Security And .htaccess in WordPress

bemutefrogtownSecurity

Nov 18, 2013 (3 years and 10 months ago)

87 views

Security And .htaccess in WordPress
|=
---------------
=[ Security And .htaccess in WordPress ]=
--------------
=|
|=
----------------------
=[ Author : jos_ali_joe ]=
----------------------
=|
|=
---------------------
=[
josalijoe@hotmail.com ]=
----------------------
=|
This article i'm made reference articles from r3m1ck entitled Securing your WordPress (Indonesian
Version)
Post In : http://www.exploit
-
id.com/articles/securing
-
your
-
wordpress
-
indonesian
-
version
This arti
cle is only a little extra from my brother r3m1ck
okay now go to simple articles Security And .htaccess in WordPress
Quite a lot of security loopholes WordPress. Generally located on root directory. There is also located on
the parent directory / main.
CM
S WordPress consists of three main directories :
1. wp
-
admin
2. wp
-
content
3. wp
-
includes
In each directory contains quite a lot of files. In fact there are more directories in of main directory.So,
Any security WordPress CMS loopholes in current
directory;especially if exploited via URL?Here is
complete list of WordPress vulnerabilities that could lead to 'bug' in the form of error messages.
Complete with security
1.
domainname/wp
-
settings.php
Security Tips
1. Login to your hosting control panel (
domainname/cpanel).
2. Go to main WordPress folder.
If using Cpanel, go to public_html> wp
-
settings.php
if using Spanel, go to the site directory> site's domain name> www> wp
-
settings.php
3. Add / paste the code to eliminating error :
ini_
set(“display_errors”, 0);
error_reporting(0);
Precisely at bottom of the opening code from PHP
<?php
look images
4. Click save to new settings.
2.
domainname/wp
-
admin/filename
Here is a list of filenames in your wp
-
admin directory that could
bring up an error when exploited via a
URL:
admin
-
functions.php
menu.php
menu
-
header.php
options
-
head.php
upgrade
-
functions.php
Examples of vulnerabilities : http://your.domain.name.com/wp
-
admin/menu.php
Security Tips
1. like
with the above method, Add / paste the code to eliminating error
example if file menu.php .
ini_set(“display_errors”, 0);
error_reporting(0);
look images
3.
Do the same in files contained in the wp
-
admin, as in list above
4.
location directory :
public_html > wp
-
admin > filename (if using cPanel)
go to site directory> domainname> www> wp
-
admin (if using SPanel)
Examples of security :
http://your.domain.name.com/wp
-
admin/menu.php
3. domainname/wp
-
admin/includes/
domainname/wp
-
admin/includes/filename
This directory contains quite a lot of 'bugs' or vulnerabilities if exploited further to files. With a URL
pattern as above, then error that displays the hosting
account username c
ould be look / appear.
Examples of vulnerabilities :
http://your.domain.name.com/wp
-
admin/includes/admin.php
,
Here is a list
of filenames in your wp
-
admin directory that could bring up a
n error when exploited via URL:
admin.php
class
-
ftp
-
pure.php
class
-
ftp
-
sockets.php
class
-
ftp.php
class
-
wp
-
filesystem
-
direct.php
class
-
wp
-
filesystem
-
ftpext.php
class
-
wp
-
filesystem
-
ftpsockets.php
class
-
wp
-
filesystem
-
ssh2.php
comment.php
continents
-
cities.php
file.php
media.php
misc.php
plugin
-
install.php
plugin.php
template.php
theme
-
install.php
update.php
upgrade.php
user.php
How to Secure ?
You simply create a file .htacces in wp
-
admin/includes directory.
1.
Login to y
our hosting control panel (domainname/cpanel).
2.
Go to public_html > wp
-
admin > includes (if using cPanel)
,
go to site directory> domainname>
www> wp
-
admin > includes (if using SPanel)
3.
Create a new file in location of wp
-
admin > includes . with the name .ht
acces (in txt format)
,
txt
file which will be rename with the name ' .htaccess '.
4.
Copy under code in file .htaccess
# PHP error handling for production servers
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
php_flag log_errors on
php_flag ignore_repeated_errors off
php_flag ignore_repeated_source off
php_flag report_memleaks on
php_flag track_errors on
php_value docref_root 0
php_value docref_ext 0
# [see footnote 3] # php_value error_reporting 999999999
php_
value error_reporting
-
1
php_value log_errors_max_len 0
5.
Click save to new settings.
The above code is useful for displaying error in general,effect of adding the file .htaccess with the script
above you can look
http://your.domain.name.com/wp
-
admin/includes/
http://your.domain.name.com/wp
-
admin/includes/admin.php
4.
domainname/wp
-
includes
domainname/wp
-
includes/filename
Here is a list of filenames in your wp
-
includes directory that could bring up an error when exploited via a
URL:
canonical.php
class
-
feed.php
class.wp
-
scripts.php
class.wp
-
styles.php
comment
-
te
mplate.php
default
-
embeds.php
default
-
filters.php
default
-
widgets.php
feed
-
atom
-
comments.php
feed
-
atom.php
feed
-
rdf.php
feed
-
rss.php
feed
-
rss2
-
comments.php
feed
-
rss2.php
general
-
template.php
kses.php
media.php
post.php
registration
-
functions.
php
rss
-
functions.php
rss.php
script
-
loader.php
shortcodes.php
taxonomy.php
template
-
loader.php
theme.php
update.php
vars.php
wp
-
db.php
user.php
Security Tips
1.
Login to your hosting control panel (domainname/cpanel).
2.
Go to public_html > wp
-
includes (if using cPanel)
,
go to site directory> domainname> www> wp
-
includes (if using SPanel)
3.
Create a new file in location of wp
-
admin > includes . with the name .htacces (in txt format)
,
txt
file which will be rename with the name ' .htaccess '
4.
Copy
under code in file .htaccess
<ifmodule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule .*
\
.php$ http://your.domain.name.com/ [L]
Useful to switch to the front page of your domain site if there is a access your domain site through the
URL .
Ref
erensi :
http://codex.wordpress.org/
http://google.com/
To Be Continue
:D
Special Thanks :
Allah SWT, Muhamad SAW
My sister Nabila and Dyah, My Lovely Fitri Ardiyadila .
Indonesian Coder Team , Exploit
-
ID , Kebumen Cyber Crew, Devilz
Code, Explore Crew , Magelang Cyber
, Malang Cyber
My Best Friend :
kaMtiEz, El
-
Farhatz, r3m1ck, adeyonatan ( Thanks Bro your Support
\
m/ )