Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Best4Hack

Best4Hack is the site where you can learn Ethical Hacking and Cracking get latest Tips and Tricks free Hacked and Cracked Software get SEO.

Showing posts with label WordPress Tips and Tricks. Show all posts
Showing posts with label WordPress Tips and Tricks. Show all posts

Friday, 2 August 2013

How To Secure Your WordPress With .htacess

Secure Your WordPress With .htacess


WordPress world is panicking. A lot of security breaches have been reported recently and it is important to take every precaution not become the next website on hackers’ list. It’s up to you to make your WordPress as secure as possible and minimize the risk of spending hours on the phone with your hosting company, trying to get your credentials back.

There are several ways of making your WordPress secure (using WordPress best practices, security plugins, content delivery networks…) and configuring your .htaccess is just one of them, the one that belongs to the domain of prevention.

Configuring .htaccess

.htacess is a configuration file that allows you to override your server’s global settings for the directory that it’s in, by limitting file access.

There’s a couple of ways you can access it:
  • Find it in the root of your website
  • Edit it using WordPress SEO plugin by Yoast
Here’s a piece of code generated by WordPress and you’ll find it in almost every .htaccess file:



Anything else you decide to apply to harden WordPress security should be added after this.

 

Protect wp-config.php :-

WordPress best practices suggest you protect your wp-config.php file and you can do that by adding:


 

Prevent Directory Browsing :-

You know how you can change a few characters in a URL and continue browsing the website. With this code you’ll prevent any directory browsing:


 

Disable any Hotlinking :-

Sometimes other (non-ethical) site curators will try to use your images and videos and put a strain on your serves, which uses your disk space and bandwidth. While this is not in the domain of WordPress security, it will certainly help your website’s overall health. Adding this to your .htaccess will prevent hotlinking from happening:



note: Be sure to change “YourDomain” with your domain address and leave out the “www” part

If you need to allow certain websites to use your images, then you can use this online tool for generating the anti hotlinking code where you can define various parameters.

 

Protect /wp-content Directory :-

WordPress holds all your media files in here and they’re an asset you want search engines to crawl. But, “/wp-content” is a place where your themes and plugins reside, too. You don’t want to allow access to those sensitive .php files.

In order to work you need to create a separate .htaccess file (just use your FTP client and create a file with no name and give it an “.htaccess” extension) and put it in your /wp-content directory. This code will allow access to images, CSS, java-script and XML files, but deny it for any other type.



That’s it. Your WordPress website should be a lot safer place now. There’s just one last thing we should do and that’s protecting the .htaccess file(s).

Protect the .htaccess Itself :-

We’ve done a lot to protect WordPress, but the .htaccess file itself is still open to attacks. The following code snippet will stop anyone from accessing (reading or writing) any file that starts with “hta“.



While you can install various WordPress security plugins, sign-up for monitoring services and content delivery networks which filter your traffic, configuring .htaccess file so it strengthens your WordPress security is a good step toward that peace of mind every website owner needs.

Prevention is often the best cure.

Note: Making changes to .htaccess should be pretty relaxing job, but if you use plugins (ex. WordPress SEO) for configuring .htaccess, please make sure to also have FTP credentials, just in case you need to directly access and reconfigure it.

Tuesday, 4 December 2012

Best Plugins to Keep Your WordPress Site Secure

Hii guys welcome to Best4Hack
As we no that WordPress are the most popular open source blogging platform by which you can build your website/blog in few minutes. More than 50% of the total websites available online are on the WordPress.
As we or many of us no that there are vulnerabilities present in this open source tool and that is the reason the many Attacks are done by Hacker on WordPress and many of that sites are get hacked because of no security. So there is plenty of plugins available and provided on WordPress to keep your word press site safe and secure.So i m going to share some security plugins to keep you WordPress safe and secure.

  • WP Security Scan

    WP Security Scan checks your WordPress website/blog for security vulnerabilities and suggests corrective actions such as:
          List of features include:
  1. Passwords
  2. File permissions
  3. Database security
  4. Version hiding
  5. WordPress admin protection/security
  6. Removes WP Generator META tag from core code
It will also let you monitors your blog or website malware activities. This plug-in is developed by the websitedefender.com.

Requirements

  • WordPress version 3.0 and higher (tested with 3.2.1, 3.3)
  • PHP5 (tested with PHP Interpreter >= 5.2.9)
  • Better WP Security

     Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.
    With one-click activation for most features as well as advanced features for experienced users Better WP Security can help protect any site.
    Just hiding parts of your site is helpful but won't stop everything. After we hide sensitive areas of the sites we'll protect it by blocking users that shouldn't be there and increasing the security of passwords and other vital information.

     List of features include:

  1. Scan your site to instantly tell where vulnerabilities are and fix them in seconds
  2. Ban troublesome bots and other hosts
  3. Ban troublesome user agents
  4. Prevent brute force attacks by banning hosts and users with too many invalid login attempts
  5. Strengthen server security
  6. Enforce strong passwords for all accounts of a configurable minimum role
  7. Force SSL for admin pages (on supporting servers)
  8. Force SSL for any page or post (on supporting servers)
  9. Turn off file editing from within WordPress admin area
  10. Detect and block numerous attacks to your filesystem and database

  • LockerPress Wordpress Security

    LockerPress WordPress Security protects your WordPress site from Hackers by offering a variety of solutions that allows you to customize areas of WordPress that normally are not easy to manipulate. We takes focus on WordPress Security and being able to offer solutions to the community - whether you're a big site or a small one.
    It's very unfortunate that there are Hackers and Bots trying to attack websites and retrieve sensitive information - they also try to destroy the contents of your website.
          List of features include:
  1. WordPress MU compatible (developer license only)
  2. Custom Login URL
  3. Change Admin User
  4. Set Hack/Ban Settings
  5. Email Notification of Failed Login Attempts
  6. Enable HTTP Authentication
  7. 1 Click Upgrade
  8. Enable reCAPTCHA on Login Page
  9. Hide errors on user/password logins
  10. Disable Right-Click
  11. Set UnBan URL w/ Password
  12. Set # of Failed Login Attempts
  13. Set Specific # of Minutes for Ban
  14. Custom Message for Hacker
  15. Change Database Prefix


  • BulletProof Security

     WordPress Website Security Protection: BulletProof Security protects your WordPress website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. One-click .htaccess WordPress security protection. Protects wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection. One-click Website Maintenance Mode (HTTP 503). Additional website security checks: DB errors off, file and folder permissions check... System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, DNS, Max Upload... Built-in .htaccess file editing, uploading and downloading.

     

    List of features include:

  1. One-click .htaccess website security protection from within the WP Dashboard
  2. .htaccess security protection against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts
  3. .htaccess file backup and restore
  4. .htaccess Lock / Unlock (404 Read-Only)
  5. .htaccess AutoLock On or Off
  6. Automatic .htaccess file updating on upgrade installation
  7. New .htaccess security filters automatically added during upgrade
  8. No need to reactivate BulletProof Modes when upgrading
  9. WP Dashboard Alerts - Root and wp-admin .htaccess file checks
  10. Anti Comment Spam .htaccess code - works together with Akismet or other Spam plugins to keep Comment Spam at a minimum
  11. Anti Comment Spambot .htaccess code - Forbid Empty Referrer Spambots
  12. TimThumb Vulnerability/Exploit .htaccess coding
  13. Built-in File Editing, File Downloading and File Uploading
  14. Custom Code feature that permanently saves and writes your personal custom .htaccess code
  15. WordPress readme.html and /wp-admin/install.php protected with .htaccess security protection
  16. wp-config.php and bb-config.php files protected with .htaccess security protection
  17. php.ini and php5.ini files protected with .htaccess security protection
  18. WordPress database errors turned off - Verification and function insurance
  19. WordPress version is not displayed / not shown - WordPress version is removed
  20. WP Generator Meta Tag filtered - not displayed / not shown
  21. WP DB default admin username / account check
  22. System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, DNS, Max Upload, Zend Engine Version, Zend Guard/Optimizer, ionCube Loader, Suhosin, APC, eAccelerator, XCache, Varnish, Memcache and Memcached
  23. Security Status Page - Displays website security status information
  24. File and Folder Permission Checking - CGI / DSO SAPI check / display
  25. Help & FAQ page - links to BPS Guide and other detailed Help & Info pages
  26. Extensive Read Me! jQuery Dialog Help buttons throughout the BulletProof Security plugin pages
  27. Backup and Restore existing .htaccess files
  28. Backup and Restore customized / modified .htaccess files
  29. Add to, Edit, Modify the provided BulletProof Security .htaccess Master files
  30. Create your own .htaccess Master files or code and use BulletProof Security as an .htaccess file manager
  31. Website Developer Maintenance Mode (503 website open to Developer / Site Owner ONLY)
  32. Log in / out of your website while in Maintenance Mode
  33. Customizable 503 Website Under Maintenance page
  34. HUD Success / Error message display
  35. i18n Language Translation coding


  • WordPress Database Backup

    WP-DB-Backup allows you easily to backup your core WordPress database tables. You may also backup other tables in the same database.


Related Posts Plugin for WordPress, Blogger...