Security in WordPress that you must Know

Pages

Thursday, July 7, 2011

Security in WordPress that you must Know

Security in WordPress that you must Know


WordPress CMS undeniable is the most widely used, both for the benefit of organizations and individuals. Along with its popularity, more and more also are trying to find the weaknesses of this engine, like a tree the higher the wind grew louder.

Here are tips to increase the security that must be known by you who use Wordpress as a Content Management System or platform that is working to set the look, content, user administration, plugins, addons and the like.


User Administrator / Admin
By default after mengintall wordpress, then we will get the admin user. Do penah! using the admin user, change the admin user with another user, such as your name combined with numbers. Most cases of hijacking user wordpress is to use the admin user with the brute force method.

Breaker logic is more difficult because they have to guess the username and password, while if you use the user name admin breaker just have to attacking the password you use.

Protect wp-admin Folder

Wp-admin folder is also a dangerous gap that is often used by attackers to infiltrate into your website. amankanlah-amankanlah-amankanlah! how? may be a little more work, but it will not take 5 minutes to do so.

create a file. htacess containing the IP settings that restrict how it can access this directory, the settings as follows:

order deny, allow
deny from all
# Allow my work IP address
allow from 192.168.1.123 192.168.1.124

Htaccess example script above to mengijikan IP 192.168.1.123 and 124 access the wp-admin folder. Most of us are internet users with a dynamic IP, whether we should change the IP every time you want to access wp-admin? the answer is Yes. To change this htaccess you can use SFTP. Or you can use other security methods such as ApachePassword Protect example.

Use SSH instead of SFTP or FTP
The reason is simple with SFTP data transfers that occur will happen encrypt, whereas FTP is not, in addition to effort and how to use FTP and SFTP are relatively similar.

Make index.html
How simple it is powerful enough to protect a specific folder so as not browsable. create a index.html file with contents up to you, for example, contains the sentence: directory access is forbiden. then save it in the plugins folder and other folders. Remember the step-step hacking is to do profiling, by knowing what plugins you use it a lot of information that can be used to find the weaknesses of your website

No comments:

Post a Comment