Simple Wordpress Security Tips

Tools, Tutorials 8 Responses »
Oct 102008

In the video I discuss some simple ways to secure your WordPress installation. These tips will help protect your site against most scripted/bot attacks, but likely won’t prevent a real hacker from getting in if he really wants…

The first thing I cover is changing your default admin username. This is pretty easy:

1. Use your MySQL administration tool (phpMyAdmin) to view your WordPress database.
2. Locate and select the wp_users table (or yourprefix_users) and click the browse icon.
3. Find your admin user and click on the edit icon.
4. Find the user_login column and replace “admin” with your desired name and click go.

You will need to use this new login name from now on. This step will protect against most scripted bruteforce attacks on your wp-login page as they will likely only attack admin and will never get in.

The next thing you should check out is AskApache.com’s .htaccess tutorials. These are for advanced users but offer easy ways to secure any Apache server. Every install is different, but these should be compatible with shared hosts as well.

AskApache has also created a very user friendly WordPress plugin that does most of the hard work for you. It’s called AskApache Password Protect but it does a lot more than set up passwords.

Another great resource for .htaccess security is Perishable Press’s Stupid htaccess Tricks. Here you will find tons of advanced tricks to secure your site and boost performance.

Perishable Press also maintains an .htaccess blacklist. This blacklist is WordPress compatible (though I did encounter problems with its default entries and Super Cache. It is updated fairly often and very easy to install. Just drop in and go.

Most of these tips will protect your site against automated attacks and give your average script kiddie a headache. Again, I must stress that these tips won’t prevent the dedicated hacker from getting in. To do that, you need a lot more protection in place, which many of us on shared hosting cannot get.

Posted by nukeit at 1:43 pm Tagged with: , , , ,

(Not Your Average) Obligatory Entrecard Post

Uncategorized 9 Responses »
Sep 192008

So, I am addicted to Entrecard. In less than 3 days, I have discovered a few tips that I would like to share. This list includes some tips for the webmasters too, so be sure to read it all. Enjoy!

Security

  1. Firefox extensions are your ally against malicious sites. I recommend NoScript at the very least to protect against XSS attacks which can be used to manipulate/steal your cookies and even log your keystrokes.
  2. I see a lot of generic WordPress themes in my daily drop frenzy. If you have installed ANY custom theme (even one from the official Extend site) PLEASE check the header and footer for malicious code! All WordPress themes fall under GPL license if they use code from the original theme (99% do) so don’t feel obligated to keep any strange stuff. Bad guys hide their code in eval(base64(gunzip([random characters]));.
  3. I highly recommend some sort of browser AV protection. I used to use Avast, which was decent enough.

Speed

  1. After toying around with some browser and extension options, I found that disabling images and running Adblock doesn’t really give you the speed boost you might expect. I feel that this is because the entire page and all scripts/images are downloaded anyway, and ABP/NoScript just prevent them from running or being displayed. I imagine that if you tweak your timeout and use Peerguardian to block the connections, it will boost the speed of loading hundreds of tabs considerably. Though, I would only recommend doing this for dropping sprees since it will really interfere with normal browsing.
  2. I use a modded version of an old plugin call SnapLinks that lets you drag a box around all the links in your Drop Inbox and open them in new tabs. The modded plugin is buggy as hell, so I only enable it when dropping.
  3. Once you’ve opened all your tabs, you may wish to bookmark reciprocating users. To do this, simply right click on any tab and click Bookmark All Tabs. Then when you want to drop on those users tomorrow (or with a linked account) you can simply open your bookmarks organizer, highlight all those links and open all in new tabs.
  4. I use a “Experimental” plugin called Bookmarks Link Checker Minus to find dupes. It is a pain, but I’ve yet to find a better way to keep the list clean.

Remember to drop safely. Report any strange stuff you see, because its up to you to keep the system working.

Posted by nukeit at 11:21 am Tagged with: , , , , , ,
Newer Entries
© 2010 nukeitdotorg Suffusion WordPress theme by Sayontan Sinha

Powered by CDN Rewrites