Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Forums
New posts
All threads
Latest threads
New posts
Trending threads
Trending
Search forums
What's new
New posts
New ads
New profile posts
Latest activity
Free Ads
Latest reviews
Search ads
Members
Current visitors
New profile posts
Search profile posts
Contact us
Latest ads
Ad icon
🎮 INDIAN PSN GIFT CARDS AVAILABLE NOW! 🎮
madukaperera
Updated:
Yesterday at 12:57 PM
🚀 Google AI PRO – 18 Months | Rs. 850 Only
lkkolla
Updated:
Monday at 4:56 PM
🔒 NordVPN Premium – 3 Months
hrdilshan
Updated:
Thursday at 8:29 PM
🚀 Microsoft Office 365 Pro Plus – Lifetime Access! 🚀
hrdilshan
Updated:
Thursday at 8:28 PM
Linkedin Premium Business / Careere /Sales Navigator - 1/2/3/6/9/12 Months - Reddem Link
hrdilshan
Updated:
Thursday at 8:27 PM
Electronics
Vehicles
Property
Search
Reply to thread
Forums
Computers & Internet
Software Development
Wordpress HelpZ
Get the App
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="namila007" data-source="post: 6927294" data-attributes="member: 22046"><p><strong>10 Security Tips for WP</strong></p><p></p><p>Security Tips</p><p><strong><span style="font-size: 12px">1. Nobody should be allowed to search your entire server.</span></strong></p><p><a href="http://www.wpdesigner.com/2008/01/30/wordpress-tips-part-1/" target="_blank">WPdesigner advices us to NOT use this search code in the search.php</a></p><p>[CODE]<?php echo $_SERVER ['PHP_SELF']; ?></p><p>Nobody should be allowed to search your entire server, or? Use this one instead:</p><p><?php bloginfo ('home'); ?></p><p>Block WP- folders from being indexed by search engines, the best way to block them in your robots.txt file. Add the following line to your list:</p><p>Disallow: /wp-*[/CODE]</p><p></p><p><strong><span style="font-size: 12px">2. Directories should not be left open for public browsing</span></strong></p><p>There is a potential problem letting people know what plugins you have, or what versions they are. If there is some known exploit that is linked to a plugin, it could be easy enough for someone to use it to their advantage. Make an empty wp-content/plugins/index.html file or just add this line in your [CODE].htaccess file in your root:</p><p>Options All -Indexes</p><p>[/CODE]</p><p></p><p><strong>3. Drop the version string in your Meta Tags</strong></p><p>A large number of WordPress themes have the WordPress Meta Tag that show the version of WordPress that is running on your blog which is an easy way to get your blog prone to hackers if you didn’t upgrade to the security-enhanced file permissions on both which is pointed out by Matt Cutts. Another solution involves a plugin that sets up a secondary new version.</p><p></p><p>[CODE]This tag is in the header.php file that displays your current version of wordpress.</p><p></p><p><meta content="WordPress <?php bloginfo(’version’); ? />" name="generator" />[/CODE]</p><p></p><p><span style="font-size: 12px"><strong>4. Stay Updated</strong></span></p><p>You need to keep your on your plugin/widget, theme, and Wordpress versions updated. Also, subscribing to the plugin/widget/theme Author’s RSS feeds makes keeping up with them much easier.</p><p></p><p><span style="font-size: 12px"><strong>5. Take regular backups of your site and Database</strong></span></p><p>You always have to take regular backups of your file directories as well as the database. WordPress Database Backup plugin creates backups of your core WordPress tables as well as other tables of your choice in the same database.</p><p>[CODE] [B]WordPress Database Backup[/B]</p><p>[URL="http://wordpress.org/extend/plugins/wp-db-backup/"]Download[/URL]</p><p>[URL="http://www.ilfilosofo.com/blog/wp-db-backup"]Plugin HomePage[/URL]</p><p></p><p>WordPress database backup creates backups of your core WordPress tables as well as other tables of your choice in the same database.[/CODE]</p><p></p><p></p><p><span style="font-size: 12px"><strong>6. Use SSH/Shell Access instead of FTP</strong></span></p><p>If someone gets a hold of your FTP login information (which is usually not encrypted and easy to get), they can manipulate your files and add spam to your site without you even knowing about it! Using SSH, everything is encrypted including the transfer of files, etc.</p><p></p><p><span style="font-size: 12px"><strong>7. Stop worrying about your wp-config.php file</strong></span></p><p>Keep your database username and password Safe by adding the following to the .htaccess file at the top level of your WordPress install:</p><p></p><p>[CODE]<FilesMatch ^wp-config.php$>deny from all</FilesMatch>[/CODE]</p><p></p><p>This will make it harder for your database username and password to fall into the wrong hands in the event of a server problem.</p><p></p><p><strong><span style="font-size: 12px">8. Block WP- folders from the Search Engines</span></strong></p><p>There is no need to have all of your filesWordpress files indexed by Google, so it’s best to block them in your robots.txt file. Add the following line to your list</p><p></p><p>Disallow: /wp-*</p><p></p><p><strong><span style="font-size: 12px">9. Block access to WP-Admin folder using .htaccess</span></strong></p><p></p><p>There is an article written Reuben that talks about how you can protect your Wordpress admin folder by allowing access to it from a defined set of IP addresses. Everything else will bring up a Forbidden error message. So if you only access your blog from one or two places routinely, it’s worth implementing. Also, you’re supposed to create a new .htaccess file inside your wp-admin folder, not replace the one at the root of your blog</p><p></p><p><strong><span style="font-size: 12px">10. Don’t Use Default Passwords</span></strong></p><p>Are you still logging into your wp-admin page with the same default password that was emailed to you? If so, CHANGE IT! You can follow the instructions given in the article “Hack Proof Password” posted by us earlier to imrove the strength of your password.</p><p></p><p><strong><span style="font-size: 12px">11. Change database table prefix</span></strong></p><p>The default prefix used by WordPress is “wp”. You can easily change the prefix to other terms that are difficult to guess using the WP-Security-Scan. More detail on this plugin below.</p><p></p><p><strong><span style="font-size: 12px">12. Don’t use (or better yet, remove) the default “admin” username</span></strong></p><p>When you install WordPress, it automatically generates a user with Administrator-level permissions called admin. It is strongly recommended that you do not use this username to make it harder for the hacker to guess your username and password via Brute force attacks. Even if you downgrade its permission role, it’s still a better idea just to remove this user altogether.</p><p></p><p>You can use the Change Username Plugin to change the Username of Admin Account.</p><p><img src="/styles/default/xenforo/smilies/default/happy.gif" class="smilie" loading="lazy" alt=":)" title="Happy :)" data-shortname=":)" /><img src="/styles/default/xenforo/smilies/default/happy.gif" class="smilie" loading="lazy" alt=":)" title="Happy :)" data-shortname=":)" /><img src="/styles/default/xenforo/smilies/default/happy.gif" class="smilie" loading="lazy" alt=":)" title="Happy :)" data-shortname=":)" /><img src="/styles/default/xenforo/smilies/default/happy.gif" class="smilie" loading="lazy" alt=":)" title="Happy :)" data-shortname=":)" /></p><p></p><p><strong><span style="font-size: 18px">Try these.</span></strong>....<img src="/styles/default/xenforo/smilies/default/yes.gif" class="smilie" loading="lazy" alt=":yes:" title="Yes :yes:" data-shortname=":yes:" /><img src="/styles/default/xenforo/smilies/default/yes.gif" class="smilie" loading="lazy" alt=":yes:" title="Yes :yes:" data-shortname=":yes:" /><img src="/styles/default/xenforo/smilies/default/yes.gif" class="smilie" loading="lazy" alt=":yes:" title="Yes :yes:" data-shortname=":yes:" /></p></blockquote><p></p>
[QUOTE="namila007, post: 6927294, member: 22046"] [b]10 Security Tips for WP[/b] Security Tips [B][SIZE="3"]1. Nobody should be allowed to search your entire server.[/SIZE][/B] [URL="http://www.wpdesigner.com/2008/01/30/wordpress-tips-part-1/"]WPdesigner advices us to NOT use this search code in the search.php[/URL] [CODE]<?php echo $_SERVER ['PHP_SELF']; ?> Nobody should be allowed to search your entire server, or? Use this one instead: <?php bloginfo ('home'); ?> Block WP- folders from being indexed by search engines, the best way to block them in your robots.txt file. Add the following line to your list: Disallow: /wp-*[/CODE] [B][SIZE="3"]2. Directories should not be left open for public browsing[/SIZE][/B] There is a potential problem letting people know what plugins you have, or what versions they are. If there is some known exploit that is linked to a plugin, it could be easy enough for someone to use it to their advantage. Make an empty wp-content/plugins/index.html file or just add this line in your [CODE].htaccess file in your root: Options All -Indexes [/CODE] [B]3. Drop the version string in your Meta Tags[/B] A large number of WordPress themes have the WordPress Meta Tag that show the version of WordPress that is running on your blog which is an easy way to get your blog prone to hackers if you didn’t upgrade to the security-enhanced file permissions on both which is pointed out by Matt Cutts. Another solution involves a plugin that sets up a secondary new version. [CODE]This tag is in the header.php file that displays your current version of wordpress. <meta content="WordPress <?php bloginfo(’version’); ? />" name="generator" />[/CODE] [SIZE="3"][B]4. Stay Updated[/B][/SIZE] You need to keep your on your plugin/widget, theme, and Wordpress versions updated. Also, subscribing to the plugin/widget/theme Author’s RSS feeds makes keeping up with them much easier. [SIZE="3"][B]5. Take regular backups of your site and Database[/B][/SIZE] You always have to take regular backups of your file directories as well as the database. WordPress Database Backup plugin creates backups of your core WordPress tables as well as other tables of your choice in the same database. [CODE] [B]WordPress Database Backup[/B] [URL="http://wordpress.org/extend/plugins/wp-db-backup/"]Download[/URL] [URL="http://www.ilfilosofo.com/blog/wp-db-backup"]Plugin HomePage[/URL] WordPress database backup creates backups of your core WordPress tables as well as other tables of your choice in the same database.[/CODE] [SIZE="3"][B]6. Use SSH/Shell Access instead of FTP[/B][/SIZE] If someone gets a hold of your FTP login information (which is usually not encrypted and easy to get), they can manipulate your files and add spam to your site without you even knowing about it! Using SSH, everything is encrypted including the transfer of files, etc. [SIZE="3"][B]7. Stop worrying about your wp-config.php file[/B][/SIZE] Keep your database username and password Safe by adding the following to the .htaccess file at the top level of your WordPress install: [CODE]<FilesMatch ^wp-config.php$>deny from all</FilesMatch>[/CODE] This will make it harder for your database username and password to fall into the wrong hands in the event of a server problem. [B][SIZE="3"]8. Block WP- folders from the Search Engines[/SIZE][/B] There is no need to have all of your filesWordpress files indexed by Google, so it’s best to block them in your robots.txt file. Add the following line to your list Disallow: /wp-* [B][SIZE="3"]9. Block access to WP-Admin folder using .htaccess[/SIZE][/B] There is an article written Reuben that talks about how you can protect your Wordpress admin folder by allowing access to it from a defined set of IP addresses. Everything else will bring up a Forbidden error message. So if you only access your blog from one or two places routinely, it’s worth implementing. Also, you’re supposed to create a new .htaccess file inside your wp-admin folder, not replace the one at the root of your blog [B][SIZE="3"]10. Don’t Use Default Passwords[/SIZE][/B] Are you still logging into your wp-admin page with the same default password that was emailed to you? If so, CHANGE IT! You can follow the instructions given in the article “Hack Proof Password” posted by us earlier to imrove the strength of your password. [B][SIZE="3"]11. Change database table prefix[/SIZE][/B] The default prefix used by WordPress is “wp”. You can easily change the prefix to other terms that are difficult to guess using the WP-Security-Scan. More detail on this plugin below. [B][SIZE="3"]12. Don’t use (or better yet, remove) the default “admin” username[/SIZE][/B] When you install WordPress, it automatically generates a user with Administrator-level permissions called admin. It is strongly recommended that you do not use this username to make it harder for the hacker to guess your username and password via Brute force attacks. Even if you downgrade its permission role, it’s still a better idea just to remove this user altogether. You can use the Change Username Plugin to change the Username of Admin Account. :):):):) [B][SIZE="5"]Try these.[/SIZE][/B]....:yes::yes::yes: [/QUOTE]
Insert quotes…
Verification
Hathara warak wissa keeyada? (Hathara wadi karanna 20)
Post reply
Top
Bottom