User Tools
linux:wordpress_secure
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:wordpress_secure [2018/03/28 05:48] admin |
linux:wordpress_secure [2018/03/28 05:53] (current) admin |
||
|---|---|---|---|
| Line 53: | Line 53: | ||
| Try typing webhostingsecretrevealed.net/login.php into your browser’s address bar. Doesn’t work, does it ? Because it doesn’t exist. The login entry for WHSR is located on a different URL. Similarly, you can change the access point on your website to something else. Essentially we change the login page URL. | Try typing webhostingsecretrevealed.net/login.php into your browser’s address bar. Doesn’t work, does it ? Because it doesn’t exist. The login entry for WHSR is located on a different URL. Similarly, you can change the access point on your website to something else. Essentially we change the login page URL. | ||
| + | {{ :linux:protectyouradmin.png |}} | ||
| Similar to the login.php page, there is the wp-admin directory which also needs to be protected. It is fairly easy to do with either of the two plugins – WPS Hide Login and Protect Your Admin. | Similar to the login.php page, there is the wp-admin directory which also needs to be protected. It is fairly easy to do with either of the two plugins – WPS Hide Login and Protect Your Admin. | ||
| Line 63: | Line 63: | ||
| SSL is always used for financial transaction portals and whenever any sensitive information is shared. Websites store a great deal of information about users and SSL helps keep that information safe. Similarly, SSL operates on Login Pages by making the browser to server communication process a lot more secure. | SSL is always used for financial transaction portals and whenever any sensitive information is shared. Websites store a great deal of information about users and SSL helps keep that information safe. Similarly, SSL operates on Login Pages by making the browser to server communication process a lot more secure. | ||
| - | SimpleSSl | + | {{ :linux:simplessl.png |}} |
| - | + | ||
| - | + | ||
| You will need an SSL certificate which can be purchased from your web host, or sometimes you also get it free with the most basic of shared hosting plans. Really Simple SSL and WP Force SSL both help you setup SSL on your website, once you’ve purchased the SSL certificate. | You will need an SSL certificate which can be purchased from your web host, or sometimes you also get it free with the most basic of shared hosting plans. Really Simple SSL and WP Force SSL both help you setup SSL on your website, once you’ve purchased the SSL certificate. | ||
| Line 75: | Line 73: | ||
| If the particular IP which is perpetrating the attack is tracked, then you can block out the repeated brute forcing attempts and keep your site secure. This is also why global DDOS attacks occur with multiple IP addresses with different origins of attack, to throw hosting services and website security off guard. | If the particular IP which is perpetrating the attack is tracked, then you can block out the repeated brute forcing attempts and keep your site secure. This is also why global DDOS attacks occur with multiple IP addresses with different origins of attack, to throw hosting services and website security off guard. | ||
| - | LoginLockdown | + | {{ :linux:loginlockdown.png |}} |
| - | + | ||
| Login LockDown and Login Security Solution both offer great solutions to protect your website’s login pages. They track IP addresses and limit the number of login attempts to protect your website. | Login LockDown and Login Security Solution both offer great solutions to protect your website’s login pages. They track IP addresses and limit the number of login attempts to protect your website. | ||
| Line 85: | Line 81: | ||
| Google Authenticator is a WordPress plugin that operates via an app installed on your Android/iPhone/Blackberry. The plugin generates a QR code which you can scan with your mobile device or you can enter the secret code manually. | Google Authenticator is a WordPress plugin that operates via an app installed on your Android/iPhone/Blackberry. The plugin generates a QR code which you can scan with your mobile device or you can enter the secret code manually. | ||
| - | AuthCode | + | {{ :linux:authcode.png |}} |
| - | + | ||
| Your login will require an authentication code which is generated on your mobile device for login. The plugin can be used on a user by user basis and isn’t recommended for users will less privileges. Given that it is highly unlikely that the hacker has any physical access to your mobile device, your website’s login page will be very secure indeed (assuming there are no other vulnerabilities). | Your login will require an authentication code which is generated on your mobile device for login. The plugin can be used on a user by user basis and isn’t recommended for users will less privileges. Given that it is highly unlikely that the hacker has any physical access to your mobile device, your website’s login page will be very secure indeed (assuming there are no other vulnerabilities). | ||
linux/wordpress_secure.1522208900.txt.gz · Last modified: 2018/03/28 05:48 by admin
Page Tools
