. 2

- / /

/ /

- .

www.shahi.info

. 3

. 4

।

% % ! । ।

।

,

,

,

?

,

, ,

www.facebook.com/mfshahi

. 5

WP Security Scan

Backup Now

http://www.websitedefender.com/news/free-wordpress-security-scan-plugin/

BackUpWordPress - http://wordpress.org/extend/plugins/backupwordpress/

Backup to Dropbox - http://wordpress.org/extend/plugins/wp-db-backup/

BP-DB-Backup - http://wordpress.org/extend/plugins/wp-db-backup/

Goole Drive for WordPress - http://wordpress.org/extend/plugins/wp-google-drive/

. 6

,

. 7

SQL

, ,

. 8

. 9

।

/

।

,

, ,

।

. 10

, !!

??

mediafire, google drive, copy, sky drive, box, dropbox

।

।

. 11

,

। wp-content

phpmyadmin

।

. 12

। ( )

।

. 13

wp-config.php

।

, ,

, ,

wp-content

wp_options

।

. 14

*

“Please update now”

. 15

,

। Ex: rockST4R19!@

http://strongpasswordgenerator.com

. 16

admin

admin

admin

- http://wordpress.org/extend/plugins/admin-username-changer/

Myn4m3

Contributor ( )

. 17

wp_

!

. 18

WP

Security Scan

http://wordpress.org/extend/plugins/wp-security-scan/

. 19

Wp-Config .htaccess

wp-config.php

wp-config .htaccess

wp-config .htaccess .htaccess

.htaccess

# PROTECT WP-CONFIG

<Files wp-config.php>

Order Allow,Deny

Deny from all

</Files>

# PROTECT .htaccess

<Files .htaccess>

Order Allow,Deny

Deny from all

</Files>

.htaccess , Wp-Config

.htaccess

. 20

https://api.wordpress.org/secret-key/1.1/salt/

, wp-config.php

Wp-config.php

. 21

http://yoursite.com/wp-content/uploads

,

.htaccess

# disable directory browsing

Options All –Indexes

. 22

Index

Manager No Indexing

. 23

?functions.php

// remove version number from head & feeds

function disable_version() { return ''; } add_filter('the_generator','disable_version'); remove_action('wp_head', 'wp_generator');

. 24

?

,

,

?

.htaccess

# HOTLINK PROTECTION - by BDTechZone LLC

<IfModule mod_rewrite.c>

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{REQUEST_FILENAME} -f

RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]

RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?bdtechzone\. [NC]

RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L]

</IfModule>

bdtechzone ,

amarspot.com

amarspot .htaccess ,

. 25

HotLink Protection

.htaccess

. 26

?

.htaccess

# BLOCK NO-REFERRER SPAM - by BDTechZone <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_USER_AGENT} ^$ [OR] RewriteCond %{HTTP_REFERER} !.*bdtechzone.com.* [NC] RewriteCond %{REQUEST_URI} /wp\-comments\-post\.php [NC] RewriteRule .* - [F,NC,L] </IfModule>

. 27

bdtechzone.com ,

।

botsvsbrowsers.com

http://www.yourdomain.com/wp-comments-post.php

http://www.botsvsbrowsers.com/SimulateUserAgent.asp

।

. 28

? .htaccess

# BLOCK BAD BOTS

<IfModule mod_setenvif.c>

SetEnvIfNoCase User-Agent ̂ $ keep_out

SetEnvIfNoCase User-Agent (casper|cmsworldmap|diavol|dotbot) keep_out

SetEnvIfNoCase User-Agent (flicky|ia_archiver|jakarta|kmccrew) keep_out

SetEnvIfNoCase User-Agent (libwww|planetwork|pycurl|skygrid) keep_out

SetEnvIfNoCase User-Agent (purebot|comodo|feedfinder) keep_out

<Limit GET POST PUT>

Order Allow,Deny

Allow from all

Deny from env=keep_out

</Limit>

</IfModule>

. 29

.htaccess

।

. 30

,

. .htaccess

# 5G FIREWALL

# 5G:[QUERY STRINGS]

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteCond %{QUERY_STRING} (environ|localhost|mosconfig|scanner) [NC,OR]

RewriteCond %{QUERY_STRING} (menu|mod|path|tag)\=\.?/? [NC,OR]

RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]

RewriteCond %{QUERY_STRING} echo.*kae [NC,OR]

RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]

RewriteCond %{QUERY_STRING} \=\\%27$ [NC,OR]

RewriteCond %{QUERY_STRING} \=\\\'$ [NC,OR]

RewriteCond %{QUERY_STRING} \.\./ [NC,OR]

RewriteCond %{QUERY_STRING} \: [NC,OR]

RewriteCond %{QUERY_STRING} \[ [NC,OR]

RewriteCond %{QUERY_STRING} \] [NC]

RewriteRule .* - [F]

</IfModule>

# 5G:[USER AGENTS]

<IfModule mod_setenvif.c>

. 31

SetEnvIfNoCase User-Agent ^$ keep_out

SetEnvIfNoCase User-Agent (casper|cmsworldmap|diavol|dotbot) keep_out

SetEnvIfNoCase User-Agent (flicky|ia_archiver|jakarta|kmccrew) keep_out

SetEnvIfNoCase User-Agent (libwww|planetwork|pycurl|skygrid) keep_out

<Limit GET POST PUT>

Order Allow,Deny

Allow from all

Deny from env=keep_out

</Limit>

</IfModule>

# 5G:[REQUEST STRINGS]

<IfModule mod_alias.c>

RedirectMatch 403 (https?|ftp|php)\://

RedirectMatch 403 /(cgi|https?|ima|ucp)/

RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$

RedirectMatch 403 (\,|//|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\|)

RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$

RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php

RedirectMatch 403 (base64|crossdomain|localhost|wwwroot)

RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae)

RedirectMatch 403 \.well\-known/host\-meta

RedirectMatch 403 /function\.array\-rand

RedirectMatch 403 \)\;\$\(this\)\.html\(

RedirectMatch 403 proc/self/environ

RedirectMatch 403 msnbot\.htm\)\.\_

RedirectMatch 403 /ref\.outcontrol

RedirectMatch 403 com\_cropimage

RedirectMatch 403 indonesia\.htm

. 32

RedirectMatch 403 \{\$itemURL\}

RedirectMatch 403 function\(\)

RedirectMatch 403 labels\.rdf

</IfModule>

# 5G:[BAD IPS]

<Limit GET POST PUT>

Order Allow,Deny

Allow from all

Deny from 184.56.246.23

Deny from 195.10.218.132

Deny from 208.91.57.65

Deny from 209.190.3.218

Deny from 64.15.156.15

Deny from 86.175.86.170

Deny from 91.121.

Deny from 41.206.13.3

Deny from 207.177.225.66

Deny from 137.82.182.121

Deny from 79.125.81.232

Deny from 24.66.27.191

Deny from 216.40.231.210

Deny from 151.42.146.98

Deny from 77.191.130.244

Deny from 115.79.13.174

Deny from 84.189.184.170

</Limit>

. 33

, .htaccess

।

www.bdtechzone.com/wp-security/1107

. 34

। .htaccess

.htaccess

# BLOCK PROXY VISITS

<IfModule mod_rewrite.c>

RewriteEngine on

RewriteCond %{HTTP:VIA} !^$ [OR]

RewriteCond %{HTTP:FORWARDED} !^$ [OR]

RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]

RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]

RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]

RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]

RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]

RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$

RewriteRule .* - [F]

</IfModule>

. 35

header.php

<?php if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1)) die("Proxy access

not allowed"); ?>

header.php

inCloak

Proxy access not allowed ।

https://incloak.com

. 36

SQL injection

SQL injection.

SQL injection

SQL injection

.htaccess

# protect from sql injection

Options +FollowSymLinks

RewriteEngine On

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

RewriteRule ^(.*)$ index.php [F,L]

.htaccess

, SQL injection , ।

. 37

.

www.amarspot.com/ebook

. 38

wordpress.org

http://wordpress.org/extend/themes/

http://wordpress.org/extend/plugins/

http://wordpress.org/extend/plugins/tac/

. 39

?p=123

post name

. 40

।

ThreeWP Activity Monitor

।

http://wordpress.org/extend/plugins/threewp-activity-monitor/

Dashboard Activity Monitor ।

।

. 41

।

functions.php

?> । add_filter('login_errors',create_function('$a', "return null;"));

functions.php

।

. 42

? , ?

।

. 43

wp-config.php ,

। define('DISALLOW_FILE_EDIT', true);

. 44

,

,

, ।

1. AntiVirus 2. Sucuri Security

3. Limit Login Attempts

4. WP-DB-Backup

5. ThreeWP Activity Monitor

6. AskApache Password Protect

7. Wordfence Security 8. Better WP Security

9. WP Security Scan

10. Bad Behavior

11. Block Bad Queries

12. Exploit Scanner

13. BulletProof Security

14. WordPress Firewall 2

15. WordPress File Monitor Plus

. 45

, . ।

www.bdtechzone.com/wp-security

,

www.bdtechzone.com/wp-tutorial

www.bdtechzone.com/tutorial/1143

www.bdtechzone.com/tutorial/782

,