Security And .htaccess in WordPress

|=---------------=[ Security And .htaccess in WordPress ]= --------------=|

|=----------------------=[ Author : jos_ali_joe ]=----------------------=|

|=---------------------=[ josalijoe@hotmail.com ]=----------------------=|

This article i'm made reference articles from r3m1ck entitled Securing your WordPress (IndonesianVersion)

Post In : http://www.exploit -id.com/articles/securing-your-wordpress-indonesian-version

This article is only a little extra from my brother r3m1ck

okay now go to simple articles Security And .htaccess in WordPress

Quite a lot of security loopholes WordPress. Generally located on root directory. There is also located onthe parent directory / main.

CMS WordPress consists of three main directories :

1. wp-admin

2. wp-content

3. wp-includes

In each directory contains quite a lot of files. In fact there are more directories in of main directory.So,Any security WordPress CMS loopholes in current directory;especially if exploited via URL?Here iscomplete list of WordPress vulnerabilities that could lead to 'bug' in the form of error messages.Complete with security

1. domainname/wp-settings.php

Security Tips

1. Login to your hosting control panel ( domainname/cpanel).

2. Go to main WordPress folder.

If using Cpanel, go to public_html> wp -settings.php

if using Spanel, go to the site directory> site's domain name> www> wp -settings.php

3. Add / paste the code to eliminating error :

ini_set(“display_errors”, 0);error_reporting(0);

Precisely at bottom of the opening code from PHP <?php

look images

4. Click save to new settings.

2. domainname/wp-admin/filename

Here is a list of filenames in your wp -admin directory that could bring up an error when exploited via aURL:

admin-functions.phpmenu.phpmenu-header.phpoptions-head.phpupgrade-functions.php

Examples of vulnerabilities : http://your.domain.name.com/wp -admin/menu.php

Security Tips

1. like with the above method, Add / paste the code to eliminating error

example if file menu.php .

ini_set(“display_errors”, 0);error_reporting(0);

look images

3. Do the same in files contained in the wp -admin, as in list above4. location directory :

public_html > wp-admin > filename (if using cPanel)

go to site directory> domainname> www> wp -admin (if using SPanel)

Examples of security : http://your.domain.name.com/wp -admin/menu.php

3. domainname/wp-admin/includes/

domainname/wp-admin/includes/filename

This directory contains quite a lot of 'bugs' or vulnerabilities if exploited further to files. With a URLpattern as above, then error that displays the hosting account username could be look / appear.

Examples of vulnerabilities : http://your.domain.name.com/wp -admin/includes/admin.php, Here is a listof filenames in your wp-admin directory that could bring up a n error when exploited via URL:

admin.phpclass-ftp-pure.phpclass-ftp-sockets.phpclass-ftp.phpclass-wp-filesystem-direct.phpclass-wp-filesystem-ftpext.phpclass-wp-filesystem-ftpsockets.phpclass-wp-filesystem-ssh2.phpcomment.phpcontinents-cities.phpfile.phpmedia.phpmisc.phpplugin-install.phpplugin.phptemplate.phptheme-install.phpupdate.phpupgrade.phpuser.php

How to Secure ?

You simply create a file .htacces in wp -admin/includes directory.

1. Login to your hosting control panel (domainname/cpanel).2. Go to public_html > wp-admin > includes (if using cPanel) , go to site directory> domainname>

www> wp-admin > includes (if using SPanel)3. Create a new file in location of wp -admin > includes . with the name .ht acces (in txt format) , txt

file which will be rename with the name ' .htaccess '.4. Copy under code in file .htaccess

# PHP error handling for production serversphp_flag display_startup_errors offphp_flag display_errors offphp_flag html_errors offphp_flag log_errors onphp_flag ignore_repeated_errors offphp_flag ignore_repeated_source offphp_flag report_memleaks onphp_flag track_errors onphp_value docref_root 0php_value docref_ext 0# [see footnote 3] # php_value error_reporting 999999999php_value error_reporting -1php_value log_errors_max_len 0

5. Click save to new settings.

The above code is useful for displaying error in general,effect of adding the file .htaccess with the scriptabove you can look

http://your.domain.name.com/wp -admin/includes/

http://your.domain.name.com/wp -admin/includes/admin.php

4. domainname/wp-includes

domainname/wp-includes/filename

Here is a list of filenames in your wp -includes directory that could bring up an error when exploited via aURL:

canonical.phpclass-feed.phpclass.wp-scripts.phpclass.wp-styles.phpcomment-template.phpdefault-embeds.phpdefault-filters.phpdefault-widgets.phpfeed-atom-comments.phpfeed-atom.phpfeed-rdf.phpfeed-rss.phpfeed-rss2-comments.phpfeed-rss2.phpgeneral-template.phpkses.phpmedia.phppost.phpregistration-functions.phprss-functions.phprss.phpscript-loader.phpshortcodes.phptaxonomy.phptemplate-loader.phptheme.phpupdate.phpvars.phpwp-db.phpuser.php

Security Tips

1. Login to your hosting control panel (domainname/cpanel).2. Go to public_html > wp-includes (if using cPanel) , go to site directory> domainname> www> wp -

includes (if using SPanel)3. Create a new file in location of wp -admin > includes . with the name .htacces (in txt format) , txt

file which will be rename with the name ' .htaccess '4. Copy under code in file .htaccess

<ifmodule mod_rewrite.c>RewriteEngine OnRewriteBase /RewriteRule .*\.php$ http://your.domain.name.com/ [L]

Useful to switch to the front page of your domain site if there is a access your domain site through theURL .

Referensi :

http://codex.wordpress.org/

http://google.com/

To Be Continue :D

Special Thanks :

Allah SWT, Muhamad SAW

My sister Nabila and Dyah, My Lovely Fitri Ardiyadila .

Indonesian Coder Team , Exploit -ID , Kebumen Cyber Crew, Devilz Code, Explore Crew , Magelang Cyber, Malang Cyber

My Best Friend :

kaMtiEz, El-Farhatz, r3m1ck, adeyonatan ( Thanks Bro your Support \m/ )