WordPress Security, Hacking Protecting, Malware Detection for wordpress website
all wp security plugin: https://mega.nz/#F!WCIx3axS!G0YKkHi3vN2_qXHUNrnQyg
WordPress OPTIMIZATION-PART-02(WordPress advanced security & Hacking Protection)
FOR UR SITE SECURITY: wps-hide-login + itheme security + WORDFENCE
6 Premium Plugins – iThemes Security_Login Ninja_ Wordfence_Sucuri Security_WPS_WP OPT
https://youtu.be/JPwABrhD7rs
WP security – 01 | Wordfence Premium
Firewell & Malware Scanner and Security Hardening
https://mega.nz/file/mPYFgA4Y#enHeS3Be8QMN3HjNCsYdCeQ4cJCGfN4uxJ_LTLh5vaU
Go dashboard > Resume Installation >> give email + Would you also like to join : NO -> Tick > Continue >>
At top right > Click here to Configure ->
Download htaccess > CONTINUE -> CLOSE
WordFence > firewall > manage firewall > Web Application Firewall Status > (From dropdown)Enable & Protect > Save Changes
Advanced Firewall Options -> Enable > Delay IP and Country blocking > save
From Dashboard > Wordfence > scan > Start Scan Now >>
Now see result -> if any virus found -> it will show the affected sites
just click -“Repare Reparable files” > if not possible
just click -“Repare Reparable files” > for single singe issue > > if still not possible
just click -“delete Reparable files” > if again not possible
delete affected theme & plugin files.
WP security – 02 | iThemes Security Pro
15 premium hacking protection
https://drive.google.com/open?id=1ncx4PHpym7G-VxzoFb9yUwM1kJ07RVtK
ACTIVITY: Security Check >> >> secure site > Activate Brute Force Protection > run security check > CLOSE
Feature -01: >> Database Backups
iThemes Security Pro > Settings >
Database Backup > Configure > Create Backup Full Database >> Tick/Check -> Backup Full Database – Enable
Backup Method -> Choose (Save Locally & Email)
Tick/Check -> Compress Backup Files > Zip Database Backups (Backups to Retain: 1 )
Check n enable -> Schedule Database Backups
Backup Interval -> 30 days >> save settings
Feature -02: >> Local Brute Force Protection
“>> Local Brute Force Protection: Configure >
Max Login Attempts Per Host: 5
Max Login Attempts Per User: 10
Minutes to Remember Bad Login : 5 mints
Automatically ban “”admin”” user : TICK “
Feature-03: Banned Users (HackRepair.com’s blacklist)
Ban User > Configure settings > Enable – Enable HackRepair.com’s blacklist feature > save
Feature-04: SSL (or use – WP security – 07 | REALLY SIMPLE SSL)
SSL > Enable -> Redirect All HTTP Page Requests to HTTPS > save
Feature-05: Hide backend
advanced> hidebackend – tick -> Login Slug: say – probesh_korun // Redirection Slug : 404 > save
Feature-06: WordPress Salts (A secret key makes your site harder to hack)
Enable – WordPress Salt (It will disable – multiple password trying option – by pnishing) > save
WP security – 03 | Sucuri Security Premium
Auditing, Malware Scanner and Security Hardening
https://drive.google.com/open?id=1IiiKVcnbUY1TSsPhjQTe4um3pxxc05NZ
go to plugin
generate a key >> agree > check
see admin email is ok -> i agree > save
go dashboard > check any issue/ malware exist or not – red color files exists -> select all -> Tick.Check -> I Understand .. > delete
WP security – 04 | Login Ninja – Limit Login
HACK/PNISHING PROTECTION(Multi Login Attempt Block) + user access limit
https://mega.nz/#!3bhnwaiD!Kq7XNuZauy1X0-eP8E-KcVi5GN5edpgvGnPvqWqX4lY
settings > login ninja
- Redirections – Tab
Redirections by user roles
admin – default /normal behaive
editot / contributor / author / Subscriber – Disable login - Setings > Ban rules >
Maximum number of failed login attempts before ban : 3 times > in 5 mints
Default ban time : 1 year
Banned users -> Can’t access whole site -> msg: You are banned 🙂 - Settings > Captcha settings > enable
- Setting > Other settings > Redirect URL on logout: change logout redirect url (www.youtube.com)
WP security – 05 | WPS Hide Login
Hide login page
WP security – 07 | REALLY SIMPLE SSL
Configures your website to run over https.
https://drive.google.com/open?id=1f-JFgK2czDGgu9iNLy4HMBWln8Oo4d_G
install & activate really somple ssl plugin
Now – enable SSL
Save
This will redirect – hrrp -> to https
WP security – 08 | WP Hide & Security Enhancer
IT WILL HIDE – WEB PLATFORM – CMS – TOOLS – PLUGIN (NO ONE CAN GUESS WHAT PLATFORM YOU USE – DONT EVEN GET THE PLUGIN YOU USE.
FREE : PLUGIN > ADD NEW > WP Hide & Security Enhancer
- https://whatwpthemeisthat.com/
- www.wpthemedetector.com
- www.isitwp.com
- www.whatruns.com
*** THESE SITES CAN TRACK – WHICH WEB PLATFORM IS USED AND WHAT ARE THE THEMES & PLUGINS // NOW WE WILL HIDE EVERYTHING
CONFIGURE PLUGIN
- wp dashboard > wp hide > rewrite
- themes > type “a” in the box > save // NB: WE CAN WRITE ANY WORD / NUMBER / ANYTHING IN THE BOX
- WP Includes > type “b” in the box > save
- WP Content > type “c” in the box > save
- WP Includes > type “d” in the box > save
- Plugins > type “e” in the box > save
*** SUMMERY: THUS ONE BY ONE – KEEP WRITING -a, b, c, d, e (WE CAN WRITE ANY WORD / NUMBER / ANYTHING IN THE BOX) – each time save that From bottom
** how this plugin hide all: the plugin will write/hide – the scructure folders of a CMS – PLugis – themes – so any outside tools can not open the inner contents
Recent WP Security Plugins:(More)
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
https://wordpress.org/plugins/gotmls/
https://www.sitelock.com/ap/affiliate-plans.php?ocode=MTY5LjMuMy4zLjAuMTMuMC4wLjAuMC4wLjA
MANUAL JOBS! 80% + – Google Page Speed Checker (Mobile – 80% + Desktop – 90%)
Install – chrome extension – “Lighthouse” > then check report ! see weakness area!
lighthouse – google 3rd party – who measure google page speed – they refer https://github.com/nodejs/Release
also https://chrome.google.com/webstore/detail/lighthouse/blipmdconlkpinefehnmjammfjpmpbjk
Async JavaScript – By Frank Goossens (futtta) (Render Block – JS – CSS)
Autoptimize – By Frank Goossens (futtta) (Render Block – JS – CSS)
Wp Rocket
Wp Smash Pro – Image Optimize
Check For Virus/ Malware
https://virusscan.jotti.org
https://www.virustotal.com
https://transparencyreport.google.com/safe-browsing/search?hl=en
cpanel> Virus Scanner > home directory > scan > it will show the infected files >>
Install Free Plugin > https://wordpress.org/plugins/secupress/
if shell/malware/adware – They are dangerous
ASSIGNMENT
CMBD-05 assignment no – 25
ZYRA theme – install + activate + any one demo upload +
Now – wp security – 6 plugins – install & do all steps _ and secure the site
take snap of 6 plugins and upload the snaps – at a google docs
and submit the doc ….. link
Get zyra theme: https://drive.google.com/drive/folders/1LMivo8wlUiqa1cKXpZWXZwObwYG58U8K?usp=sharing