14 {{ upvoteCount | shortNum }}
14 {{ upvoteCount | shortNum }}

Kick the hackers away

by samsharen
12 replies
  • WEB DESIGN
    • |
Hi my fellow warriors,


How do I keep my sites secured? Which plugin should I use?




Kind Regards
sam harris
#hackers #kick
  • Profile picture of the author JesseN
    I'm going to assume that you're talking about Wordpress sites. I don't think you really need any plugins to keep your sites secure. All you have to do is:

    1. Keep you plugins, themes, Wordpress installation up to date.
    2. Only use plugins you really need and only stick to the popular ones if possible. This is because less popular plugins won't be used as much and therefore some security vulnerabilities might not have been patched.
    3. Delete plugins and themes you don't use since hackers can still exploit vulnerabilities of themes and plugins that are disabled.
    4. Restrict the wp-admin folder to your IP addresses unless you allow user registration. You can do this by adding this code to your site root's .htaccess file:
    AuthUserFile /dev/null
    AuthGroupFile /dev/null
    AuthName “Access Control”
    AuthType Basic
    order deny,allow
    deny from all
    # whitelist home IP address
    allow from xx.xx.xx.xx
    5. Don't use the admin account that would have been the default when you installed Wordpress.
    6. Use a different table prefix than wp.
    7. Make sure that your directory doesn't get listed whenever an index file is not present.
    {{ DiscussionBoard.errors[6308944].message }}
    • Profile picture of the author System Wide Solutions
      Originally Posted by JesseN View Post

      I'm going to assume that you're talking about Wordpress sites. I don't think you really need any plugins to keep your sites secure. All you have to do is:

      1. Keep you plugins, themes, Wordpress installation up to date.
      2. Only use plugins you really need and only stick to the popular ones if possible. This is because less popular plugins won't be used as much and therefore some security vulnerabilities might not have been patched.
      3. Delete plugins and themes you don't use since hackers can still exploit vulnerabilities of themes and plugins that are disabled.
      4. Restrict the wp-admin folder to your IP addresses unless you allow user registration. You can do this by adding this code to your site root's .htaccess file:
      AuthUserFile /dev/null
      AuthGroupFile /dev/null
      AuthName "Access Control"
      AuthType Basic
      order deny,allow
      deny from all
      # whitelist home IP address
      allow from xx.xx.xx.xx
      5. Don't use the admin account that would have been the default when you installed Wordpress.
      6. Use a different table prefix than wp.
      7. Make sure that your directory doesn't get listed whenever an index file is not present.
      You have given a nice answer. Most people just leave admin username and it will be a great opportunity for hackers.
      Signature
      {{ DiscussionBoard.errors[6360690].message }}
  • Profile picture of the author gentryliving
    @ Jessen: Thanks for the very useful and helpful tips.
    Signature
    Professionally designed custom blogging platform
    {{ DiscussionBoard.errors[6309018].message }}
    • Profile picture of the author so11
      Hello,

      very big question, it would take pages and pages to answer.

      1. Practices listed above are good, but there is much much more.
      2. If you build your own sites, go to OWASP.com, lots of info.
      3. The only real way to check for vulnerabilities is to constantly audit and patch your sites, that way you'll make sure that are no possible vulnerabilities to be exploited.

      So11
      Signature
      www.groupesoloviev.com
      We help businesses manage cyber risk and compliance requirements.
      {{ DiscussionBoard.errors[6333188].message }}
      • Profile picture of the author rizwanrajput
        Banned
        [DELETED]
        {{ DiscussionBoard.errors[6337697].message }}
        • Profile picture of the author Freyal00
          How to use this trick?
          {{ DiscussionBoard.errors[6338159].message }}
  • Profile picture of the author so11
    Hello,

    .htaccess allows you to control access to your pages, directories, subdirectories, etc.

    start from here : search wikipedia for .htaccess
    Please note though, that this is just the beginning and won’t keep away real experts.

    Security is a set of tools and best practices and ongoing check/correct process.

    regards,
    Signature
    www.groupesoloviev.com
    We help businesses manage cyber risk and compliance requirements.
    {{ DiscussionBoard.errors[6338252].message }}
  • Profile picture of the author Tech Diva
    There's a great plugin called Security Scan that helps to change the directory file names and give you an idea of the security level of your site.

    WordPress › WP Security Scan « WordPress Plugins
    {{ DiscussionBoard.errors[6358067].message }}
  • Profile picture of the author gabaSupplement
    Use the Plugins called "WP Security Scan" Its Good enough .
    {{ DiscussionBoard.errors[6358088].message }}
  • Profile picture of the author so11
    Hello,

    the WP plugin corrects only known and predefined issues, which by the way can be changed without any plugins. The problem is that we constantly modify our sites, content, configurations, install new plugins, etc. Thats what creates vulnerabilities! So, yes, WP security is nice, but thats just about it.

    regards,
    Signature
    www.groupesoloviev.com
    We help businesses manage cyber risk and compliance requirements.
    {{ DiscussionBoard.errors[6358794].message }}
  • Profile picture of the author visuallemon
    use wordpress security scan, run the scan and you can see what further steps you need to take to make your wordpress site a bit more secure.
    {{ DiscussionBoard.errors[6360721].message }}
  • Profile picture of the author andersvinther
    I recently had some security problems with my WordPress sites, and ended up doing a lot of research into securing WordPress sites...

    I have now written up my experiences in a comprehensive Security Checklist which can be downloaded for free from The WordPress Security Checklist.

    My checklist has quite a few items and detailed steps for how to get the job done.

    That might help you on the way...
    {{ DiscussionBoard.errors[6365583].message }}

Trending Topics