Personal Blog of

Minhazul Asif

Personal Blog of

Minhazul Asif

WordPress Security Hacking Protecting Malware Detection for wordpress website

WordPress Security Hacking Protecting Malware Detection for wordpress website
all wp security plugin: https://mega.nz/#F!WCIx3axS!G0YKkHi3vN2_qXHUNrnQyg
WordPress OPTIMIZATION-PART-02(WordPress advanced security & Hacking Protection)
FOR UR SITE SECURITY: wps-hide-login + itheme security + WORDFENCE
6 Premium Plugins – iThemes Security_Login Ninja_ Wordfence_Sucuri Security_WPS_WP OPT
https://youtu.be/JPwABrhD7rs
WP security – 01 | Wordfence Premium
Firewell & Malware Scanner and Security Hardening
https://mega.nz/file/mPYFgA4Y#enHeS3Be8QMN3HjNCsYdCeQ4cJCGfN4uxJ_LTLh5vaU
>> > Go dashboard > Resume Installation >> give email + Would you also like to join : NO -> Tick > Continue >>
>> At top right > Click here to Configure ->
>> Download htaccess > CONTINUE -> CLOSE
>> WordFence > firewall > manage firewall > Web Application Firewall Status > (From dropdown)Enable & Protect > Save Changes
>> Advanced Firewall Options -> Enable > Delay IP and Country blocking > save
>> From Dashboard > Wordfence > scan > Start Scan Now >>
>> Now see result -> if any virus found -> it will show the affected sites
>> just click -“Repare Reparable files” > if not possible
>> just click -“Repare Reparable files” > for single singe issue > > if still not possible
>> just click -“delete Reparable files” > if again not possible
>> delete affected theme & plugin files.
15 premium hacking protection
https://drive.google.com/open?id=1ncx4PHpym7G-VxzoFb9yUwM1kJ07RVtK
ACTIVITY: Security Check >> >> secure site > Activate Brute Force Protection > run security check > CLOSE
Feature -01: >> Database Backups
>> iThemes Security Pro > Settings >
>> Database Backup > Configure > Create Backup Full Database >> Tick/Check -> Backup Full Database – Enable
>> Backup Method -> Choose (Save Locally & Email)
>> Tick/Check -> Compress Backup Files > Zip Database Backups (Backups to Retain: 1 )
>> Check n enable -> Schedule Database Backups
>> Backup Interval -> 30 days >> save settings
Feature -02: >> Local Brute Force Protection
>> Local Brute Force Protection: Configure >
Max Login Attempts Per Host: 5
Max Login Attempts Per User: 7
Minutes to Remember Bad Login : 10 mints
Automatically ban “admin” user : TICK
Feature-03: Banned Users (HackRepair.com’s blacklist)
>> Ban User > Configure settings > Enable – Enable HackRepair.com’s blacklist feature > save
Feature-04: SSL (or use – WP security – 07 | REALLY SIMPLE SSL)
>> SSL > Enable -> Redirect All HTTP Page Requests to HTTPS > save
Feature-05: Hide backend
>> advanced> hidebackend – tick -> Login Slug: say – probesh_korun // Redirection Slug : 404 > save
Feature-06: WordPress Salts (A secret key makes your site harder to hack)
>> Enable – WordPress Salt (It will disable – multiple password trying option – by pnishing) > save
Auditing, Malware Scanner and Security Hardening
https://drive.google.com/open?id=1IiiKVcnbUY1TSsPhjQTe4um3pxxc05NZ
>> go to plugin
>> generate a key >> agree > check
>> see admin email is ok -> i agree > save
>> go dashboard > check any issue/ malware exist or not – red color files exists -> select all -> Tick.Check -> I Understand .. > delete
WP security – 04 | Login Ninja – Limit Login
HACK/PNISHING PROTECTION(Multi Login Attempt Block) + user access limit
https://mega.nz/#!3bhnwaiD!Kq7XNuZauy1X0-eP8E-KcVi5GN5edpgvGnPvqWqX4lY
>> settings > login ninja
1. Redirections – Tab
>> Redirections by user roles
>> admin – default /normal behaive
>> editot / contributor / author / Subscriber – Disable login
2. Setings > Ban rules >
>> Maximum number of failed login attempts before ban : 3 times > in 5 mints
>> Default ban time : 1 year
>> Banned users -> Can’t access whole site -> msg: You are banned 🙂
3. Settings > Captcha settings > enable
4. Setting > Other settings > Redirect URL on logout: change logout redirect url (www.youtube.com)
Hide login page
Free
>> after install >
> settings > wps hide login
>> Login url box: blank box e “put a word” like: “ma” // so
>> Redirection url : PUT 404
>> Disable – https://minhazulasif.com/wp-admin or /wp-login.php or /dashboard (this all login link will disabled and will redirect to 404 page
>> new login url: https://minhazulasif.com/ma (this is new login page – and only i know this link)
Mobile Authentication // get : https://we.tl/t-Ff8yY6dxcb
https://drive.google.com/open?id=1aXgSEXHJorPYO7OlPPWPnw1tCikyMnR1
>> wp dashoard > users > profile > YOU WIL GET A QR SCANNER
>> mobile > google play store > “FREE OTP” App download
>> open app > + scan WITH WORDPRESS USER> PROFILE > SCANNER
>> LETS TRY
>> minhazulasif.com/coming/wp-admin
>> authencation code will required which is generated at your mobile app
>> now click at the otp app > you will get password
>> use the 6 digit code > and login
Configures your website to run over https.
https://drive.google.com/open?id=1f-JFgK2czDGgu9iNLy4HMBWln8Oo4d_G
>> install & activate really somple ssl plugin
>> Now – enable SSL
>> Save
>> This will redirect – hrrp -> to https
IT WILL HIDE – WEB PLATFORM – CMS – TOOLS – PLUGIN (NO ONE CAN GUESS WHAT PLATFORM YOU USE – DONT EVEN GET THE PLUGIN YOU USE.
FREE : PLUGIN > ADD NEW > WP Hide & Security Enhancer
– https://whatwpthemeisthat.com/
– www.wpthemedetector.com
– www.isitwp.com
– www.whatruns.com
*** THESE SITES CAN TRACK – WHICH WEB PLATFORM IS USED AND WHAT ARE THE THEMES & PLUGINS // NOW WE WILL HIDE EVERYTHING
CONFIGURE PLUGIN
– wp dashboard > wp hide > rewrite
– themes > type “a” in the box > save // NB: WE CAN WRITE ANY WORD / NUMBER / ANYTHING IN THE BOX
– WP Includes > type “b” in the box > save
– WP Content > type “c” in the box > save
– WP Includes > type “d” in the box > save
– Plugins > type “e” in the box > save
*** SUMMERY: THUS ONE BY ONE – KEEP WRITING -a, b, c, d, e (WE CAN WRITE ANY WORD / NUMBER / ANYTHING IN THE BOX) – each time save that From bottom
** how this plugin hide all: the plugin will write/hide – the scructure folders of a CMS – PLugis – themes – so any outside tools can not open the inner contents
Recent WP Security Plugins:(More)
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
https://wordpress.org/plugins/gotmls/
https://www.sitelock.com/ap/affiliate-plans.php?ocode=MTY5LjMuMy4zLjAuMTMuMC4wLjAuMC4wLjA
MANUAL JOBS! 80% + – Google Page Speed Checker (Mobile – 80% + Desktop – 90%)
>> Install – chrome extension – “Lighthouse” > then check report ! see weakness area!
>> lighthouse – google 3rd party – who measure google page speed – they refer https://github.com/nodejs/Release
>> also https://chrome.google.com/webstore/detail/lighthouse/blipmdconlkpinefehnmjammfjpmpbjk
>> Async JavaScript – By Frank Goossens (futtta) (Render Block – JS – CSS)
>> Autoptimize – By Frank Goossens (futtta) (Render Block – JS – CSS)
>> Wp Rocket
>> Wp Smash Pro – Image Optimize
Check For Virus/ Malware
https://virusscan.jotti.org
https://www.virustotal.com
https://transparencyreport.google.com/safe-browsing/search?hl=en
cpanel> Virus Scanner > home directory > scan > it will show the infected files >>
Install Free Plugin > https://wordpress.org/plugins/secupress/
if shell/malware/adware – They are dangerous
ASSIGNMENT
CMBD-05 assignment no – 25
ZYRA theme – install + activate + any one demo upload +
Now – wp security – 6 plugins – install & do all steps _ and secure the site
take snap of 6 plugins and upload the snaps – at a google docs
and submit the doc ….. link
Get zyra theme: https://drive.google.com/drive/folders/1LMivo8wlUiqa1cKXpZWXZwObwYG58U8K?usp=sharing
Get wp security all in one google sheet: https://docs.google.com/spreadsheets/d/1gNJgyLTYpsf-0PcpEg3zQJd4Uz7bMIvxMzeH4iD9zCQ/edit?usp=sharing

Share on -

Related Articles

minhazul asif

আমি মিনহাজুল আসিফ,

Entrepreneur, Instructor, Web Developer, Freelancer & Cyber Sucurity Expert.

নিজের আইডিয়া গুলো সবার সাথে শেয়ার করার জন্য এই ব্লগ ওয়েবসাইট তৈরী করা। আশা করি আমার ব্লগ পড়ে অনেকেই উপকৃত হবে।

ক্যাটাগরি সমূহ: