The post how to know if your wordpress theme is secure appeared first on Cyber Hyena.
]]>
0
0
your installed theme on wordpress can be full of exploits so how to know if your wordpress theme is secure and exploit free
it is so importnat to install exploit free theme on your wordpress if your theme have any exploit that can lead to hacking your wordpress easly
there is so many exploits and we talk about it before here so for example if you install a theme that contain upload exploit hackers can upload a back door to your website using that exploit and hack your website
the way is to search your wordpress theme on the best web exploits reporters website and they are packetstorm and exploit db
what you must do is to search about your wordpress theme and the version in the search bar on that sites and if you have seen results about exploits that means your theme have exploits
what you do ?
if the theme offer you and update you must update your theme instantly and if don’t you should ask for web security specialist to fix the exploit and make sure that your exploit fixed
if you don’t have access to web security specialist you can copy the exploit title and name and search about it on the internet and search how to fix it
most of exploit report came with fix methods you can use and search about it
The post how to know if your wordpress theme is secure appeared first on Cyber Hyena.
]]>The post nulled wordpress themes are they safe Why You Must Avoid appeared first on Cyber Hyena.
]]>
0
0
you may see on the internet some ads about payed wordpress themes for free cloned and nulled wordpress themes are NOT SAFE for many reasons we will talk about it today
As we define nulled it refers to premium WordPress plugins or themes that have been hacked or contain modified code designed to cause harm or collect information. These are obtained from a third-party website (not the original author or creator) and sometimes are made to work without a license key
most of these nulled and cloned wordpress theme are published on internet by hackers who hack a website with premium wordpress theme and download it , a hacker can download the source code of the website files if he successed uploading a backdoor to the website we talk more about that in websites security
so the hacker access now the source code and download it , most of hacker added some malicious code in the php files of the cloned and nulled wordpress theme , so you will be hacked if you download those themes and upload it to your website
other way you will have some legal problems abusing copyrights of others and you may end up with suspendingyour host account and maybe in court 
so in total DO NOT UPLOAD CLONED AND NULLED WORDPRESS THEMES TO YOUR HOST
The post nulled wordpress themes are they safe Why You Must Avoid appeared first on Cyber Hyena.
]]>The post super ways to protect wordpress website appeared first on Cyber Hyena.
]]>
0
0
wordpress are famous php script and the most used script in the world here is some ways to protect wordpress website , after you install and run wordpress and end your theme design you need to do more steps to make it more secure we will use some plugins and other ways will be explained in this article
the first thing you need to do is to install ithemes security plugin
iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software.
its a pro and free plugin but the free one have so many great features as you can see we will explained all , after you install the plugin go ahead to the setting of the plugin you will have these page
go ahead and run SECURITY CHECK and follow easy steps after the Security Check eanble all the free features which is
404 Detection : if an attacker snooping and searching on your website for pages to exploit , the plugin will ban him
Banned users : you can block speciffic ip adress and users from accessing the website
Database Backups : good option to make secure backups
file Change detection : this feature is important and monitor the site for unexpected file changes which it mostly attackers trying to upload backdoors
file permissions : good way to give the files and the directories the right permissions
local brute force protection : also a very important feature protect your site against attackers that try to randomly guess login details to your website
ssl and system tweaks and wordpress tweaks : also important features you must enable
in the advanced tab in the settings there is more advanced features
this is so important features but its little advanced and you should be careful and take a back up to your site before you change any thing
the admin user : this will remove the user with iD 1 and username admin from the database to make it more secure and hard to guess
change content directory : its another advanced option to hide wordpress directions like wp-content wp-include its hard to do that , and if you want to do that , do it after your install wordpress if you already designed a theme and you apply it , your theme will be damaged and you should make allot of advanced steps to do it
change database table prefix : usual database prefix is wp for example a user table will be wp_users and that for all wordpress sites , for attacker they know that all wordpress website use the same prefix so this option add random prefix for example wp_users will be EDv_users go ahead and apply it
hide back end : great and important feature you should apply it , its main feautre to protect wordpress site we have full article about it here
server config and wp-config rules : advanced and sensitive to do it by your self if you familiar with server and wp_config.php file you can simple add the codes to the file but be careful
and these is the list of pro features
Pro Features:
- Two-Factor Authentication – Use a mobile app such as Google Authenticator or Authy to generate a code or have a generated code emailed to you.
- WordPress Salts & Security Keys – The iThemes Security plugin makes updating your WordPress keys and salts easy.
- Malware Scan Scheduling – Have your site scanned for malware automatically each day. If an issue is found, an email is sent with the details.
- Password Security – Generate strong passwords right from your profile screen.
- Password Expiration – Set a maximum password age and force users to choose a new password. You can also force all users to choose a new password immediately (if needed).
- Google reCAPTCHA – Protect your site against spammers.
- User Action Logging – Track when users edit content, login or logout.
- Import/Export Settings – Saves time setting up multiple WordPress sites.
- Dashboard Widget – Manage important tasks such as user banning and system scans right from the WordPress dashboard.
- Online File Comparison – When a file change is detected it will scan the origin of the files to determine if the change was malicious or not. Currently works only in WordPress core but plugins and themes are coming.
- Temporary Privilege Escalation – give a contractor or someone else temporary admin or editor access to your site that will automatically reset itself.
- wp-cli Integration – Manage your site’s security from the command line.
important thing if you use theme code editor in wordpress after installing the plugin , that section will disappear because the plugin did that most time attackers use it to edit directly to wordpress code by adding backdoor php code and that will cause the hacking of website , so after you finish your theme editing install the plugin
another thing to do
always update : update are so important for both the wordpress script and the plugins , updates help you to protect wordpress site , updates came with bug fix and exploit fix so its important to update and check updates daily or turn the auto update
we will talk more about advanced security for WordPress
The post super ways to protect wordpress website appeared first on Cyber Hyena.
]]>