONE CAN GUESS WHAT PLATFORM YOU USE – DONT EVEN GET THE PLUGIN YOU USE.
FREE : PLUGIN > ADD NEW > WP Hide & Security Enhancer

  • https://whatwpthemeisthat.com/
  • www.wpthemedetector.com
  • www.isitwp.com
  • www.whatruns.com
    *** THESE SITES CAN TRACK – WHICH WEB PLATFORM IS USED AND WHAT ARE THE THEMES & PLUGINS // NOW WE WILL HIDE EVERYTHING

CONFIGURE PLUGIN

  • wp dashboard > wp hide > rewrite
  • themes > type “a” in the box > save // NB: WE CAN WRITE ANY WORD / NUMBER / ANYTHING IN THE BOX
  • WP Includes > type “b” in the box > save
  • WP Content > type “c” in the box > save
  • WP Includes > type “d” in the box > save
  • Plugins > type “e” in the box > save
    *** SUMMERY: THUS ONE BY ONE – KEEP WRITING -a, b, c, d, e (WE CAN WRITE ANY WORD / NUMBER / ANYTHING IN THE BOX) – each time save that From bottom
    ** how this plugin hide all: the plugin will write/hide – the scructure folders of a CMS – PLugis – themes – so any outside tools can not open the inner contents

Recent WP Security Plugins:(More)
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
https://wordpress.org/plugins/gotmls/
https://www.sitelock.com/ap/affiliate-plans.php?ocode=MTY5LjMuMy4zLjAuMTMuMC4wLjAuMC4wLjA

MANUAL JOBS! 80% + – Google Page Speed Checker (Mobile – 80% + Desktop – 90%)

Install – chrome extension – “Lighthouse” > then check report ! see weakness area!
lighthouse – google 3rd party – who measure google page speed – they refer https://github.com/nodejs/Release
also https://chrome.google.com/webstore/detail/lighthouse/blipmdconlkpinefehnmjammfjpmpbjk
Async JavaScript – By Frank Goossens (futtta) (Render Block – JS – CSS)
Autoptimize – By Frank Goossens (futtta) (Render Block – JS – CSS)
Wp Rocket
Wp Smash Pro – Image Optimize

Check For Virus/ Malware
https://virusscan.jotti.org
https://www.virustotal.com
https://transparencyreport.google.com/safe-browsing/search?hl=en
cpanel> Virus Scanner > home directory > scan > it will show the infected files >>
Install Free Plugin > https://wordpress.org/plugins/secupress/
if shell/malware/adware – They are dangerous

ASSIGNMENT
CMBD-05 assignment no – 25
ZYRA theme – install + activate + any one demo upload +
Now – wp security – 6 plugins – install & do all steps _ and secure the site
take snap of 6 plugins and upload the snaps – at a google docs
and submit the doc ….. link

Get zyra theme: https://drive.google.com/drive/folders/1LMivo8wlUiqa1cKXpZWXZwObwYG58U8K?usp=sharing

Leave a Comment

Your email address will not be published. Required fields are marked *