| all wp security plugin: https://mega.nz/#F!WCIx3axS!G0YKkHi3vN2_qXHUNrnQyg |
| WordPress OPTIMIZATION-PART-02(WordPress advanced security & Hacking Protection) |
| FOR UR SITE SECURITY: wps-hide-login + itheme security + WORDFENCE |
| 6 Premium Plugins – iThemes Security_Login Ninja_ Wordfence_Sucuri Security_WPS_WP OPT |
| https://youtu.be/JPwABrhD7rs |
| WP security – 01 | Wordfence Premium |
| Firewell & Malware Scanner and Security Hardening |
| https://mega.nz/file/mPYFgA4Y#enHeS3Be8QMN3HjNCsYdCeQ4cJCGfN4uxJ_LTLh5vaU |
| >> > Go dashboard > Resume Installation >> give email + Would you also like to join : NO -> Tick > Continue >> |
| >> At top right > Click here to Configure -> |
| >> Download htaccess > CONTINUE -> CLOSE |
|
>> WordFence > firewall > manage firewall > Web Application Firewall Status > (From dropdown)Enable & Protect > Save Changes
|
| >> Advanced Firewall Options -> Enable > Delay IP and Country blocking > save |
| >> From Dashboard > Wordfence > scan > Start Scan Now >> |
| >> Now see result -> if any virus found -> it will show the affected sites |
| >> just click -“Repare Reparable files” > if not possible |
| >> just click -“Repare Reparable files” > for single singe issue > > if still not possible |
| >> just click -“delete Reparable files” > if again not possible |
| >> delete affected theme & plugin files. |
| 15 premium hacking protection |
| https://drive.google.com/open?id=1ncx4PHpym7G-VxzoFb9yUwM1kJ07RVtK |
| ACTIVITY: Security Check >> >> secure site > Activate Brute Force Protection > run security check > CLOSE |
| Feature -01: >> Database Backups |
| >> iThemes Security Pro > Settings > |
| >> Database Backup > Configure > Create Backup Full Database >> Tick/Check -> Backup Full Database – Enable |
| >> Backup Method -> Choose (Save Locally & Email) |
| >> Tick/Check -> Compress Backup Files > Zip Database Backups (Backups to Retain: 1 ) |
| >> Check n enable -> Schedule Database Backups |
| >> Backup Interval -> 30 days >> save settings |
| Feature -02: >> Local Brute Force Protection |
| >> Local Brute Force Protection: Configure > Max Login Attempts Per Host: 5 Max Login Attempts Per User: 7 Minutes to Remember Bad Login : 10 mints Automatically ban “admin” user : TICK |
| Feature-03: Banned Users (HackRepair.com’s blacklist) |
| >> Ban User > Configure settings > Enable – Enable HackRepair.com’s blacklist feature > save |
| Feature-04: SSL (or use – WP security – 07 | REALLY SIMPLE SSL) |
| >> SSL > Enable -> Redirect All HTTP Page Requests to HTTPS > save |
| Feature-05: Hide backend |
| >> advanced> hidebackend – tick -> Login Slug: say – probesh_korun // Redirection Slug : 404 > save |
| Feature-06: WordPress Salts (A secret key makes your site harder to hack) |
| >> Enable – WordPress Salt (It will disable – multiple password trying option – by pnishing) > save |
| Auditing, Malware Scanner and Security Hardening |
| https://drive.google.com/open?id=1IiiKVcnbUY1TSsPhjQTe4um3pxxc05NZ |
| >> go to plugin |
| >> generate a key >> agree > check |
| >> see admin email is ok -> i agree > save |
| >> go dashboard > check any issue/ malware exist or not – red color files exists -> select all -> Tick.Check -> I Understand .. > delete |
| WP security – 04 | Login Ninja – Limit Login |
| HACK/PNISHING PROTECTION(Multi Login Attempt Block) + user access limit |
| https://mega.nz/#!3bhnwaiD!Kq7XNuZauy1X0-eP8E-KcVi5GN5edpgvGnPvqWqX4lY |
| >> settings > login ninja |
| 1. Redirections – Tab |
| >> Redirections by user roles |
| >> admin – default /normal behaive |
| >> editot / contributor / author / Subscriber – Disable login |
| 2. Setings > Ban rules > |
| >> Maximum number of failed login attempts before ban : 3 times > in 5 mints |
| >> Default ban time : 1 year |
| >> Banned users -> Can’t access whole site -> msg: You are banned 🙂 |
| 3. Settings > Captcha settings > enable |
| 4. Setting > Other settings > Redirect URL on logout: change logout redirect url (www.youtube.com) |
| Hide login page |
| Free |
| >> after install > |
| > settings > wps hide login |
| >> Login url box: blank box e “put a word” like: “ma” // so |
| >> Redirection url : PUT 404 |
| >> Disable – https://minhazulasif.com/wp-admin or /wp-login.php or /dashboard (this all login link will disabled and will redirect to 404 page |
| >> new login url: https://minhazulasif.com/ma (this is new login page – and only i know this link) |
| Mobile Authentication // get : https://we.tl/t-Ff8yY6dxcb |
| https://drive.google.com/open?id=1aXgSEXHJorPYO7OlPPWPnw1tCikyMnR1 |
| >> wp dashoard > users > profile > YOU WIL GET A QR SCANNER |
| >> mobile > google play store > “FREE OTP” App download |
| >> open app > + scan WITH WORDPRESS USER> PROFILE > SCANNER |
| >> LETS TRY |
| >> minhazulasif.com/coming/wp-admin |
| >> authencation code will required which is generated at your mobile app |
| >> now click at the otp app > you will get password |
| >> use the 6 digit code > and login |
| Configures your website to run over https. |
| https://drive.google.com/open?id=1f-JFgK2czDGgu9iNLy4HMBWln8Oo4d_G |
| >> install & activate really somple ssl plugin |
| >> Now – enable SSL |
| >> Save |
| >> This will redirect – hrrp -> to https |
| IT WILL HIDE – WEB PLATFORM – CMS – TOOLS – PLUGIN (NO ONE CAN GUESS WHAT PLATFORM YOU USE – DONT EVEN GET THE PLUGIN YOU USE. |
| FREE : PLUGIN > ADD NEW > WP Hide & Security Enhancer |
| – https://whatwpthemeisthat.com/ |
| – www.wpthemedetector.com |
| – www.isitwp.com |
| – www.whatruns.com |
| *** THESE SITES CAN TRACK – WHICH WEB PLATFORM IS USED AND WHAT ARE THE THEMES & PLUGINS // NOW WE WILL HIDE EVERYTHING |
| CONFIGURE PLUGIN |
| – wp dashboard > wp hide > rewrite |
| – themes > type “a” in the box > save // NB: WE CAN WRITE ANY WORD / NUMBER / ANYTHING IN THE BOX |
| – WP Includes > type “b” in the box > save |
| – WP Content > type “c” in the box > save |
| – WP Includes > type “d” in the box > save |
| – Plugins > type “e” in the box > save |
|
*** SUMMERY: THUS ONE BY ONE – KEEP WRITING -a, b, c, d, e (WE CAN WRITE ANY WORD / NUMBER / ANYTHING IN THE BOX) – each time save that From bottom
|
|
** how this plugin hide all: the plugin will write/hide – the scructure folders of a CMS – PLugis – themes – so any outside tools can not open the inner contents
|
| Recent WP Security Plugins:(More) |
| https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ |
| https://wordpress.org/plugins/gotmls/ |
| https://www.sitelock.com/ap/affiliate-plans.php?ocode=MTY5LjMuMy4zLjAuMTMuMC4wLjAuMC4wLjA |
| MANUAL JOBS! 80% + – Google Page Speed Checker (Mobile – 80% + Desktop – 90%) |
| >> Install – chrome extension – “Lighthouse” > then check report ! see weakness area! |
| >> lighthouse – google 3rd party – who measure google page speed – they refer https://github.com/nodejs/Release |
| >> also https://chrome.google.com/webstore/detail/lighthouse/blipmdconlkpinefehnmjammfjpmpbjk |
| >> Async JavaScript – By Frank Goossens (futtta) (Render Block – JS – CSS) |
| >> Autoptimize – By Frank Goossens (futtta) (Render Block – JS – CSS) |
| >> Wp Rocket |
| >> Wp Smash Pro – Image Optimize |
| Check For Virus/ Malware |
| https://virusscan.jotti.org |
| https://www.virustotal.com |
| https://transparencyreport.google.com/safe-browsing/search?hl=en |
| cpanel> Virus Scanner > home directory > scan > it will show the infected files >> |
| Install Free Plugin > https://wordpress.org/plugins/secupress/ |
| if shell/malware/adware – They are dangerous |
| ASSIGNMENT |
| CMBD-05 assignment no – 25 |
| ZYRA theme – install + activate + any one demo upload + |
| Now – wp security – 6 plugins – install & do all steps _ and secure the site |
| take snap of 6 plugins and upload the snaps – at a google docs |
| and submit the doc ….. link |
| Get zyra theme: https://drive.google.com/drive/folders/1LMivo8wlUiqa1cKXpZWXZwObwYG58U8K?usp=sharing |
| Get wp security all in one google sheet: https://docs.google.com/spreadsheets/d/1gNJgyLTYpsf-0PcpEg3zQJd4Uz7bMIvxMzeH4iD9zCQ/edit?usp=sharing |
