1. To disable HTTP Trace MethodThis is Cross Site Tracing (XST) is to prevent the attacks of the security.Edit .htaccess file to your server's Apache configuration for:RewriteEngine OnRewriteCond% {REQUEST_METHOD} ^ TRACERewriteRule. * - [F]II. WordPress installation to remove the header outputWarning: some of the functionality of WordPress can do to prevent it. For example, if you want to use the RSS feed in the comment line.Please enter your theme functions.php file and paste these lines:remove_action ('wp_head', 'index_rel_link');remove_action ('wp_head', 'feed_links', 2);remove_action ('wp_head', 'feed_links_extra', 3);remove_action ('wp_head', 'rsd_link');remove_action ('wp_head', 'wlwmanifest_link');remove_action ('wp_head', 'parent_post_rel_link', 10, 0);remove_action ('wp_head', 'start_post_rel_link', 10, 0);remove_action ('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0);remove_action ('wp_head', 'wp_generator');remove_action ('wp_head', 'wp_shortlink_wp_head', 10, 0);remove_action ('wp_head', 'noindex', 1);3. Your comment posting to the proxy server.htaccess file and add the following lines. The spam can be reduced.RewriteCond% {REQUEST_METHOD} = POSTRewriteCond% {HTTP: VIA}% {HTTP: FORWARDED}% {HTTP: USERAGENT_VIA}% {HTTP: X_FORWARDED_FOR}% {HTTP: PROXY_CONNECTION}! ^ $ [OR]RewriteCond% {HTTP: XPROXY_CONNECTION}% {HTTP: HTTP_PC_REMOTE_ADDR}% {HTTP: HTTP_CLIENT_IP}! ^ $RewriteCond% {REQUEST_URI}! ^ / (Wp-login.php | wp-admin / | wp-content / plugins / | wp-includes /).* [NC]RewriteRule. * - [F, NS, L]4. To change the default WordPress database prefixYou probably know that by default WordPress database prefix is "wp_". Change it to install WordPress. Example "wpdbxyz_"5. Dangerous to the query string dinaiTo prevent XSS attacks, and add a reference to the file .htaccesWarning: some of the plugins or themes that may not work if he was not removed stirim.<IfModule mod_rewrite.c>RewriteCond% {QUERY_STRING} ../ [NC, OR]RewriteCond% {QUERY_STRING} boot.ini [NC, OR]RewriteCond% {QUERY_STRING} tag = [NC, OR]RewriteCond% {QUERY_STRING} ftp: [NC, OR]RewriteCond% {QUERY_STRING} http: [NC, OR]RewriteCond% {QUERY_STRING} https: [NC, OR]RewriteCond% {QUERY_STRING} mosConfig [NC, OR]RewriteCond% {QUERY_STRING} ^. * ([|] | (|) | <|> | '| "|; |? | *). * [NC, OR]RewriteCond% {QUERY_STRING} ^. * (% 22 |% 27 |% 3C |% 3E |% 5C |% 7B |% 7C). * [NC, OR]RewriteCond% {QUERY_STRING} ^. * (% 0 |% A |% B |% C |% D |% E |% F | 127.0). * [NC, OR]RewriteCond% {QUERY_STRING} ^. * (Globals | encode | config | localhost | loopback). * [NC, OR]RewriteCond% {QUERY_STRING} ^. * (Request | select | insert | union | declare | drop). * [NC]RewriteRule ^ (. *) $ - [F, L]</ IfModule>6. PHP Hardening your system downHardening the system installed and enabled on your server in PHP called Suhosin. It will increase your system's security. Suhosin is installed by default in many web hosting companies. Click to learn more about Suhosin caileekhane.I hope these 6 measures to prevent extraordinary way to increase the security of your site.
Monday, July 13, 2015
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment