Home Kiến thức mạng » Điện thoại » Mã nguồn » News » Website » Wordpress » Synthesis securely to WordPress

Synthesis securely to WordPress

Dienstag, 27. Mai 2014
After completing a WordPress blog , in addition to conducting the search engine optimization and planning content development, we have also a more critical stages in the product life cycle of a website, such as security website. Imagine that on a fine day that your blog has many built from his sweat suddenly disappear?
Their former selves also been a target of many attacks, not only on WordPress blogs but in any web platform. Over how many years "beaten" at least now I also had a little bit of experience to "dodge", and that experience today will be my worded in the most meticulous this article.

Contents content

Using quality hosting
Prevent unauthorized access to your wp-admin page admin
Change the address of the admin page
Limit the number of login attempts
Use complex passwords and login names should not be used as admin
layering password protected administration page
Create enhanced layer of protection by IP
Distribution rights for files / folders on the host chmod
CHMOD Guide
Optimal CHMOD for WordPress
Backup (backup) database regularly
Update the latest version of WordPress
Delete all unnecessary plugins
Some security plugin for WordPress
Epilogue

Using quality hosting

Hosting inferior quality or not good security is one of the main reasons leading to the hacking, the most common form is local hack method takes advantage of the loophole server and other websites associated to website attacks of you.
Therefore, I recommend that you use hosting at A2Hosting or Interserver to enhance security.

Prevent unauthorized access to your wp-admin page admin

Change the address of the admin page

The default path to the WordPress admin page of wp-admin, this helps identify hackers easily address logged after they had full information on your Administrator account, even there so much support script automatically logged in a data set through this popular address.
So first, you need to change your address to log into the admin page using the plugin iThemes Security to enhance security for WordPress, which functions change the default path of the administration page any path that you want.
After installation, go to Security -> Settings -> Hide Login Area and fill the new path name of the admin page, login page and registration page.
ithemessecurity-hidelogin
Note: If you have not done changes on the admin page with the new link, please CHMOD file. Htaccess to 777 and in the Save Change button again. Then CHMOD it to 644.

Limit the number of login attempts

Limit the number of login attempts on WordPress
Currently there is an extremely popular method that is somehow the hacker can collect addresses hundreds of thousands of new WordPress website each day, then proceed to scan password by repeatedly logging into wp address -admin with a structure different username and password. For example, they often scan the structure is admin/123456.
So to prevent this situation, we will add functionality to automatically lock log login failures a certain number of times. You can use the plugin Login Security Solutions (recommended), Limit Help attempts , Login Lockdown plugin or upright in iThemes Security also has this function.

Use complex passwords and login names should not be used as admin

As I said above, the hacker usually continuously scan the admin password automatically structured username is admin or administrator. So its not extremely encouraging this type of login names or the like.
If you have missed a WordPress install and use the username is admin, you should not worry, iThemes Security plugin supports change your login name, this plugin seems that versatile, and that's they choose to use it.

layering password protected administration page

If you are still concerned about the safety of the admin page, they can be added by creating a class login again using the Password Protect Directories functions have in common cPanelX of hosting today.
After clicking, you choose the wp-admin folder and create a login name and password for login class.
Press the Add / Modify Authorized user. Continuing, looked up and knocked on the protected folder name, folder here is the need to protect wp-admin, then put a checkmark in the boxPassword Protect this directory and press the Save button to finish. And starting here, every time we log into wp-admin will undergo a protected class, and we have to fill your username and password to protect it. Then proceed to log into WordPress in the usual way.
If your host does not support cPanelX, you can create a simple plugin with a htaccess password protect for WordPress.

Create enhanced layer of protection by IP

This can be said quite well to protect your admin page. With this protection, you can simply log into the admin page of your IP in IP lists enable logging, the rest will be blocked off.
First you download the package SecureIP on, open the file and change the passwordcapnhatip.php 123456 a password that you prefer, then 3 file upload capnhatip.php, listip.txt andsecurity.php on wp-admin folder and listip.txt file CHMOD 777 or 775. Opens index.php file in the wp-admin folder and add this piece right behind <?php
  include ('security.php');
Then proceed to visit the http://yourdomain.com/wp-admin path, at which point you will see themessage does not allow access because your IP has not been added to the allowed list.
Conduct additional IP on the path by typing http://yourdomain.com/wp-admin/capnhatip.php, then enter the password that you have edited this file from step input. Done, now you can comfortably log into the admin page then.
Want to delete all IP in the allow list on listip.txt open wp-admin folder and delete all contents on the need to delete it or delete IP is finished.
You can rename the file name you like and capnhatip.php remember correctly enter offline as needed.
Tips:
  • View your IP address .
  • You can use the key features capnhatip.php file by Incapsula .

Distribution rights for files / folders on the host chmod

CHMOD Guide

To CHMOD you have 2 ways to open up the FTP upload, right click on the folder / file and select CHMOD CHMOD need.
Either you go to the File Manager in the admin site hosting (cPanel X) and select Change Permissions

Optimal CHMOD for WordPress

The first file we need to protect it as wp-config.php file for storing log information in its database. If you rarely edit this file's chmod 444 wp-config, this means all of the users group can only read but not edit or unenforceable, including owners. And after putting on 444, we can not edit the contents of this file, if you want to edit, then put it on the 644.
And again, you can file is CHMOD to 644 and 755 for folders and.
If you find it difficult in the plugin CHMOD File Permissions & Size Check CHMOD and will help you keep track of files, folders easy in the WordPress admin page.
Here are suggestions for optimizing CHMOD WordPress BulletProof Security
Apply more: Creating two classes account confirmation for WordPress

Backup (backup) database regularly

Backup regularly for security dữ liệu
This work does not minimize the possibility of being attacked on WordPress but it helps us reduce the extent of damage after the attack. If you back up data on a regular basis, after being attacked and lost all the database, we can still revive the site by restoring backed up data. In addition, this method also helps you to recover blog after conducting tailored interventions related databases.
In WordPress there are many tools database backup, but now I can only suggest to you a stable plugin and it's the best backup Backup WP. This plugin helps you set up automatic backup mode for all data on a blog, and synchronization functions Google Drive into account and automatically send the data has been backed up there.
If you need more features, I encourage you to see this stuff:
  • Guide to backup data by BackWPUp

Update the latest version of WordPress

If you are using an older version of WordPress, please upgrade to the latest version to increase the safety of the blog. The new version is designed to fix a number of bugs so if you do not upgrade, the hacker can take advantage of this bug to illegal entry into the blog. Besides, if the plugin is using a new version, you must also be upgraded.

Delete all unnecessary plugins

Using many plugins as well as one of the reasons being attacked, because if you do not check it very likely the plugin you are using might exploit your information. And many plugin use can also lead to conflicts with another plugin, which will cause many problems for your blog. Please proceed deactive and remove all plugins not really necessary technical and refer you start installing a new plugin.

Some security plugin for WordPress

iThemes Security
This plugin is quite adequate for the security functions such as changing the WordPress admin username, admin ID changes, limited logging, data backup can say is .. vvvDay plugin should spend to enhance security WordPress. Thach also currently using this and not have any problem at all: D.
Bulletproof Security
bulletproof-security
This plugin prevents and eliminates attacks by the method of XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection by optimizing security for sensitive files and folders. If you are worried about the security of their ability before the attack, proceed to install the plugin this.
By default after installation, it will automatically optimize for you, but if you have the knowledge about security, you can customize your way.
General assessment of this plugin is very good but not very suitable for beginners to learn WordPress and no security knowledge.
6Scan Security
6Scan Security Toolkit will automatically scan the entire source code of the blog in order to remove the malicious code. Moreover, this plugin also helps you to patch some security flaws to prevent hackers take advantage of vulnerabilities that. This plugin can be used in the case of attack follows:
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • CSRF
  • Directory traversal
  • Remote file inclusion
  • Several DoS Conditions
Automatically scan the code to access the powerful toxic
The more security functions of 6scan Security
More: Find malicious code with 4 commonly used plugin .

Epilogue

In this section we learn through a number of methods to enhance the security of WordPress to minimize the possibility of attacks from hackers. Hope it helps you have more knowledge better security for WordPress. In the next section, I will suggest to you a few things to do when under attack in order to minimize the possibility of data loss lead to start again with a new website. But now, let's apply the above way of security to your blog, and do not forget to take a database backup regularly.
If you have a problem questions, raised in the comment section, I will try to answer if it is within his knowledge. I wish you success.
Chia sẻ bài viết ^^
Other post

All comments [ 0 ]


Your comments