Security with Wordpress

Asked

Viewed 49 times

-1

I am updating a site and I have a question related to the security of it:

In the database files the connection variable with the database is global;

The PHP part is bundled with HTML;

Variables of the model classes are of the public type;

I did not find any protection with regular expression.

I don’t know much about Wordpress, it has a plug-in or something like that that "organize" the site or the same is unprotected?

1 answer

1


It’s not an absolute answer to what you want, but as you said it’s new like WP I’ll give you some safety tips.

First mascare the default wordpress login page do not leave that way:

https://www.seusite.com/wp-admin

Plugin to exchange the default URL: https://wordpress.org/plugins/better-wp-security/ here is a Guide that speaks a step by step of this plugin https://managewp.com/change-your-wordpress-login-url

Second remove or rename the meta tag Generator do not leave that way:

<meta name="generator" content="WordPress.com" />

Plug in to remove Generator https://br.wordpress.org/plugins/meta-generator-and-version-info-remover/ If you want to take this article out, it can help you: https://tehnoblog.org/wordpress-security-how-to-hide-wordpress-meta-generator-version-info/

  • Remove the installation files from the directory!

Then don’t allow the user to send htmls, scripts, or anything else by the text fields on your site. Here you can read how to prevent Spans in the comments: https://codex.wordpress.org/Combating_Comment_Spam

It sounds silly, but use Recaptcha: https://developers.google.com/recaptcha/

Some Templates come by defalt with some user registration plug-ins and some default user that was created to publish some default template content. Disable all plugins you won’t use. Also disable this theme default user.

Check the file types that can be "uploaded" by site users on Forms.

ROBOTS.TXT Here’s a little tip. I believe that it is not interesting to let search engines from China, Russia and others, besides those most used by Brazilians, find your site. Then configure Robots.txt well and mainly do not index Wordpress folders Take this example:

User-agent: *
Disallow: /administrator/
Disallow: /administrator
Disallow: /components/
Disallow: /installation/
Disallow: /libraries/
Disallow: /logs/
Disallow: /modules/
Disallow: /plugins/
Disallow: /templates/

User-agent: Googlebot
Disallow: 
User-agent: googlebot-image
Disallow: 
User-agent: googlebot-mobile
Disallow: 
User-agent: MSNBot
Disallow: 

User-agent: Slurp
Disallow: /
User-agent: Teoma
Disallow: /
User-agent: Gigabot
Disallow: /
User-agent: Scrubby
Disallow: /
User-agent: Robozilla
Disallow: /
User-agent: Nutch
Disallow: /
User-agent: baiduspider
Disallow: /
User-agent: naverbot
Disallow: /
User-agent: yeti
Disallow: /

Disallow: /cgi-bin/
Sitemap: http://www.seusite.com.br/site

If possible use the newest version of PHP!

Two articles in Portuguese with other tips.

https://www.canalwp.com/guia-do-iniciante/boas-praticas-para-garantir-wordpress-security/

https://blog.apiki.com/2017/02/22/13-passos-seguranca-do-wordpress/

  • Thanks for the tips, can put in the answer how to do the first and the second

  • They are plugins now I’m in the rush but as soon as I give you answer calmly

  • @Guilhermecostamilam put the plugins and a hint about Robots.txt

Browser other questions tagged

You are not signed in. Login or sign up in order to post.