How to avoid security breach in your WordPress website? - PowerPoint PPT Presentation

Loading...

PPT – How to avoid security breach in your WordPress website? PowerPoint presentation | free to download - id: 8647d9-MzYyN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

How to avoid security breach in your WordPress website?

Description:

WordPress is an open source and there are more chances for someone to exploit your code, plugins. No worry, Here you can learn how to secure your wordpress website... – PowerPoint PPT presentation

Number of Views:13

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: How to avoid security breach in your WordPress website?


1
How to avoid security breach in your WordPress
website?
2
Introduction
  • No doubt that today worlds greatest content
    management system is WordPress . More than 75
    million websites built on WordPress till now and
    nearly 6 new posts / blogs are published every
    second.
  • WordPress is most popular business website today
    because it is,
  • Open source
  • Easy to access and manage
  • More theme and plugin options
  • SEO friendly
  • Blog
  • Over 29 thousand plugins developed, 98 versions
    and 75 million websites runs on WordPress. There
    are chances of websites are vulnerable to
    security attacks.

3
How to avoid security breach
  • Protect you login
  • Secure wp-config.php
  • Secure wp-content directory
  • Block search engine spiders in admin
  • Protect .htacess file
  • Install SSL certificate
  • Other Best Practices

4
  • Dear Readers, My apologies for the interruption
  • W2S Solutions have published few more topics,
    hope it will be helpful to you
  • 5 Inbound Marketing Strategies That Can Draw Your
    Customers Like Bees
  • 4 Tips for Automating Workflow
  • A Blueprint for Disruptive Thinking
  • Mobile App Development Trends to Look Out for in
    2017
  • How to hire a Chief Technology Officer for your
    business?
  • The Ultimate List of The Best Mobile APP
    Development Tools Infographics
  • Why W2S is an Enterprise Apps Development Company
  • Why Enterprises Should Build an Android App

5
Protect you login
  • Strong user name and password 8 of the total
    website is being hacked due to weaker password. I
    recommend having strong password with pattern as
    upper/lower keys, numbers and symbols. Something
    like catchSahara12!_at_. Keep changing it every 60
    days.
  • Limit login attempts Limit the number of failed
    login attempts and restrict IP after that. By
    blocking access to wp-login.php we can block
    unauthorized users, for this you need to edit
    .htacess file.
  • Delete Inactive User accounts
  • Update WordPress version, Themes and Plugins
  • Exploits may occur within days, its necessary to
    keep wordpress version, themes and plugins up to
    date.

6
Secure wp-config.php
  • All the keys and access information will be in
    wp-config.php file. By editing .htacess file in
    the root directory of wordpress we can secure
    wp-config.php. The following code denies everyone
    access to the wp-config.php file,
  • protect wp-config.php
  • ltfiles wp-config.phpgt
  • Order deny,allow
  • Deny from all
  • lt/filesgt
  • You can also add wordpress authentication keys to
    wp-config.php it helps better encryption of user
    data.

7
Secure wp-content directory
  • Specific users should only able to access
    specific files types within this directory. This
    file type includes .jpeg, .gif, .png, .js, .css,
    .xml. You need to limit the access, below code
    with help to allow access only to pictures,
    Javascripts, CSS and XML files not other data.
    This code should be implemented in .htacess file
    within the wp-content folder.
  • Order deny,allow
  • Deny from all
  • ltFiles .(xmlcssjpe?gpnggifjs)gt
  • Allow from all
  • lt/Filesgt

8
Block search engine spiders in admin
  • You should not index the admin section otherwise
    search engine spiders crawl over your entire
    content unless they are told no to do so. To
    prevent wordpress hack from blocking spiders from
    indexing, create a robots.txt file in root
    directory with following code,
  • User-agent
  • Disallow /cgi-bin
  • Disallow /wp-admin
  • Disallow /wp-includes
  • Disallow /wp-content/plugins/
  • Disallow /wp-content/cache/
  • Disallow /wp-content/themes/
  • Disallow /trackback/
  • Disallow /feed/
  • Disallow //feed/rss/
  • Disallow /category/

9
Protect .htacess file
  • .htaccess files are used to specify the security
    restrictions for the particular directory.
    Hypertext access allow for decentralized
    management of configuration when placed inside
    the web tree. To avoid .htaccess hacks include
    the below code in domain root .htaccess file.
  • STRONG HTACCESS PROTECTIONlt/codegt
  • ltFiles .\.(HhTtAa)gt
  • order allow,deny
  • deny from all
  • satisfy all
  • lt/Filesgt

10
Install SSL certificate
  • It allows you to login securely via https. This
    encrypts the data you and users to your site
    transfer via the site, such as when submitting
    contact forms or using login in pages. Otherwise,
    data is transferred like a postcard in the mail,
    meaning anyone whos looking can read it.
  • If you want to use HTTPS when logging into your
    WordPress dashboard, then you can use one of the
    codes below and add them to wp-config.php.
  • define(FORCE_SSL_LOGIN, true)
  • The code above forces WordPress to use SSL when
    logging into your administration panel but only
    when logging in. It does not enforce the use of
    SSL while using your dashboard.
  • Instead of doing this manually you can also just
    add a plugin like WordPress HTTPS (SSL)

11
Other Best Practices
  • Backup your files on regular basis
  • Install WP Security Scan
  • Change table prefix
  • Prevent directory browsing
  • Prevent script injection
  • Proper server without any virus
  • Dont login in public wifi networks
  • Use secure hosting
  • Hide dashboard login errors
  • Install WP firewall
  • Use SSH instead of FTP
  • Read more about Secure your wordpress website

12
NO.1, 1ST FLOOR, MRK ARCADE,        200 FEET
RADIAL ROAD, THORAIPAKKAM,CHENNAI, INDIA -
600097. PH 91 44-6050 6059   9820 IVALENES
HOPE DR,AUSTIN TX 78717.PH 1 512 375
4345   5838 BURBANK ROAD SE, CALGARY,ALBERTA,
CANADA T2H 1Z3 PH 1 403 926 3660 https//www.w
2ssolutions.com/ WORDPRESS WEBSITE DEVELOPMENT
SERVICES CHENNAI
About PowerShow.com