SlideShare uma empresa Scribd logo

Securing Word Press Blog

Chetan Gole
Chetan Gole

WordPress is the most popular Blogging platform now a days. Many high profile companies are using WordPress as there Blogging platform. Have you ever thought about the security of your blog running WordPress ?? This presentation was presented On 13th Feb 2010, At Nagpur PHP Meetup by me.

Tecnologia
1 de 13
Securing WordPress blog Chetan Gole Tricks and guidelines for WordPress users Web : chetangole.com Twitter : @chetan_gole E-Mail : chetangole@gmail.com
What is WordPress ?? WordPress is an open source blog publishing application powered by PHP and MySQL which can also be used for basic content management. It has many features including a user-friendly workflow, a rich plugin architecture, and an advanced templating system. Used at almost 2% of the 10,000 biggest websites, Wordpress is the most popular blog software in use today Source : Wikipedia
Popular sites using WordPress ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Why to secure the blog ?? ,[object Object],[object Object],[object Object],[object Object]
Keep everything up to date. Keep your WordPress installation and plugins up to date, Whenever there is update make sure you have the latest version. Whenever Wordpress or any software developer releases the update for there software they usually release the notes with the reason of update. Now if its security patch then they also release the vulnerabilities that the older version have in it. (else hide the WordPress version) So It is always good to keep your softwares updated else the hackers can easily misuse the loopholes in the softwares you are using. This also applies to the Operating system and application softwares that you are using in your computer. Keep your anti-virus updated with latest virus definition, because hackers can use your computer to hack your blog.
Change the Login ID By Default WordPress uses the Login ID as Admin, Change it. Now hackers have to guess the Login ID and Password both. i.e. Double security. To change the Login ID of Wordpress you can direct fire the SQL queries on your database, or there is one plugin to change the Login ID directly via simple interface. [Plugin URI : http://tr.im/NUd5] Or you can create a new administrator user and delete the original Admin user from your WordPress admin panel.
Use strong password Strong password means ?? Use plugin : “Login LockDown” - http://wordpress.org/extend/plugins/login-lockdown/ Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
Use SSL for Login Use Encryption technique while login using “Secure Sockets Layer” this can be implemented using a plugin : “ Admin SSL ” http://wordpress.org/extend/plugins/admin-ssl-secure-admin/ Or follow the directions given by Wordpress Codex site to use the SSL in your own way. : http://codex.wordpress.org/Administration_Over_SSL
Change the Login URL The default login URL for WordPress is /wp-login/ which is known to everyone, hackers can give try of guessing attack on that URL, so best way is to change the login URL. Plugin called “Stealth Login” will help you do do so. http://wordpress.org/extend/plugins/stealth-login/ This plugin allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog. Instead of advertising your login URL on your homepage, you can create a URL of your choice that can be easier to remember than wp-login.php
Use robots.txt file Use robots.txt file to restrict the bots access to private files like admin pages, etc People can use Google search tricks to hack into your site. So why allow Google to crawl your private pages ? Use Disallow : /wp-admin/ Disallow: /wp-include/ Disallow: /wp-content/plugins Disallow: /wp-content/themes This will restrict all search engine bots from accessing your those folders.
Simple things that you should follow ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Question ???
THANK YOU Chetan Gole Web : chetangole.com Twitter : @chetan_gole E-Mail : chetangole@gmail.com References used Wikipedia : http://www.wikipedia.org/ Wordpress codex Blog : http://codex.wordpress.org Wordpress plugin repository : http://wordpress.org/extend/plugins/ and many other blogs including but not limited to QuickOnlineTools.com, WebToolsCollection.com, alexking.org, etc

Recomendados

WordPress Security
WordPress Security WordPress Security
WordPress Security
Christina Hawkins
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your Wordpress
Chelsea O'Brien
 
WordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdfWordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdf
Arthur Kasirye
 
Your Site Has Been Hacked, Now What?
Your Site Has Been Hacked, Now What?Your Site Has Been Hacked, Now What?
Your Site Has Been Hacked, Now What?
Michele Butcher-Jones
 
How to Increase Security on your Wordpress Website
How to Increase Security on your Wordpress WebsiteHow to Increase Security on your Wordpress Website
How to Increase Security on your Wordpress Website
MeganGood12
 
Introduction to WordPress Class 6
Introduction to WordPress Class 6Introduction to WordPress Class 6
Introduction to WordPress Class 6
Adrian Mikeliunas
 
WordPress for beginners lesson 4 fall2015 JALC
WordPress for beginners lesson 4 fall2015 JALCWordPress for beginners lesson 4 fall2015 JALC
WordPress for beginners lesson 4 fall2015 JALC
Michele Butcher-Jones
 
How To Get Started After Installing Wordpress ( Wordcamp, Delhi )
How To Get Started After Installing Wordpress ( Wordcamp, Delhi )How To Get Started After Installing Wordpress ( Wordcamp, Delhi )
How To Get Started After Installing Wordpress ( Wordcamp, Delhi )
abhim12
 

Recomendados

WordPress Security
WordPress Security WordPress Security
WordPress Security
Christina Hawkins
 
How To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your WordpressHow To Lock Down And Secure Your Wordpress
How To Lock Down And Secure Your Wordpress
Chelsea O'Brien
 
WordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdfWordPress Troubleshooting Hacks.pdf
WordPress Troubleshooting Hacks.pdf
Arthur Kasirye
 
Your Site Has Been Hacked, Now What?
Your Site Has Been Hacked, Now What?Your Site Has Been Hacked, Now What?
Your Site Has Been Hacked, Now What?
Michele Butcher-Jones
 
How to Increase Security on your Wordpress Website
How to Increase Security on your Wordpress WebsiteHow to Increase Security on your Wordpress Website
How to Increase Security on your Wordpress Website
MeganGood12
 
Introduction to WordPress Class 6
Introduction to WordPress Class 6Introduction to WordPress Class 6
Introduction to WordPress Class 6
Adrian Mikeliunas
 
WordPress for beginners lesson 4 fall2015 JALC
WordPress for beginners lesson 4 fall2015 JALCWordPress for beginners lesson 4 fall2015 JALC
WordPress for beginners lesson 4 fall2015 JALC
Michele Butcher-Jones
 
How To Get Started After Installing Wordpress ( Wordcamp, Delhi )
How To Get Started After Installing Wordpress ( Wordcamp, Delhi )How To Get Started After Installing Wordpress ( Wordcamp, Delhi )
How To Get Started After Installing Wordpress ( Wordcamp, Delhi )
abhim12
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security ppt
Cheap SSL Coupon Code
 
Improve WordPress Security How To
Improve WordPress Security How ToImprove WordPress Security How To
Improve WordPress Security How To
Vivekanand Arumanda
 
Prabhanjan Panigrahi
Prabhanjan PanigrahiPrabhanjan Panigrahi
Prabhanjan Panigrahi
Anirban Saha
 
WordPress Plugins for Beginner Bloggers
WordPress Plugins for Beginner BloggersWordPress Plugins for Beginner Bloggers
WordPress Plugins for Beginner Bloggers
Eternal Spiral Books
 
Introduction to WordPress Class 5
Introduction to WordPress Class 5Introduction to WordPress Class 5
Introduction to WordPress Class 5
Adrian Mikeliunas
 
Introduction to WordPress Class 4
Introduction to WordPress Class 4Introduction to WordPress Class 4
Introduction to WordPress Class 4
Adrian Mikeliunas
 
Must use word press plugins
Must use word press pluginsMust use word press plugins
Must use word press plugins
Justin Rains
 
Introduction to WordPress Class 3
Introduction to WordPress Class 3Introduction to WordPress Class 3
Introduction to WordPress Class 3
Adrian Mikeliunas
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security Presentation
Andrew Paton
 
Your WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedYour WordPress Website Is/Not Hacked
Your WordPress Website Is/Not Hacked
Angela Bowman
 
Introduction to WordPress Class 2
Introduction to WordPress Class 2Introduction to WordPress Class 2
Introduction to WordPress Class 2
Adrian Mikeliunas
 
Wordpress security issues
Wordpress security issuesWordpress security issues
Wordpress security issues
Deepu Thomas
 
Top 20 word press plugins you've never heard of
Top 20 word press plugins you've never heard ofTop 20 word press plugins you've never heard of
Top 20 word press plugins you've never heard of
Toan Nguyen
 
Top 20 WordPress Plugins You've Never Heard Of
Top 20 WordPress Plugins You've Never Heard OfTop 20 WordPress Plugins You've Never Heard Of
Top 20 WordPress Plugins You've Never Heard Of
Brad Williams
 
Your WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you checkYour WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you check
Angela Bowman
 
Really Awesome WordPress Plugins You Should Know About
Really Awesome WordPress Plugins You Should Know AboutReally Awesome WordPress Plugins You Should Know About
Really Awesome WordPress Plugins You Should Know About
Angela Bowman
 
Create website using open source CMS WordPress by swapnil chafale
Create website using open source CMS WordPress by swapnil chafaleCreate website using open source CMS WordPress by swapnil chafale
Create website using open source CMS WordPress by swapnil chafale
NextServices
 
Word Press
Word PressWord Press
Word Press
ramesh kumar
 
SEO for WordPress Blogs
SEO for WordPress BlogsSEO for WordPress Blogs
SEO for WordPress Blogs
Alex Gonçalves
 
Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015
Michele Butcher-Jones
 
Visual Design & Type I
Visual Design & Type IVisual Design & Type I
Visual Design & Type I
As Ap
 
LookOmotive First Seminar
LookOmotive First SeminarLookOmotive First Seminar
LookOmotive First Seminar
MinaFayek
 

Mais conteúdo relacionado

Mais procurados

Prabhanjan Panigrahi
Prabhanjan PanigrahiPrabhanjan Panigrahi
Prabhanjan Panigrahi
Anirban Saha
 
Wordpress security issues
Wordpress security issuesWordpress security issues
Wordpress security issues
Deepu Thomas
 

Mais procurados (20)

Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security ppt
 
Improve WordPress Security How To
Improve WordPress Security How ToImprove WordPress Security How To
Improve WordPress Security How To
 
Prabhanjan Panigrahi
Prabhanjan PanigrahiPrabhanjan Panigrahi
Prabhanjan Panigrahi
 
WordPress Plugins for Beginner Bloggers
WordPress Plugins for Beginner BloggersWordPress Plugins for Beginner Bloggers
WordPress Plugins for Beginner Bloggers
 
Introduction to WordPress Class 5
Introduction to WordPress Class 5Introduction to WordPress Class 5
Introduction to WordPress Class 5
 
Introduction to WordPress Class 4
Introduction to WordPress Class 4Introduction to WordPress Class 4
Introduction to WordPress Class 4
 
Must use word press plugins
Must use word press pluginsMust use word press plugins
Must use word press plugins
 
Introduction to WordPress Class 3
Introduction to WordPress Class 3Introduction to WordPress Class 3
Introduction to WordPress Class 3
 
WordPress Security Presentation
WordPress Security PresentationWordPress Security Presentation
WordPress Security Presentation
 
Your WordPress Website Is/Not Hacked
Your WordPress Website Is/Not HackedYour WordPress Website Is/Not Hacked
Your WordPress Website Is/Not Hacked
 
Introduction to WordPress Class 2
Introduction to WordPress Class 2Introduction to WordPress Class 2
Introduction to WordPress Class 2
 
Wordpress security issues
Wordpress security issuesWordpress security issues
Wordpress security issues
 
Top 20 word press plugins you've never heard of
Top 20 word press plugins you've never heard ofTop 20 word press plugins you've never heard of
Top 20 word press plugins you've never heard of
 
Top 20 WordPress Plugins You've Never Heard Of
Top 20 WordPress Plugins You've Never Heard OfTop 20 WordPress Plugins You've Never Heard Of
Top 20 WordPress Plugins You've Never Heard Of
 
Your WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you checkYour WordPress Site is and is not Hacked - You don't know until you check
Your WordPress Site is and is not Hacked - You don't know until you check
 
Really Awesome WordPress Plugins You Should Know About
Really Awesome WordPress Plugins You Should Know AboutReally Awesome WordPress Plugins You Should Know About
Really Awesome WordPress Plugins You Should Know About
 
Create website using open source CMS WordPress by swapnil chafale
Create website using open source CMS WordPress by swapnil chafaleCreate website using open source CMS WordPress by swapnil chafale
Create website using open source CMS WordPress by swapnil chafale
 
Word Press
Word PressWord Press
Word Press
 
SEO for WordPress Blogs
SEO for WordPress BlogsSEO for WordPress Blogs
SEO for WordPress Blogs
 
Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015Word press for beginners lesson 3 jalc fall 2015
Word press for beginners lesson 3 jalc fall 2015
 

Destaque

LookOmotive First Seminar
LookOmotive First SeminarLookOmotive First Seminar
LookOmotive First Seminar
MinaFayek
 

Destaque (6)

Visual Design & Type I
Visual Design & Type IVisual Design & Type I
Visual Design & Type I
 
LookOmotive First Seminar
LookOmotive First SeminarLookOmotive First Seminar
LookOmotive First Seminar
 
Front line leaders bb_v2
Front line leaders bb_v2Front line leaders bb_v2
Front line leaders bb_v2
 
Conching
ConchingConching
Conching
 
A Capela, As fragas do Eume
A Capela, As fragas do EumeA Capela, As fragas do Eume
A Capela, As fragas do Eume
 
Providing Feed Back to Influence Driver Behavior
Providing Feed Back to Influence Driver BehaviorProviding Feed Back to Influence Driver Behavior
Providing Feed Back to Influence Driver Behavior
 

Semelhante a Securing Word Press Blog

WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
Angela Bowman
 

Semelhante a Securing Word Press Blog (20)

WordPress security
WordPress securityWordPress security
WordPress security
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
Types of Security Threats WordPress Websites Face: Part-1
Types of Security Threats WordPress Websites Face: Part-1Types of Security Threats WordPress Websites Face: Part-1
Types of Security Threats WordPress Websites Face: Part-1
 
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertComplete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
 
Weaving Your Way With Widgets & Plugins
Weaving Your Way With Widgets & PluginsWeaving Your Way With Widgets & Plugins
Weaving Your Way With Widgets & Plugins
 
Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011Securing Your WordPress Website - WordCamp GC 2011
Securing Your WordPress Website - WordCamp GC 2011
 
Securing Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad LaskySecuring Your WordPress Website by Vlad Lasky
Securing Your WordPress Website by Vlad Lasky
 
Amazing WordPress & Productivity Tips
Amazing WordPress & Productivity TipsAmazing WordPress & Productivity Tips
Amazing WordPress & Productivity Tips
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
WordCamp RI 2015 - Beginner WordPress Workshop
WordCamp RI 2015 - Beginner WordPress Workshop WordCamp RI 2015 - Beginner WordPress Workshop
WordCamp RI 2015 - Beginner WordPress Workshop
 
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 201340 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
 
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)
 
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
 
Popular Wordpress Plug-ins of May 2013
Popular Wordpress Plug-ins of May 2013Popular Wordpress Plug-ins of May 2013
Popular Wordpress Plug-ins of May 2013
 
Getting started with WordPress development
Getting started with WordPress developmentGetting started with WordPress development
Getting started with WordPress development
 
Beginning WordPress Plugin Development
Beginning WordPress Plugin DevelopmentBeginning WordPress Plugin Development
Beginning WordPress Plugin Development
 
Wordpress
WordpressWordpress
Wordpress
 
WordPress Optimization & Security - LAC 2013, London
WordPress Optimization & Security - LAC 2013, LondonWordPress Optimization & Security - LAC 2013, London
WordPress Optimization & Security - LAC 2013, London
 

Último

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Último (20)

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Securing Word Press Blog

  • 1. Securing WordPress blog Chetan Gole Tricks and guidelines for WordPress users Web : chetangole.com Twitter : @chetan_gole E-Mail : chetangole@gmail.com
  • 2. What is WordPress ?? WordPress is an open source blog publishing application powered by PHP and MySQL which can also be used for basic content management. It has many features including a user-friendly workflow, a rich plugin architecture, and an advanced templating system. Used at almost 2% of the 10,000 biggest websites, Wordpress is the most popular blog software in use today Source : Wikipedia
  • 3.
  • 4.
  • 5. Keep everything up to date. Keep your WordPress installation and plugins up to date, Whenever there is update make sure you have the latest version. Whenever Wordpress or any software developer releases the update for there software they usually release the notes with the reason of update. Now if its security patch then they also release the vulnerabilities that the older version have in it. (else hide the WordPress version) So It is always good to keep your softwares updated else the hackers can easily misuse the loopholes in the softwares you are using. This also applies to the Operating system and application softwares that you are using in your computer. Keep your anti-virus updated with latest virus definition, because hackers can use your computer to hack your blog.
  • 6. Change the Login ID By Default WordPress uses the Login ID as Admin, Change it. Now hackers have to guess the Login ID and Password both. i.e. Double security. To change the Login ID of Wordpress you can direct fire the SQL queries on your database, or there is one plugin to change the Login ID directly via simple interface. [Plugin URI : http://tr.im/NUd5] Or you can create a new administrator user and delete the original Admin user from your WordPress admin panel.
  • 7. Use strong password Strong password means ?? Use plugin : “Login LockDown” - http://wordpress.org/extend/plugins/login-lockdown/ Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
  • 8. Use SSL for Login Use Encryption technique while login using “Secure Sockets Layer” this can be implemented using a plugin : “ Admin SSL ” http://wordpress.org/extend/plugins/admin-ssl-secure-admin/ Or follow the directions given by Wordpress Codex site to use the SSL in your own way. : http://codex.wordpress.org/Administration_Over_SSL
  • 9. Change the Login URL The default login URL for WordPress is /wp-login/ which is known to everyone, hackers can give try of guessing attack on that URL, so best way is to change the login URL. Plugin called “Stealth Login” will help you do do so. http://wordpress.org/extend/plugins/stealth-login/ This plugin allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog. Instead of advertising your login URL on your homepage, you can create a URL of your choice that can be easier to remember than wp-login.php
  • 10. Use robots.txt file Use robots.txt file to restrict the bots access to private files like admin pages, etc People can use Google search tricks to hack into your site. So why allow Google to crawl your private pages ? Use Disallow : /wp-admin/ Disallow: /wp-include/ Disallow: /wp-content/plugins Disallow: /wp-content/themes This will restrict all search engine bots from accessing your those folders.
  • 11.
  • 13. THANK YOU Chetan Gole Web : chetangole.com Twitter : @chetan_gole E-Mail : chetangole@gmail.com References used Wikipedia : http://www.wikipedia.org/ Wordpress codex Blog : http://codex.wordpress.org Wordpress plugin repository : http://wordpress.org/extend/plugins/ and many other blogs including but not limited to QuickOnlineTools.com, WebToolsCollection.com, alexking.org, etc