WordPress security & Hacking Protection - minhazulasif/codemanbd GitHub Wiki

WordPress OPTIMIZATION(WordPress advanced security & Hacking Protection)

Get wp security all in one google sheet: https://docs.google.com/spreadsheets/d/1gNJgyLTYpsf-0PcpEg3zQJd4Uz7bMIvxMzeH4iD9zCQ/edit?usp=sharing

FOR UR SITE SECURITY: wps-hide-login + itheme security + WORDFENCE

Video: https://youtu.be/JPwABrhD7rs

WP security - 01 | Wordfence Premium

Firewell & Malware Scanner and Security Hardening

Go dashboard > Resume Installation give email + by checking -> Tick > Continue >>

At top > Click here to Configure ->

Download htaccess > CONTINUE -> CLOSE

Web Application Firewall Status > (From dropdown)Enable & Protect > Save Changes

Advanced Firewall Options -> Enable Delay IP and Country blocking > save

From Dashboard > Wordfence > scan > Start Scan Now >>

Now see result -> if any virus found -> it will show the affected sites

just click -"Repare Reparable files" > if not possible

just click -"Repare Reparable files" > for single singe issue > > if still not possible

just click -"delete Reparable files" > if again not possible

delete affected theme & plugin files.

WP security - 02 | iThemes Security Pro

15 premium hacking protection

https://drive.google.com/open?id=1ncx4PHpym7G-VxzoFb9yUwM1kJ07RVtK

ACTIVITY: Security Check >> >> secure site > Activate Brute Force Protection > run security check > CLOSE

Feature -01: >> Database Backups

iThemes Security Pro > Settings >

Database Backup > Configure > Create Backup Full Database >> Tick/Check -> Backup Full Database - Enable

Backup Method -> Choose (Save Locally & Email)

Tick/Check -> Compress Backup Files > Zip Database Backups (Backups to Retain: 1 )

Check n enable -> Schedule Database Backups

Backup Interval -> 30 days >> save settings

Feature -02: >> Local Brute Force Protection

">> Local Brute Force Protection: Configure >

Max Login Attempts Per Host: 3

Max Login Attempts Per User: 7

Minutes to Remember Bad Login : 5 mints

Automatically ban ""admin"" user : TICK "

Feature-03: Banned Users (HackRepair.com's blacklist)

Ban User > Configure settings > Enable - Enable HackRepair.com's blacklist feature > save

Feature-04: SSL (or use - WP security - 07 | REALLY SIMPLE SSL)

SSL > Enable -> Redirect All HTTP Page Requests to HTTPS

Save settings - and see - your website - not secure is - showing - "SECURE NOW" - SSL ENABLED!

Feature-05: WordPress Salts (A secret key makes your site harder to hack)

Enable - WordPress Salt (It will disable - multiple password trying option - by pnishing) > save

WP security - 03 | Sucuri Security Premium

Auditing, Malware Scanner and Security Hardening

https://drive.google.com/open?id=1IiiKVcnbUY1TSsPhjQTe4um3pxxc05NZ

go to plugin

generate a key >> agree > check

see admin email is ok -> i agree > save

go dashboard > check any issue/ malware exist or not - red color files exists select all -> Tick.Check -> I Understand .. > delete

WP security - 04 | Login Ninja - Limit Login

HACK/PNISHING PROTECTION(Multi Login Attempt Block) + user access limit

https://mega.nz/#!3bhnwaiD!Kq7XNuZauy1X0-eP8E-KcVi5GN5edpgvGnPvqWqX4lY

settings > login ninja

  1. Redirections - Tab

Redirections by user roles

admin - default /normal behaive

editot / contributor / author / Subscriber - Disable login

  1. Setings > Ban rules >

Maximum number of failed login attempts before ban : 3 times > in 5 mints

Default ban time : 1 year

Banned users -> Can't access whole site -> msg: You are banned :)

  1. Settings > Captcha settings > enable

  2. Setting > Other settings > Redirect URL on logout: change logout redirect url (www.youtube.com)

WP security - 05 | WPS Hide Login Hide login page Free

after install >

settings > wps hide login

Login url box: blank box e "put a word" like: "ma" // so

Redirection url : PUT 404

Disable - https://minhazulasif.com/wp-admin or /wp-login.php or /dashboard (this all login link will disabled and will redirect to 404 page

new login url: https://minhazulasif.com/ma (this is new login page - and only i know this link)

WP security - 06 | WP-OTP

Mobile Authentication //

free plugin

wp dashoard > users > profile > YOU WIL GET A QR SCANNER

mobile > google play store > "FREE OTP" App download

open app > + scan WITH WORDPRESS USER> PROFILE > SCANNER

LETS TRY

minhazulasif.com/coming/wp-admin

authencation code will required which is generated at your mobile app

now click at the otp app > you will get password

use the 6 digit code > and login

WP security - 07 | REALLY SIMPLE SSL Configures your website to run over https. https://drive.google.com/open?id=1f-JFgK2czDGgu9iNLy4HMBWln8Oo4d_G

install & activate really somple ssl plugin

Now - enable SSL

Save

This will redirect - hrrp -> to https

ASSIGNMENT CMBD assignment no - 25

ZYRA theme - install + activate + any one demo upload +

Now - wp security - 6 plugins - install & do all steps _ and secure the site

take snap of 6 plugins and upload the snaps - at a google docs

and submit the doc ….. link

Get zyra theme: https://drive.google.com/drive/folders/1LMivo8wlUiqa1cKXpZWXZwObwYG58U8K?usp=sharing

Recent WP Security Plugins:(More)

https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ https://wordpress.org/plugins/gotmls/ https://www.sitelock.com/ap/affiliate-plans.php?ocode=MTY5LjMuMy4zLjAuMTMuMC4wLjAuMC4wLjA

Check For Virus/ Malware

https://virusscan.jotti.org

https://www.virustotal.com

https://transparencyreport.google.com/safe-browsing/search?hl=en

cpanel> Virus Scanner > home directory > scan > it will show the infected files >>

Install Free Plugin > https://wordpress.org/plugins/secupress/

if shell/malware/adware - They are dangerous

Blog Writer - Minhazul Asif, Founder & Lead Instructor - CodemanBD, founder Of Zora IT, WebBattalion & Lead Scrapper, Co founder Of WE Affiliators