Wordpress Security | Guide 1 | Username, Login Attempt, Update, Plugins
(note ; copy and paste of these articles is strictly prohibited)
- Wordpress Based Websites/Blogs are being growing day to day. Numbers are always increasing. Personally speaking, this is my favourite platform too.
- Users or clients are increasing. So, it becomes major platform and grabs attention of good and bad guys too. Technically speaking in terms of cyber security, "We must be able to secure our WP sites from cyber criminals or we can say bad hackers".
- This is first guide 'Guide 1' on wordpress security, which mainly focus on 4 topics. i.e. USERNAME, LOGIN ATTEMPT, UPDATE, PLUGINS
Also read : Bitcoin Course Online
Let's Begin.
1) Username :
- By default, while installing wordpress, username assigned will be 'admin'.
- Here is the point, never use username as 'admin'. Never ever.
- If you are familiar with WP installation, then you can assign username as per your need.
- Or, if you are in Dashboard, i.e. Admin Section of WP site, then you can create new user and assign 'admin' role to that user.
- Finally, you can delete previous default one, 'admin' user.
WHY NOT TO USE 'admin' username ?
- Many WordPress sites are attacked by brute-forcing the password for "admin" username. (Note : We will talk about Login Attemp/Limit in next point, till then remember this first point)
WHAT IS BRUTE-FORCE Attack ?
- A password and cryptography attack that does not attempt to decrypt any information, but continue to try a list of different passwords, words, or letters. For example, a simple brute-force attack may have a dictionary of all words or commonly used passwords and cycle through those words until it gains access to the account. A more complex brute-force attack involves trying every key combination until the correct password is found.
2) Login Attempt :
- By default, wordpress does not limit login attempts.
- We must limit login attempts.
LIMIT LOGIN ATTEMPTS ?
- Well, if you entered wrong data (username or password), then error throws a message saying, "you did wrong, now you have 2 attempts remaining to gain access".
- This kind of message will be seen in screen, only if you've Limited Login Attempts in WP Sites.
- This approach will help in defense of Automated Login Attacks.
- Once login limit is reached because of wrong data input, then user or even admin will be locked out from signing in again for certain defined periods of time. (This time depends on how much admin or developer defined in configure process)
Also read : Kali Linux CommandLine Tutorials
3) Update :
- Well, running a WP site ?.
- Then sure, you'll install themes, plugins.
- Make sure, all those are up to date.
- How ? just by updating them.
- There is automatic inform system, i.e. whenever some updates are applied, then in admin dashboard section of WP site, you'll get notice for update. Go through it, update them all.
- Update will fix recent bugs, or even vulnerabilities (if any, if found).
4) Plugins :
- To get desired task done, to feel WP site, to make WP site like automated machine, or involve some of short codes, we need plugins.
- There are lots of plugins, even best plugins which makes our site cool, more functioning.
- Remember while installing plugin, research on it first. Once installed subscribe to plugin's developers' mail list. So that you will get update notice timely.
- Plugins right ? .... Comes with lots of vulnerability. Watch out well before using.
Guide by ; Bijay Acharya
Video Walk-Through :
(note ; copy and paste of these articles is strictly prohibited)
 |
| img src : https://goo.gl/ggnsDv |
- Wordpress Based Websites/Blogs are being growing day to day. Numbers are always increasing. Personally speaking, this is my favourite platform too.
- Users or clients are increasing. So, it becomes major platform and grabs attention of good and bad guys too. Technically speaking in terms of cyber security, "We must be able to secure our WP sites from cyber criminals or we can say bad hackers".
- This is first guide 'Guide 1' on wordpress security, which mainly focus on 4 topics. i.e. USERNAME, LOGIN ATTEMPT, UPDATE, PLUGINS
Also read : Bitcoin Course Online
Let's Begin.
1) Username :
 |
| img src : https://goo.gl/RVWiHD |
- By default, while installing wordpress, username assigned will be 'admin'.
- Here is the point, never use username as 'admin'. Never ever.
- If you are familiar with WP installation, then you can assign username as per your need.
- Or, if you are in Dashboard, i.e. Admin Section of WP site, then you can create new user and assign 'admin' role to that user.
- Finally, you can delete previous default one, 'admin' user.
WHY NOT TO USE 'admin' username ?
- Many WordPress sites are attacked by brute-forcing the password for "admin" username. (Note : We will talk about Login Attemp/Limit in next point, till then remember this first point)
WHAT IS BRUTE-FORCE Attack ?
- A password and cryptography attack that does not attempt to decrypt any information, but continue to try a list of different passwords, words, or letters. For example, a simple brute-force attack may have a dictionary of all words or commonly used passwords and cycle through those words until it gains access to the account. A more complex brute-force attack involves trying every key combination until the correct password is found.
2) Login Attempt :
- By default, wordpress does not limit login attempts.
- We must limit login attempts.
LIMIT LOGIN ATTEMPTS ?
- Well, if you entered wrong data (username or password), then error throws a message saying, "you did wrong, now you have 2 attempts remaining to gain access".
- This kind of message will be seen in screen, only if you've Limited Login Attempts in WP Sites.
- This approach will help in defense of Automated Login Attacks.
- Once login limit is reached because of wrong data input, then user or even admin will be locked out from signing in again for certain defined periods of time. (This time depends on how much admin or developer defined in configure process)
Also read : Kali Linux CommandLine Tutorials
3) Update :
 |
| img src ; https://goo.gl/ZBVteM |
- Well, running a WP site ?.
- Then sure, you'll install themes, plugins.
- Make sure, all those are up to date.
- How ? just by updating them.
- There is automatic inform system, i.e. whenever some updates are applied, then in admin dashboard section of WP site, you'll get notice for update. Go through it, update them all.
- Update will fix recent bugs, or even vulnerabilities (if any, if found).
4) Plugins :
 |
| img src : https://goo.gl/SUWAC4 |
- To get desired task done, to feel WP site, to make WP site like automated machine, or involve some of short codes, we need plugins.
- There are lots of plugins, even best plugins which makes our site cool, more functioning.
- Remember while installing plugin, research on it first. Once installed subscribe to plugin's developers' mail list. So that you will get update notice timely.
- Plugins right ? .... Comes with lots of vulnerability. Watch out well before using.
Guide by ; Bijay Acharya
Video Walk-Through :
Comments
Post a Comment