Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Come here to learn from top industry professionals. SEO, Content Management, Automation, Marketing, and much more!

 
Thread Tools
Old 12-03-2012, 05:11 PM   #1
Mr Pheer
Mark Osterholt Sucks Cock
 
Mr Pheer's Avatar
 
Industry Role:
Join Date: Dec 2002
Location: In your AirBNB
Posts: 19,507
Securing your Wordpress Installation

Most people seem to use Wordpress these days for just about any type of website. It's free, it's easy to use, and there are tons of plugins to make it do just about anything you want it to do. It's popularity also makes it a big target for hackers and spammers that want to either take your website down or inject code into it for spamming purposes.

But your website doesnt have to be an easy target for the hackers & spammers. Securing wordpress is fairly easy, if you know what to do.

Here are seven simple steps to lock down your Wordpress site againt the majority of exploits and SQL injection attacks.


Step 1 - Change Administrator Account Name.

Leaving ?admin? as the username for the administrator account can be asecurity risk.

You can now change this to something different using the Admin Renamer Extended plugin.

Once you have installed and activated this plugin the standard way, click on the Settings link in the Admin Renamer Extended plugin listing on the Plugins page.

The plugin will show all administrator accounts - there should only be
one listing for your WordPress installation.

1. Type in a new name for the administrator account.
2. Click the Update button.
3. You should logout and log back in with this new administrator account (the password will still be the same).



Step 2 - Update Unique Keys in your wp-config.php file.

Unique Keys makes your site harder to hack and access harder to crack by adding random elements to passwords. These secret keys are stored in the WordPress settings file wp-config.php.

You can update these unique keys by installing the Update Unique Keys plugin in the standard way. The settings page for the plugin is available on the Settings menu. You just have to click the Update button.

This plugin will automatically set and update the Authenication Unique Keys in the wp-config.php file. You must log out and log back in after this update.



Step 3 - Change Administrator Account Password.

You should now change the administrator account password to something more secure.

Go to your profile by using the Users→Your Profile menu.

You can update your password at the base of this screen and click the Update Profile button to save.



Step 4 - Change WordPress Database Prefix in your database and remove the WordPress Version from your WordPress head section.

You can check the security of your WordPress installation by downloading and installing the Better WP Security plugin.

This plugin will fix many issues and you may not need all the fixes. However, you should at least consider the following:
  • Using this plugin to remove the WordPress version being displayed in
    the WordPress head section as this is a security risk.
  • Rename the default WordPress tables in the database from having the prefix ?wp? - this is also a security risk.

Once installed, the plugin will add a Security menu item on the WordPress menu. Click on this menu item and click the link beside the ?Your table prefix should not be wp_? item.

On the resulting page just click on the Change Database Table Prefix button. This will fix the database prefix issue. You will probably want to make a backup of your database before doing this, unless this is a new site that you are building.

Go back to the Security menu and click on the link beside the ?Your WordPress header is showing too much information...? item.

On the resulting page, check the Remove WordPress Generator... checkbox and click the Save button at the base of the page.



Step 5 - Stop SQL Injection Attacks.

SQL injection is a hacking technique that exploits security vulnerabilities occurring in the database layer of a web site.

Install the WordPress Firewall 2 plugin to identify and stop the most obvious SQL injection hacking attempts against WordPress.

Once installed and activated, you can click on the Settings links on the WordPress Firewall 2 plugin listing.

The default settings on the Firewall Options screen should be fine, you just need to click on the Set Security Filters button.



Step 6 - Stop Comment Spam.

Comment spam is endemic on the internet. You should install a plugin to filter the spam comments from the real comments.

Antispam Bee is a free WordPress antispam plugin that comes highly recommended. Once installed and activated, you can find the Antispam Bee plugin menu under the Settings menu.

Simply click on the Save Changes button here to stop comment spam.



Step 7 - Check your permalink settings.

By default WordPress uses URLs which have question marks and numbers in them which look ugly. However WordPress offers you the ability to create a custom URL structure for your permalinks (short for "permanent link").

Go to the Settings Permalinks Screen using the Settings→Permalink
menu item.

Tick the bottom option that says Custom Structure.

Make your changes and click the ?Save Changes? button.

Tip: A simple and useful permalink structure is
%post_id%/%postname%/

This will provide good SEO benefits and performs well.
__________________
PHEER FOR YO LIFE!!!!
Mr Pheer is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.