WordPress Security Scan Configuration



Similar documents
WordPress File Monitor Plus Plugin Configuration

Livezilla How to Install on Shared Hosting By: Jon Manning

Using Internet or Windows Explorer to Upload Your Site

Installation Tutorial Script: The Real Estate Script. 1. Please login to download script. On PHP Classifieds Script web site.

Nikolay Zaynelov Annual LUG-БГ Meeting nikolay.zaynelov.com

JOOMLA SECURITY. ireland website design. by Oliver Hummel. ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City

Content Management System

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

Hacking the WordpressEcosystem

The easy way to a nice looking website design. By a total non-designer (Me!)

NTT Web Hosting Service [User Manual]

QUANTIFY INSTALLATION GUIDE

Site Store Pro. INSTALLATION GUIDE WPCartPro Wordpress Plugin Version

1. Building Testing Environment

Lets Get Started In this tutorial, I will be migrating a Drupal CMS using FTP. The steps should be relatively similar for any other website.

MALWAREBYTES PLUGIN DOCUMENTATION

EBOX Digital Content Management System (CMS) User Guide For Site Owners & Administrators

HowTo. Planning table online

Customer Control Panel Manual

Migrating helpdesk to a new server

2011 ithemes Media LLC. All rights reserved in all media. May be shared with copyright and credit left intact.!

All the materials and/or graphics included in the IceThemetheme folders MUST be used ONLY with It TheCityTheme from IceTheme.com.

MySQL Quick Start Guide

Rensselaer Union Club Webhosting CPanel Guide

MadCap Software. Upgrading Guide. Pulse

Introduction: 1. Daily 360 Website Scanning for Malware

Hardening Joomla 1. HARDENING PHP. 1.1 Installing Suhosin. 1.2 Disable Remote Includes. 1.3 Disable Unneeded Functions & Classes

A Manual on use of ABCD central and VHL-Site modules for Developing Library Information Discovery and Information Literacy Tools

MySQL quick start guide

AJ Shopping Cart. Administration Manual

What you will need before beginning this guide

SYWorks Vulnerable Web Applications Compilation For Penetration Testing Installation Guide

TIMETABLE ADMINISTRATOR S MANUAL

Installing buzztouch Self Hosted

WordPress 2.9 e-commerce

Cloudfinder for Office 365 User Guide. November 2013

Lucid Key Server v2 Installation Documentation.

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Managed Antivirus Quick Start Guide

This installation guide will help you install your chosen IceTheme Template with the Cloner Installer package.

How to Create a WordPress web site at

WebCruiser Web Vulnerability Scanner User Guide

Backup and Restore MySQL Databases

How to Install WordPress Manually: Securing and De-Bloating WordPress

CMP3002 Advanced Web Technology

IBM Security QRadar SIEM Version MR1. Administration Guide

WordPress websites themes and configuration user s guide v. 1.6

osclass open source classifieds Installation Guide step by step

User Guide - escan for Linux File Server

ESISS Security Scanner

HP WebInspect Tutorial

XCloner Official User Manual

Online Backup - Installation and Setup

Web Vulnerability Scanner by Using HTTP Method

FRIENDS OF SEARCH HARDENING WORDPRESS VARIOUS TWEAKS FOR BETTER WP SECURITY

GSatTrack. Fleet Broadband Tracker. User Manual April 2011 GSE. Global Satellite Engineering. : gsat.us

How To Manage Your Quarantine On A Blackberry.Com

How to Setup, Install & Run a Website on your Local Computer. For WordPress - on an Offline Server - WAMP

How To Synchronize the easystore to the AD

WebCruiser Web Vulnerability Scanner User Guide

Policies and Procedures for creating and maintaining a site

Polar Help Desk Installation Guide

MS SQL Server Database Management

MageFence. User manual

WebCruiser User Guide

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

Fus - Exchange ControlPanel Admin Guide Feb V1.0. Exchange ControlPanel Administration Guide

Plesk Panel HEAnet Customer Guide

uilding a Branch Website using Wordpress

Weston Public Schools Virtual Desktop Access Instructions

Installation Guide. Research Computing Team V1.9 RESTRICTED

How to install phpbb forum on NTU student club web server

Roars. Sudaworld. M roarsinc.com W Roars Technologies Pvt. Ltd. Escalon, Sunnyvale, California, USA 94085

WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2

Release Notes for Websense Security v7.2

Content Management System

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities

Policy Compliance. Getting Started Guide. January 22, 2016

SOS SO S O n O lin n e lin e Bac Ba kup cku ck p u USER MANUAL

ProjectPier v Getting Started Guide

MySQL Quick Start Guide

Startup guide for Zimonitor

Open Source Content Management System JOOMLA

ADMINISTRATOR GUIDE VERSION

Usage Tracking for IBM InfoSphere Business Glossary

Features Overview Guide About new features in WhatsUp Gold v14

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

INSTALLATION AND SETUP HANDBOOK OF PAYU LATAM s PLUGIN FOR WOOCOMMERCE

The data between TC Monitor and remote devices is exchanged using HTTP protocol. Monitored devices operate either as server or client mode.

Backup/Restore Microsoft SQL Server 7.0 / 2000 / 2005 / 2008

SQL Server 2008 R2 Express Edition Installation Guide

Website User Guide.

Your complete guide to installing the Self-Service Portal and estore.

Transcription:

WordPress Security Scan Configuration To configure the - WordPress Security Scan - plugin in your WordPress driven Blog, login to WordPress as administrator, by simply entering the url_of_your_website/wp-admin in your Browser. Enter the appropriate username and password { which was provided while installing WordPress } and then click on Log In as shown in Diagram 1. Diagram 1 After logging in as WordPress Admin, a Dashboard page opens as shown in Diagram 2. The Dashboard provides access to different WordPress functions and features. Diagram 2 1

In the left menu, locate the link Security. Click Security, from the drop down menu that appears are the features and functions provided by the plugin as shown in Diagram 3. The Security menu has the following sub menu-items Security, Scanner, Password Tool, Database and Support. Security : Diagram 3 In the left menu, locate the link Security. Click Security, from the drop down menu that appears as shown in Diagram 4. Diagram 4 2

WP-Security Admin tools by WebsiteDefender page is displayed as shown in Diagram 5. This page provides the details required for security: Initial Scan System Information Scan About Website Defender. Initial Scan: The WP-Security Admin Tools scans the following information of your WordPress CMS. Probing for weaknesses a hacker could exploit: 1) WordPress version installed 2) WordPress database table prefix. (It also allows you to change the table prefix.) 3) WordPress version visible / hidden 4) WordPress DB Errors 5) WordPress ID Meta tag 6) WordPress Username 7) Presence of.htaccess file in WordPress CMS NOTE: The issues are highlighted in red for the admin to take action. The issues highlighted in green are not be worried. After getting the result of the initial scan, solve the issues highlighted in red. System Information Scan: The WP-Security Admin Tools scans the system information for: Operating System, Server, Memory usage, MySQL Version, SQL Mode, PHP Version, PHP Safe Mode, PHP Allow URL fopen, PHP Memory Limit, PHP Max Upload Size, PHP Max Post Size, PHP Max Script Execute Time, PHP Exif support, PHP IPTC support, PHP XML support. About Website Defender: Optionally integrates with the Websitedefender.com online service, which monitors your blog and website for malware, hacker activity and security vulnerabilities, giving you easy to understand solutions to keep your website safe. Website Defender's enhanced WordPress Security Checks allow it to identify and help contain any threats on a blog or website powered by WordPress. With Website Defender you can: Detect Malware present on your website Audit your website for security issues Avoid getting blacklisted by Google Keep your website content and data safe Get alerted to suspicious hacker activity 3

Diagram 5 Scanner : In the left menu, locate the link Security. Click Security, from the drop down menu that appears, click Scanner as shown in Diagram 6. Diagram 6 The Scanner scans all the files and directories of WordPress CMS. It checks to see if files and directories have appropriate permissions settings. The current mode settings and required mode settings are displayed systematically. Once the Blog / Website scan is completed one has to manually change the mode settings of each file(s) and directory(ies) as recommended in the WP-Security Scan table. Each such recommendation corresponds to a vulnerability that Scanner has discovered and needs attention. 4

Diagram 7 Password Tool: In the left menu, locate the link Security. Click Security, from the drop down menu that appears, click Password Tool as shown in Diagram 8. Diagram 8 WP Security Scan - Password tool, scans for Password vulnerabilities in your blog and suggests corrective action. The password tool can scan your password strength and can indicate whether the password being keyed in is a strong password or not. Alternatively, this tool can generate strong passwords for use as shown in Diagram 9. Diagram 9 5

In the left menu, locate the link Security. Click Security, from the drop down menu that appears, click Database as shown in Diagram 10. Database: Diagram 10 The Database Security tools helps you to backup your WordPress CMS database and change the default WP Database table prefix ( i.e. wp- ) in just a single click as shown in Diagram 11. Diagram 11 6

To backup your database, click Backup now! as shown in Diagram 12. Diagram 12 Database successfully backed up! message is displayed as shown in Diagram 13. You can download the SQL file from the Available database backups links provided. The SQL file is stored at: wp-content\plugins\wp-security-scan\backups\ bck-07-31-2011-a18762309e5b8e3585f7b55701437c91.sql. The SQL file name is displayed in the output of this process as shown in diagram 13. Diagram 13 7

To change the default WP database table prefix ( i.e. wp_ ), enter the prefix desired in the textbox and click Start Renaming as shown in Diagram 14. Diagram 14 All tables have been successfully updated & the wp-config file has been successfully updated message is displayed as shown in Diagram 15. NOTE: The wp-config file permission must be writable and the database must have ALTER rights before running this script. Diagram 15 8