SECURE WEBSITE USING WORDPRESS
Dienstag, 27. Mai 2014
Currently, many people use WordPress as a convenience to create a free website. However, protection is not well done website. Therefore, in recent years, many built on the WordPress site was hacked. This article, please share iNET some measures to help customers use WordPress to create a website to enhance the protection of its site from the fundamental flaw, avoid being used by hackers, one shell and data loss. 1. Login Privacy Use Chap Secure Login plugin with more functions are assigned to the random hash code string password, then proceed to confirm the legitimacy of the account with the CHAP protocol. Plugin installation is complete you to add plugins, type in the search: Chap Secure Login.
2. Against password attacks Brute Force Attack With a weak password, simply complete the hackers can use Brute Force Attack mechanism (password attack detection). Login Lockdown plugin WorPress can help your website reduce this risk. This tool helps to record the event log error multiple times from 1 IP, then the IP locked. 3. Set password complexity Regardless of which system, setting up a simple password is a prey to those evil intentions. So the password to your WordPress account should be strong enough, uppercase + lowercase + numbers + keyboard characters, and of course, the password should be more than 7 characters.
4. Protecting the wp-admin folder The default path of the WordPress admin page when installation is successful website / wp-admin. This makes it easy for vandals when they have the login information to your site. You need to change your address to log into the admin page using the plugin Better WP Security to enhance security for WordPress. Functions change the default path of the administration page any path you want. After installation, go to Security => Hide and enter the name of the new path of the admin page, login page and registration page.
5. Gender plugins folder You try to access the directory or path http://websitecuaban/wp-content/plugins, you will find a complete list of plug - in the system is used. To hide the folder, then you just need to blank index.html file upload plugin directory. Simple, just open one application to edit any text, then save it to index.html, FTP program and upload the index.html file in the directory / wp-content/plugins.
6. Changing the default login name Use the default WordPress admin login name. You can change the process to prevent hacker attacks on the system simple. In the main panel of WordPress, the open Users and create a new one account, then assign administrator and log back in with your newly created account. Go to the Users, this time you mark the check box beside admin and select Delete. When the system displays a confirmation window notification, we choose Attribute all posts and links to: and select the account you just created in the previous step in the dropdown list. This process will transfer all messages to a new account. Then you press the Confirm Deletion.
7. Always update the latest version of WordPress and plugins Wordpress is always recommended that users update to the latest version of their website.
8. Perform routine scan process As mentioned above, you need to install the WP Security Scan utility and conduct regular scans to detect security vulnerabilities in the system. Another point here is to be applied to any change wp_ custom prefix, to avoid the gaze of the hacker. 9. Provide a password administration page directory You use the Password Protect Directories have in common cPanelX of hosting today.
After clicking, you choose the wp-admin folder and create a login name and password for login class.
Press the Add / Modify Authorized user. Continuing, look up and type the name into the protected folder, in this folder are necessary to protect wp-admin. Then put a checkmark in the box Password Protect this directory and press the Save button to finish. Starting from here, every time we log into wp-admin will undergo a protected class. Need to fill your username and password protected, then proceed to log into WordPress in the usual way.
10. Distribution rights for files / folders on the host chmod CHMOD is doing and authorization limits on the host system, helping your website be more secure. • CHMOD intervention changes the following rights: - Read (read): Abbreviated as "r" and is represented by the number 4 - Write (edit): Abbreviated as "w" and is represented by the number 2 - Execute (execute): Abbreviated as "x" and is represented by the number 1 • CHMOD to change permissions for the following objects - "Owner": The owner of the file / folder - "Group": the Owner's Group members - "Public / Others / Everybody": The rest To CHMOD you have 2 ways. • Option 1 Open the FTP to upload, right click on the folder / file and select CHMOD CHMOD need.
• Method 2 Go to the File Manager in the hosting administration page and select Change Permissions.
Optimal CHMOD for WordPress
The first file we need to protect it as wp-config.php file for storing log information in its database. If you rarely edit this file's chmod 444 wp-config. This means that all user groups can only read but not edit or unenforceable, including owners. And after putting on 444, we can not edit the contents of this file, if you want to edit, then put it on the 644. The remaining files, then you can CHMOD is 644 and 755 for the folder. If you want to optimize more, please CHMOD the folder wp-admin, wp-includes the 101. But to CHMOD CHMOD 101 then you can not get that right on the FTP File Manager to do this. After CHMOD to 101, you will log in to FTP can not see the folder is CHMOD, this means that you can not do anything except access by the browser. Next is CHMOD to 400 all the files (except files in the theme folder). If in some cases the server does not allow CHMOD 400 then you can change to 404. If you find it difficult to CHMOD File Permissions & Size Check plugin will help you track and CHMOD files / folders easily in the WordPress admin page. Here are suggestions for optimizing CHMOD of BulletProof Security WordPress.
11. Backup (backup) database regularly The backup data regularly, help us to safeguard your data safe, ready to recover when under attack or hacker deleted data, website. Backup can be done in one of two ways:
• Option 1 Use the database backup of cpnanel of hosting providers.
• Method 2 WP Complete BackupPlugin Use this tool to help you install mode automatically backup all data on your blog, website using WordPress. Plugin integrates Google account synchronization Sky Drive or Drive automatically send the backup data was out there helping us benefits distributed backup data anywhere, the risk of data loss is almost no
12. Several recommendations wordpress security plugin use Currently there are many plugins WordPress security plugins following is recommended:
WP Security Scan Helping you find the WordPress installation directory weaknesses can be exploited by hackers and provide proposal fixes. You just activate this plugin feel when your files safe and not want to check only.
WordPress Exploit Scanner Searching for evidence of the presence of a hacker in your website and make recommendations for problem areas. Like Wp Security Scan, you just activate this plugin as needed. WordPress File Monitor This plugin will monitor the activities of the files in the WordPress installation directory and issue alerts for all corrective actions have been implemented. You can easily see this by editing or by the hacker himself. Activate the plugin in the active state.
Login Lockdown Limit number of failed login attempts allowed a maximum effort to prevent password guessing by the hackers, you can customize the login next time if IP is blocked because of wrong login too many times allowed.
Above is a method to help you protect your website. Let's apply it to your site say no to hackers.
Kiến thức mạng
» Điện thoại
» Mã nguồn
» News
» Website
» Wordpress
» SECURE WEBSITE USING WORDPRESS
All comments [ 0 ]
Your comments