{"id":419,"date":"2017-10-11T01:58:38","date_gmt":"2017-10-11T01:58:38","guid":{"rendered":"http:\/\/orissawebhosting.in\/blog\/?p=419"},"modified":"2019-07-19T04:08:37","modified_gmt":"2019-07-19T04:08:37","slug":"how-to-prevent-your-wordpress-site-from-various-attacks","status":"publish","type":"post","link":"https:\/\/orissawebhosting.in\/blog\/how-to-prevent-your-wordpress-site-from-various-attacks\/","title":{"rendered":"How to prevent your wordpress site from various attacks"},"content":{"rendered":"<h4><strong>How to prevent your word-press\u00a0site from various attacks <\/strong><\/h4>\n<p><strong>Step 1<\/strong> &#8211;\u00a0prevent your word-press login page and prevent brute force attacks.<\/p>\n<p>Everyone knows the standard WordPress login page URL. So\u00a0 change word-press login URL to protects against the most common type of website security breach, a brute force attack.<\/p>\n<p>a)During the installation process, WordPress creates two default login URLs.<\/p>\n<ul>\n<li>wp-admin.php<\/li>\n<li>wp-login.php<\/li>\n<\/ul>\n<p>b)Let\u2019s start by installing the plugin. From the WordPress dashboard, navigate to Plugins &gt; Add New &gt; search for \u2018<strong>WPS Hide Login<\/strong>.\u2019<\/p>\n<div class=\"eds-animate  \" data-eds-entry-animation=\"jello\" data-eds-entry-delay=\"0\" data-eds-entry-duration=\"1.0\" data-eds-entry-timing=\"linear\" data-eds-exit-animation=\"\" data-eds-exit-delay=\"\" data-eds-exit-duration=\"\" data-eds-exit-timing=\"\" data-eds-repeat-count=\"1\" data-eds-keep=\"yes\" data-eds-animate-on=\"scroll\" data-eds-scroll-offset=\"75\">\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-421 size-full\" src=\"http:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word1.png\" alt=\"\" width=\"751\" height=\"403\" srcset=\"https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word1.png 751w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word1-300x161.png 300w\" sizes=\"(max-width: 751px) 100vw, 751px\" \/><\/p>\n<\/div>\n<p>c)This plugin will block access to the default login URLs \u2013 wp-admin and wp-login.\u00a0you can changed the login to your preferred URL,<\/p>\n<p>d)navigate to Settings &gt; General Setting &gt;&gt; WPS Hide Login &gt;&gt; Login url<\/p>\n<div class=\"eds-animate  \" data-eds-entry-animation=\"jello\" data-eds-entry-delay=\"0\" data-eds-entry-duration=\"1.0\" data-eds-entry-timing=\"linear\" data-eds-exit-animation=\"\" data-eds-exit-delay=\"\" data-eds-exit-duration=\"\" data-eds-exit-timing=\"\" data-eds-repeat-count=\"1\" data-eds-keep=\"yes\" data-eds-animate-on=\"scroll\" data-eds-scroll-offset=\"75\">\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-423 size-full\" src=\"http:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word2.png\" alt=\"\" width=\"758\" height=\"245\" srcset=\"https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word2.png 758w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word2-300x97.png 300w\" sizes=\"(max-width: 758px) 100vw, 758px\" \/><\/p>\n<\/div>\n<p>e)When I attempt to access the default login URLs like\u00a0wp-admin, wp-login.php, it throws below error.<\/p>\n<div class=\"eds-animate  \" data-eds-entry-animation=\"jello\" data-eds-entry-delay=\"0\" data-eds-entry-duration=\"1.0\" data-eds-entry-timing=\"linear\" data-eds-exit-animation=\"\" data-eds-exit-delay=\"\" data-eds-exit-duration=\"\" data-eds-exit-timing=\"\" data-eds-repeat-count=\"1\" data-eds-keep=\"yes\" data-eds-animate-on=\"scroll\" data-eds-scroll-offset=\"75\">\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-425 size-large\" src=\"http:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word3-1024x345.png\" alt=\"\" width=\"640\" height=\"216\" srcset=\"https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word3-1024x345.png 1024w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word3-300x101.png 300w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word3-768x259.png 768w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word3.png 1083w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<\/div>\n<p>f)Now I have enter the new changed login URL (http:\/\/yourdomain.com\/wp\/login_page_changed\/), I can see the admin page without any issue.<\/p>\n<div class=\"eds-animate  \" data-eds-entry-animation=\"jello\" data-eds-entry-delay=\"0\" data-eds-entry-duration=\"1.0\" data-eds-entry-timing=\"linear\" data-eds-exit-animation=\"\" data-eds-exit-delay=\"\" data-eds-exit-duration=\"\" data-eds-exit-timing=\"\" data-eds-repeat-count=\"1\" data-eds-keep=\"yes\" data-eds-animate-on=\"scroll\" data-eds-scroll-offset=\"75\">\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-426 size-full\" src=\"http:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word4.png\" alt=\"\" width=\"1135\" height=\"596\" srcset=\"https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word4.png 1135w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word4-300x158.png 300w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word4-768x403.png 768w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word4-1024x538.png 1024w\" sizes=\"(max-width: 1135px) 100vw, 1135px\" \/><\/p>\n<\/div>\n<p><strong>Step 2<\/strong> &#8211;\u00a0Use email ID as login<\/p>\n<p>By default, you have to input your username to log in. Using an email ID instead of a username is a more secure approach.<\/p>\n<p>a)Let\u2019s start by installing the plugin. From the WordPress dashboard, navigate to Plugins &gt; Add New &gt; search for<br \/>\n<strong><a class=\"external\" href=\"https:\/\/wordpress.org\/plugins\/wp-email-login\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">WP Email Login<\/a><\/strong><\/p>\n<div class=\"eds-animate  \" data-eds-entry-animation=\"jello\" data-eds-entry-delay=\"0\" data-eds-entry-duration=\"1.0\" data-eds-entry-timing=\"linear\" data-eds-exit-animation=\"\" data-eds-exit-delay=\"\" data-eds-exit-duration=\"\" data-eds-exit-timing=\"\" data-eds-repeat-count=\"1\" data-eds-keep=\"yes\" data-eds-animate-on=\"scroll\" data-eds-scroll-offset=\"75\">\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-427 size-full\" src=\"http:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word5.png\" alt=\"\" width=\"748\" height=\"237\" srcset=\"https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word5.png 748w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word5-300x95.png 300w\" sizes=\"(max-width: 748px) 100vw, 748px\" \/><\/p>\n<\/div>\n<p>It starts working right after the activation and it requires no configuration at all. Else you can set the email ID as username while installing the word-press.<\/p>\n<div class=\"eds-animate  \" data-eds-entry-animation=\"jello\" data-eds-entry-delay=\"0\" data-eds-entry-duration=\"1.0\" data-eds-entry-timing=\"linear\" data-eds-exit-animation=\"\" data-eds-exit-delay=\"\" data-eds-exit-duration=\"\" data-eds-exit-timing=\"\" data-eds-repeat-count=\"1\" data-eds-keep=\"yes\" data-eds-animate-on=\"scroll\" data-eds-scroll-offset=\"75\">\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-429 size-full\" src=\"http:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word6.png\" alt=\"\" width=\"1046\" height=\"295\" srcset=\"https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word6.png 1046w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word6-300x85.png 300w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word6-768x217.png 768w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word6-1024x289.png 1024w\" sizes=\"(max-width: 1046px) 100vw, 1046px\" \/><\/p>\n<\/div>\n<p><strong>Step 3<\/strong> &#8211; Adjust your passwords<\/p>\n<p>When hackers know the direct URL of your login page, they can try to brute force their way in.<\/p>\n<p>So we already changed the admin URL in Step 1.<\/p>\n<p>Then they try to log in with their GWDb (Guess Work Database, i.e. a database of guessed usernames and passwords; e.g. username: admin and password: p@ssword \u2026 with millions of such combinations).<\/p>\n<p>So improve your password strength\u00a0by adding uppercase and lowercase letters, numbers, and special characters.<\/p>\n<p>Use\u00a0\u00a0<a href=\"https:\/\/strongpasswordgenerator.com\/\">Strongpassword<\/a>\u00a0 to increase the password strength.<\/p>\n<p><strong>Step 4<\/strong> &#8211; First level authentication for wordpress.<\/p>\n<p>Login to your cPanel. Choose &gt;&gt; File manager &gt;&gt; WP-ADMIN &gt;&gt;Choose \u201cPassword Protect &#8221; option.<\/p>\n<div class=\"eds-animate  \" data-eds-entry-animation=\"jello\" data-eds-entry-delay=\"0\" data-eds-entry-duration=\"1.0\" data-eds-entry-timing=\"linear\" data-eds-exit-animation=\"\" data-eds-exit-delay=\"\" data-eds-exit-duration=\"\" data-eds-exit-timing=\"\" data-eds-repeat-count=\"1\" data-eds-keep=\"yes\" data-eds-animate-on=\"scroll\" data-eds-scroll-offset=\"75\">\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-434 size-full\" src=\"http:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word9.png\" alt=\"\" width=\"722\" height=\"352\" srcset=\"https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word9.png 722w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word9-300x146.png 300w\" sizes=\"(max-width: 722px) 100vw, 722px\" \/><\/p>\n<\/div>\n<p>There you can have the option to set the username and password for that folder, Once you set the details choose SAVE option.<\/p>\n<div class=\"eds-animate  \" data-eds-entry-animation=\"jello\" data-eds-entry-delay=\"0\" data-eds-entry-duration=\"1.0\" data-eds-entry-timing=\"linear\" data-eds-exit-animation=\"\" data-eds-exit-delay=\"\" data-eds-exit-duration=\"\" data-eds-exit-timing=\"\" data-eds-repeat-count=\"1\" data-eds-keep=\"yes\" data-eds-animate-on=\"scroll\" data-eds-scroll-offset=\"75\">\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-436 size-full\" src=\"http:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word7.png\" alt=\"\" width=\"1286\" height=\"643\" srcset=\"https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word7.png 1286w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word7-300x150.png 300w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word7-768x384.png 768w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word7-1024x512.png 1024w\" sizes=\"(max-width: 1286px) 100vw, 1286px\" \/><\/p>\n<\/div>\n<p>Then try to access your word-press admin URL, http:\/\/yourdomainame.com\/wp-admin you can see the password protected pop up window, then enter your valid username and password to enter into admin page.<\/p>\n<div class=\"eds-animate  \" data-eds-entry-animation=\"jello\" data-eds-entry-delay=\"0\" data-eds-entry-duration=\"1.0\" data-eds-entry-timing=\"linear\" data-eds-exit-animation=\"\" data-eds-exit-delay=\"\" data-eds-exit-duration=\"\" data-eds-exit-timing=\"\" data-eds-repeat-count=\"1\" data-eds-keep=\"yes\" data-eds-animate-on=\"scroll\" data-eds-scroll-offset=\"75\">\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-445 size-full\" src=\"http:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word8-1.png\" alt=\"\" width=\"1325\" height=\"706\" srcset=\"https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word8-1.png 1325w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word8-1-300x160.png 300w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word8-1-768x409.png 768w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word8-1-1024x546.png 1024w\" sizes=\"(max-width: 1325px) 100vw, 1325px\" \/><\/p>\n<\/div>\n<p><strong>Step 5<\/strong> &#8211;\u00a0First level authentication for wordpress using htaccess authentication.<\/p>\n<p>Its\u00a0works by uploading two files called .htaccess and .htpasswd in the directory you want to password protect. The htaccess file should contain the following:<\/p>\n<div class=\"eds-animate  \" data-eds-entry-animation=\"jello\" data-eds-entry-delay=\"0\" data-eds-entry-duration=\"1.0\" data-eds-entry-timing=\"linear\" data-eds-exit-animation=\"\" data-eds-exit-delay=\"\" data-eds-exit-duration=\"\" data-eds-exit-timing=\"\" data-eds-repeat-count=\"1\" data-eds-keep=\"yes\" data-eds-animate-on=\"scroll\" data-eds-scroll-offset=\"75\">\n<pre>AuthType Basic\nAuthName \"Password Protected Area\"\nAuthUserFile \/path\/to\/.htpasswd\nRequire valid-user<\/pre>\n<\/div>\n<p>Next you need to upload the .htpasswd file which contains the username and password to enter the password protected folder. The .htpasswd file should contain:<\/p>\n<pre>Admin:dGRkPurkuWmW2\n<\/pre>\n<p>Once done, you can the pop up window like below.<\/p>\n<div class=\"eds-animate  \" data-eds-entry-animation=\"jello\" data-eds-entry-delay=\"0\" data-eds-entry-duration=\"1.0\" data-eds-entry-timing=\"linear\" data-eds-exit-animation=\"\" data-eds-exit-delay=\"\" data-eds-exit-duration=\"\" data-eds-exit-timing=\"\" data-eds-repeat-count=\"1\" data-eds-keep=\"yes\" data-eds-animate-on=\"scroll\" data-eds-scroll-offset=\"75\">\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-445 size-full\" src=\"http:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word8-1.png\" alt=\"\" width=\"1325\" height=\"706\" srcset=\"https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word8-1.png 1325w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word8-1-300x160.png 300w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word8-1-768x409.png 768w, https:\/\/orissawebhosting.in\/blog\/wp-content\/uploads\/2017\/10\/word8-1-1024x546.png 1024w\" sizes=\"(max-width: 1325px) 100vw, 1325px\" \/><\/p>\n<\/div>\n<p>These are the steps to prevent your word-press website<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How to prevent your word-press\u00a0site from various attacks Step 1 &#8211;\u00a0prevent your word-press login page and prevent brute force attacks. Everyone knows the standard WordPress login page URL. So\u00a0 change word-press login URL to protects against the most common type of website security breach, a brute force attack. a)During the installation process, WordPress creates two default login URLs. wp-admin.php wp-login.php b)Let\u2019s start by installing the plugin. From the WordPress dashboard, navigate to Plugins &gt; Add New &gt; search for \u2018WPS Hide Login.\u2019 c)This plugin will block access to the default&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/posts\/419"}],"collection":[{"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/comments?post=419"}],"version-history":[{"count":17,"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/posts\/419\/revisions"}],"predecessor-version":[{"id":1099,"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/posts\/419\/revisions\/1099"}],"wp:attachment":[{"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/media?parent=419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/categories?post=419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/orissawebhosting.in\/blog\/wp-json\/wp\/v2\/tags?post=419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}