WordPress Security [closed]

Question

WordPress Security [closed]

Navigation

#1 by (1 votes)

-1

I'm updating a site and I'm having a security-related question:

In bank files the connection variable with the bank is global;

The PHP part is along with HTML;

The variables of the model classes are of the public type;

I did not find any protection with regular expression.

I do not know WordPress very much, does it have a plug-in or something like that that "organizes" the site or is it unprotected?

php wordpress

asked by anonymous 12.12.2017 / 23:07

1 answer

Problems attempting to return api data being in a class Why does PyCharm not recognize modules and classes created by the user?

score 1 · Accepted Answer

It's not an absolute answer to what you want, but as you said it's new as WP I'll give you some security tips.

First mask the default login page of wordpress do not leave it this way:

https://www.seusite.com/wp-admin

Plugin to change default URL: link here is a Guide that talk about this plugin link

Second, remove or rename the Generator meta tag, so do not:

<meta name="generator" content="WordPress.com" />

Plug in to remove Generator link If you want to get hold of this article, it may help you: link

Remove the installation files from the directory!

Then do not allow the user to send htmls, scripts, or anything else through the text fields of your site. Here you can read how to prevent Spans in comments: link

It sounds kind of silly, but use Recaptcha: link

Some Templates come defalt with some user registration plug-ins and some default user that was created to publish some standard template content. Disable any plug-ins you will not use. Also disable this default theme user.

Check the file types that can be "uploaded" by site users in forms.

ROBOTS.TXT here's a tip. I believe that it is not of interest to let search engines from China, Russia and others besides the most used by Brazilians find your site. So set up Robots.txt and especially do not index WordPress folders See this example:

User-agent: *
Disallow: /administrator/
Disallow: /administrator
Disallow: /components/
Disallow: /installation/
Disallow: /libraries/
Disallow: /logs/
Disallow: /modules/
Disallow: /plugins/
Disallow: /templates/

User-agent: Googlebot
Disallow: 
User-agent: googlebot-image
Disallow: 
User-agent: googlebot-mobile
Disallow: 
User-agent: MSNBot
Disallow: 

User-agent: Slurp
Disallow: /
User-agent: Teoma
Disallow: /
User-agent: Gigabot
Disallow: /
User-agent: Scrubby
Disallow: /
User-agent: Robozilla
Disallow: /
User-agent: Nutch
Disallow: /
User-agent: baiduspider
Disallow: /
User-agent: naverbot
Disallow: /
User-agent: yeti
Disallow: /

Disallow: /cgi-bin/
Sitemap: http://www.seusite.com.br/site

If possible use the newer version of PHP !

Two articles in Portuguese with other tips.

link