Mengamankan blog wordpress adalah hal yang paling penting dan menurut Budhe wajib di lakukan bahkan sebelum melakukan kegiatan blogging apapun.
Setelah selesai membuat blog,tidak boleh ada alasan bagi Sob untuk meninggalkan WordPress terbuka lebar bagi hacker untuk menyelinap masuk dan mencuri informasi dan / atau menghancurkan data.
Berikut ini cara mengamankan blog wordpress dari Hacker,setidaknya ada 10 tips.
1. Enkripsi login
Setiap kali Sob mencoba untuk login ke halaman admin, password akan dikirim dengan tidak terenkripsi. Jika Sob berada di jaringan publik, hacker dengan mudah bisa ‘mengendus’ data login menggunakan sniffer jaringan. Cara terbaik adalah untuk mengenkripsi login adalah dengan pluginChap Secure Login. Plugin ini menambahkan hash acak untuk password dan otentikasi login denganprotokol TCP.
2. Hentikan brute force attack
Hacker dapat dengan mudah memecahkan sandi login dan menggunakan credential brute force attack. Untuk mencegah hal itu terjadi, Sob dapat menginstal plugin login lockdown. Plugin ini mencatat alamat IP dan timestamp dari setiap yang berusaha login ke wordpress kamu dan gagal. Setelah sejumlah usaha yang gagal terdeteksi,secara otomatis akan menonaktifkan fungsi login untuk semua permintaan dari IP bersangkutan.
3. Gunakan password yang kuat
Pastikan menggunakan kata sandi yang kuat yang sulit ditebak orang lain. Gunakan kombinasi angka, karakter khusus dan kombinasi huruf besar dan kecil.
4. Lindungi folder wp-admin
Wp-admin adalah folder berisi semua informasi penting dan merupakan lokasi yang tidak boleh ada satupun yang dapat mengaksesnya. Gunakan AskApache Password Protect untuk melindungi direktori dengan password dan memberikan hak akses hanya untuk admin yang berwenang saja.
5. Hapus informasi versi WordPress
Hampir semua theme wordpress memberikan informasi versi WordPress dalam meta tag.Hacker dapat dengan mudah mendapatkan pegangan dari informasi ini dan membuat rencana serangan yang tepat.
Sejak wordpress 2.6,versi wordpress secara otomatis di masukkan di bagian Wp_head,untuk mengatasinya sob harus menginstal plugin WP-Security Scan plugin.
6. Sembunyikan folder plugin Anda
Coba buka url blog sob seperti ini : http://domainkamu.com/wp-content/plugins ,jika masih terlihat daftar plugin yang kamu pakai, upload file index.html kosong ke direktori plugin.
Buat saja dengan notepad: klik kanan>>New>>Text Docoment lalu simpan dengan nama index.html.
7. Username dan alamat email
Jangan gunakan default username “admin” sebagai login dan jangan menggunakan email yang sudah pernah di ketahui orang lain.Buat username yang sulit dan berbeda dengan nama author yang sob pakai.
8. Update secara rutin wordpress dan semua pluginnya jika ada peringatan
WordPress dan plugin yang tidak update sangat rentan Hacker.
9. Backup database rutin
Tidak peduli seberapa aman blog sob, persiapkan untuk yang hal-hal terburuk. Instal plugin wp-database-backup dan jadwalkan untuk backup database setiap hari.
10. Tentukan hak akses pengguna
Jika ada lebih dari satu admin di blog,sob dapat menginstal plugin role-manager untuk menentukan kemampuan dari setiap kelompok pengguna.
Securing a wordpress blog is the most important and must be done according Budhe even before doing any blogging.
When finished creating a blog, there should be no reason for the SOB to leave WordPress wide open for hackers to sneak in and steal information and / or destroy data.
Here's how to secure wordpress blog from hackers, at least there are 10 tips.
1. Login encryption
Each time the SOB tried to log into the admin page, the password will be sent by unencrypted. If SOB was in the public network, hackers can easily 'sniff out' data logging using a network sniffer.The best way is to encrypt the login is pluginChap Secure Login.This plugin adds a random hash for the password and login authentication denganprotokol TCP.
2. Stop brute force attack
Hackers can easily crack your login password and credential using brute force attack. To prevent that from happening, SOB can install the login lockdown plugin. This plugin records the IP address and timestamp of any who tried to log into your wordpress and failed.After several failed attempts are detected, it will automatically disable the login function to all requests from the IP in question.
3. Use strong passwords
Be sure to use a strong password that is difficult for others to guess.Use a combination of numbers, special characters and combinations of uppercase and lowercase letters.
4. Protect your wp-admin folder
Wp-admin folder contains all the information is important and is the location that there should be no one who can access it. Use AskApache Password Protect to protect directories with a password and grant access only to authorized admin only.
5. Remove Wordpress version information
Almost all of the wordpress theme WordPress version information in the meta tag.Hacker can easily get hold of this information and make proper plan of attack.
Since wordpress 2.6, wordpress version is automatically entered in the Wp_head, to handle sob should install the plugin WP-Security Scan plugin.
6. Hide your plugin folder
Try to open the blog url sob like this: http://domainkamu.com/wp-content/plugins, if it still looks a list of plugins that you use, upload a blank index.html file to the plugin directory.
Make it with notepad: right click >> New >> Text Docoment then save it as index.html.
7. Username and email address
Do not use the default username "admin" as login and do not use the email that has been in the know the username lain.Buat difficult and different from the name of the author wearing a sob.
8. Regularly updated and all the wordpress plugin if there is a warning
WordPress and plugins that do not update very vulnerable to hackers.
9. Regular database backups
No matter how safe the blog sob, prepare for the worst things. Install the plugin wp-database-backup and schedule it to backup the database every day.
10. Define user access rights
If more than one admin on the blog, can install a plugin sob-manager role to determine the ability of each user group.
When finished creating a blog, there should be no reason for the SOB to leave WordPress wide open for hackers to sneak in and steal information and / or destroy data.
Here's how to secure wordpress blog from hackers, at least there are 10 tips.
1. Login encryption
Each time the SOB tried to log into the admin page, the password will be sent by unencrypted. If SOB was in the public network, hackers can easily 'sniff out' data logging using a network sniffer.The best way is to encrypt the login is pluginChap Secure Login.This plugin adds a random hash for the password and login authentication denganprotokol TCP.
2. Stop brute force attack
Hackers can easily crack your login password and credential using brute force attack. To prevent that from happening, SOB can install the login lockdown plugin. This plugin records the IP address and timestamp of any who tried to log into your wordpress and failed.After several failed attempts are detected, it will automatically disable the login function to all requests from the IP in question.
3. Use strong passwords
Be sure to use a strong password that is difficult for others to guess.Use a combination of numbers, special characters and combinations of uppercase and lowercase letters.
4. Protect your wp-admin folder
Wp-admin folder contains all the information is important and is the location that there should be no one who can access it. Use AskApache Password Protect to protect directories with a password and grant access only to authorized admin only.
5. Remove Wordpress version information
Almost all of the wordpress theme WordPress version information in the meta tag.Hacker can easily get hold of this information and make proper plan of attack.
Since wordpress 2.6, wordpress version is automatically entered in the Wp_head, to handle sob should install the plugin WP-Security Scan plugin.
6. Hide your plugin folder
Try to open the blog url sob like this: http://domainkamu.com/wp-content/plugins, if it still looks a list of plugins that you use, upload a blank index.html file to the plugin directory.
Make it with notepad: right click >> New >> Text Docoment then save it as index.html.
7. Username and email address
Do not use the default username "admin" as login and do not use the email that has been in the know the username lain.Buat difficult and different from the name of the author wearing a sob.
8. Regularly updated and all the wordpress plugin if there is a warning
WordPress and plugins that do not update very vulnerable to hackers.
9. Regular database backups
No matter how safe the blog sob, prepare for the worst things. Install the plugin wp-database-backup and schedule it to backup the database every day.
10. Define user access rights
If more than one admin on the blog, can install a plugin sob-manager role to determine the ability of each user group.
0 komentar:
Posting Komentar