all wp security plugin: https://mega.nz/#F!WCIx3axS!G0YKkHi3vN2_qXHUNrnQyg
WordPress OPTIMIZATION-PART-02(WordPress advanced security & Hacking Protection)
FOR UR SITE SECURITY: wps-hide-login + itheme security + WORDFENCE
6 Premium Plugins – iThemes Security_Login Ninja_ Wordfence_Sucuri Security_WPS_WP OPT
https://youtu.be/JPwABrhD7rs
WP security – 01 | Wordfence Premium
Firewell & Malware Scanner and Security Hardening
https://mega.nz/file/mPYFgA4Y#enHeS3Be8QMN3HjNCsYdCeQ4cJCGfN4uxJ_LTLh5vaU
>> > Go dashboard > Resume Installation >> give email + Would you also like to join : NO -> Tick > Continue >>
>> At top right > Click here to Configure ->
>> Download htaccess > CONTINUE -> CLOSE
>> WordFence > firewall > manage firewall > Web Application Firewall Status > (From dropdown)Enable & Protect > Save Changes
>> Advanced Firewall Options -> Enable > Delay IP and Country blocking > save
>> From Dashboard > Wordfence > scan > Start Scan Now >>
>> Now see result -> if any virus found -> it will show the affected sites
>> just click -“Repare Reparable files” > if not possible
>> just click -“Repare Reparable files” > for single singe issue > > if still not possible
>> just click -“delete Reparable files” > if again not possible
>> delete affected theme & plugin files.
15 premium hacking protection
https://drive.google.com/open?id=1ncx4PHpym7G-VxzoFb9yUwM1kJ07RVtK
ACTIVITY: Security Check >> >> secure site > Activate Brute Force Protection > run security check > CLOSE
Feature -01: >> Database Backups
>> iThemes Security Pro > Settings >
>> Database Backup > Configure > Create Backup Full Database >> Tick/Check -> Backup Full Database – Enable
>> Backup Method -> Choose (Save Locally & Email)
>> Tick/Check -> Compress Backup Files > Zip Database Backups (Backups to Retain: 1 )
>> Check n enable -> Schedule Database Backups
>> Backup Interval -> 30 days >> save settings
Feature -02: >> Local Brute Force Protection
>> Local Brute Force Protection: Configure >
Max Login Attempts Per Host: 5
Max Login Attempts Per User: 7
Minutes to Remember Bad Login : 10 mints
Automatically ban “admin” user : TICK
Feature-03: Banned Users (HackRepair.com’s blacklist)
>> Ban User > Configure settings > Enable – Enable HackRepair.com’s blacklist feature > save
Feature-04: SSL (or use – WP security – 07 | REALLY SIMPLE SSL)
>> SSL > Enable -> Redirect All HTTP Page Requests to HTTPS > save
Feature-05: Hide backend
>> advanced> hidebackend – tick -> Login Slug: say – probesh_korun // Redirection Slug : 404 > save
Feature-06: WordPress Salts (A secret key makes your site harder to hack)
>> Enable – WordPress Salt (It will disable – multiple password trying option – by pnishing) > save
Auditing, Malware Scanner and Security Hardening
https://drive.google.com/open?id=1IiiKVcnbUY1TSsPhjQTe4um3pxxc05NZ
>> go to plugin
>> generate a key >> agree > check
>> see admin email is ok -> i agree > save
>> go dashboard > check any issue/ malware exist or not – red color files exists -> select all -> Tick.Check -> I Understand .. > delete
WP security – 04 | Login Ninja – Limit Login
HACK/PNISHING PROTECTION(Multi Login Attempt Block) + user access limit
https://mega.nz/#!3bhnwaiD!Kq7XNuZauy1X0-eP8E-KcVi5GN5edpgvGnPvqWqX4lY
>> settings > login ninja
1. Redirections – Tab
>> Redirections by user roles
>> admin – default /normal behaive
>> editot / contributor / author / Subscriber – Disable login
2. Setings > Ban rules >
>> Maximum number of failed login attempts before ban : 3 times > in 5 mints
>> Default ban time : 1 year
>> Banned users -> Can’t access whole site -> msg: You are banned 🙂
3. Settings > Captcha settings > enable
4. Setting > Other settings > Redirect URL on logout: change logout redirect url (www.youtube.com)
Hide login page
Free
>> after install >
> settings > wps hide login
>> Login url box: blank box e “put a word” like: “ma” // so
>> Redirection url : PUT 404
>> Disable – https://minhazulasif.com/wp-admin or /wp-login.php or /dashboard (this all login link will disabled and will redirect to 404 page
>> new login url: https://minhazulasif.com/ma (this is new login page – and only i know this link)
Mobile Authentication // get : https://we.tl/t-Ff8yY6dxcb
https://drive.google.com/open?id=1aXgSEXHJorPYO7OlPPWPnw1tCikyMnR1
>> wp dashoard > users > profile > YOU WIL GET A QR SCANNER
>> mobile > google play store > “FREE OTP” App download
>> open app > + scan WITH WORDPRESS USER> PROFILE > SCANNER
>> LETS TRY
>> minhazulasif.com/coming/wp-admin
>> authencation code will required which is generated at your mobile app
>> now click at the otp app > you will get password
>> use the 6 digit code > and login
Configures your website to run over https.
https://drive.google.com/open?id=1f-JFgK2czDGgu9iNLy4HMBWln8Oo4d_G
>> install & activate really somple ssl plugin
>> Now – enable SSL
>> Save
>> This will redirect – hrrp -> to https
IT WILL HIDE – WEB PLATFORM – CMS – TOOLS – PLUGIN (NO ONE CAN GUESS WHAT PLATFORM YOU USE – DONT EVEN GET THE PLUGIN YOU USE.
FREE : PLUGIN > ADD NEW > WP Hide & Security Enhancer
– https://whatwpthemeisthat.com/
– www.wpthemedetector.com
– www.isitwp.com
– www.whatruns.com
*** THESE SITES CAN TRACK – WHICH WEB PLATFORM IS USED AND WHAT ARE THE THEMES & PLUGINS // NOW WE WILL HIDE EVERYTHING
CONFIGURE PLUGIN
– wp dashboard > wp hide > rewrite
– themes > type “a” in the box > save // NB: WE CAN WRITE ANY WORD / NUMBER / ANYTHING IN THE BOX
– WP Includes > type “b” in the box > save
– WP Content > type “c” in the box > save
– WP Includes > type “d” in the box > save
– Plugins > type “e” in the box > save
*** SUMMERY: THUS ONE BY ONE – KEEP WRITING -a, b, c, d, e (WE CAN WRITE ANY WORD / NUMBER / ANYTHING IN THE BOX) – each time save that From bottom
** how this plugin hide all: the plugin will write/hide – the scructure folders of a CMS – PLugis – themes – so any outside tools can not open the inner contents
Recent WP Security Plugins:(More)
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
https://wordpress.org/plugins/gotmls/
https://www.sitelock.com/ap/affiliate-plans.php?ocode=MTY5LjMuMy4zLjAuMTMuMC4wLjAuMC4wLjA
MANUAL JOBS! 80% + – Google Page Speed Checker (Mobile – 80% + Desktop – 90%)
>> Install – chrome extension – “Lighthouse” > then check report ! see weakness area!
>> lighthouse – google 3rd party – who measure google page speed – they refer https://github.com/nodejs/Release
>> also https://chrome.google.com/webstore/detail/lighthouse/blipmdconlkpinefehnmjammfjpmpbjk
>> Async JavaScript – By Frank Goossens (futtta) (Render Block – JS – CSS)
>> Autoptimize – By Frank Goossens (futtta) (Render Block – JS – CSS)
>> Wp Rocket
>> Wp Smash Pro – Image Optimize
Check For Virus/ Malware
https://virusscan.jotti.org
https://www.virustotal.com
https://transparencyreport.google.com/safe-browsing/search?hl=en
cpanel> Virus Scanner > home directory > scan > it will show the infected files >>
Install Free Plugin > https://wordpress.org/plugins/secupress/
if shell/malware/adware – They are dangerous
ASSIGNMENT
CMBD-05 assignment no – 25
ZYRA theme – install + activate + any one demo upload +
Now – wp security – 6 plugins – install & do all steps _ and secure the site
take snap of 6 plugins and upload the snaps – at a google docs
and submit the doc ….. link
Get zyra theme: https://drive.google.com/drive/folders/1LMivo8wlUiqa1cKXpZWXZwObwYG58U8K?usp=sharing
Get wp security all in one google sheet: https://docs.google.com/spreadsheets/d/1gNJgyLTYpsf-0PcpEg3zQJd4Uz7bMIvxMzeH4iD9zCQ/edit?usp=sharing

LEAVE A REPLY

Please enter your comment!
Please enter your name here