Professional Documents
Culture Documents
Antivirus para Wordpress
Antivirus para Wordpress
Why? Because step one for any brute force login attempt is to
attempt to login with the admin username then run through an
enormous number of password attempts in to gain entry. If you create
a more unique username then you stop this hacking attempt in its tracks.
Most people are savvy enough these days to know that their password shouldnt be
password. What they may not know is that brute force hacking attempts
will try an astonishing number of password combinations in an
attempt to access websites. If your password makes sense or is in any way
predictable (e.g. is made up of recognizable words or number patterns) then your site
is at risk.
In reality, there are three golden rules for best practice password generation:
2. BACKUPS, people. I have said this a million times but its worth saying again. I
have backups scheduled to run on my own server every Sunday night. That means
if my site is hacked late Saturday night and I have to restore from my backups, Im
going to lose a week of posts and comments. Get a backup plugin, preferably one
with a restore feature, and set it to create a new backup every day.
Wordfence also gives you tons of options for locking down your site you can block
IPs that try to break in, hide your WordPress version to make it harder for hackers to
know what to exploit, scan your comments for known phishing URLs (it found a ton of
spam trackbacks on my personal blog), and even see a view of live traffic on your
site. While Ive been writing this post, a fake Googlebot tried to access this site and
Wordfence blocked it.
TimThumb Vulnerability Scanner Youd be surprised how many themes and
plugins use an outdated version of TimThumb (a common script that helps
WordPress render thumbnail images). This leaves your site vulnerable for exploits,
but luckily theres a plugin that will fix it. The TimThumb Scanner quickly evaluates
your themes and plugins, notifies you of any issues, and allows you to update
TimThumb with one click.
WP Notifier If you dont log into your dashboard on a regular basis, this plugin
will notify you via email when your themes, plugins, and/or WordPress core need to
be updated. Simple yet effective, especially if you own static or niche sites that
dont need to be updated very often.
Better WP Security This one is a serious contender with Wordfence. It hides
various parts of your WordPress site that are common targets for hackers. It also
makes backups and emails them to you an awesome feature for those of you
who dont want to spend time creating them manually.
Pros and cons ver en http://www.limeplugins.com/best-wordpress-security-plugin/
BulletProof Security (BPS)
The plugin has mainly focuses on .htaccess protection and login security.
.htaccess protection
Wordfence Security
The plugin provides support for caching, cell-phone sign-in (two factor
authentication), malware scanning, IP/ country blocking, and a host of
firewall options.
here.
iThemes Security
404 detection
Malware scanning
The plugin classifies its features into different sections and each section has
a score associated. We have enabled features such that the maximum score
is hit for a given section.
DETAILS:
WordPress itself is a very secure platform. However, it helps to add some extra security and
firewall to your site by using a security plugin that enforces a lot of good security practices.
The All In One WordPress Security plugin will take your website security to a whole
new level.
This plugin is designed and written by experts and is easy to use and understand.
It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the
latest recommended WordPress security practices and techniques.
All In One WP Security also uses an unprecedented security points grading system to measure
how well you are protecting your site based on the security features you have activated.
Our security and firewall rules are categorized into "basic", "intermediate" and "advanced". This
way you can apply the firewall rules progressively without breaking your site's functionality.
The All In One WordPress Security plugin doesn't slow down your site and it is 100% free.
Visit the WordPress Security Plugin page for more details.
Below is a list of the security and firewall features offered in this plugin:
Detect if there is a user account which has the default "admin" username and
easily change the username to a value of your choice.
The plugin will also detect if you have any WordPress user accounts which
have identical login and display names. Having account's where display name is identical
to login name is bad security practice because you are making it 50% easier for hackers
because they already know the login name.
Password strength tool to allow you to create very strong passwords.
Protect against "Brute Force Login Attack" with the Login Lockdown feature.
Users with a certain IP address or range will be locked out of the system for a
predetermined amount of time based on the configuration settings and you can also
choose to be notified via email whenever somebody gets locked out due to too many login
attempts.
As the administrator you can view a list of all locked out users which are
displayed in an easily readable and navigable table which also allows you to unlock
individual or bulk IP addresses at the click of a button.
Monitor/View failed login attempts which show the user's IP address, User
ID/Username and Date/Time of the failed login attempt
Enable manual approval of WordPress user accounts. If your site allows people
to create their own accounts via the WordPress registration form, then you can minimize
SPAM or bogus registrations by manually approving each registration.
Ability to add captcha to the WordPress user registration page to protect you
from spam user registration.
Database Security
Easily the default WP prefix to a value of your choice with the click of a button.
Schedule automatic backups and email notifications or make an instant DB
backup whenever you want with one click.
Identify files or folders which have permission settings which are not secure
and set the permissions to the recommend secure values with click of a button.
Protect your PHP code by disabling file editing from the WordPress
administration area.
Easily view and monitor all host system logs from a single menu page and stay
informed of any issues or problems occurring on your server so you can address them
quickly.
Prevent people from accessing the readme.html, license.txt and wp-configsample.php files of your WordPress site.
Easily backup your original .htaccess and wp-config.php files in case you will
need to use them to restore broken functionality.
Modify the contents of the currently active .htaccess or wp-config.php files from
the admin dashboard with only a few clicks
Blacklist Functionality
Firewall Functionality
This plugin allows you to easily add a lot of firewall protection to your site via htaccess file. An
htaccess file is processed by your web server before any other code on your site. So these
firewall rules will stop malicious script(s) before it gets a chance to reach the WordPress code
on your site.
Instantly block Brute Force Login Attacks via our special Cookie-Based Brute
Force Login Prevention feature. This firewall functionality will block all login attempts from
people and bots.
Ability to add a simple math captcha to the WordPress login form to fight
against brute force login attacks.
Ability to hide admin login page. Rename your WordPress login page URL so
that bots and hackers cannot access your real WordPress login URL. This feature allows
you to change the default login page (wp-login.php) to something you configure.
Ability to use Login Honeypot which will helps reduce brute force login attempts
by robots.
WhoIs Lookup
Perform a WhoIs lookup of a suspicious host or IP address and get full details.
Security Scanner
The file change detection scanner can alert you if any files have changed in
your WordPress system. You can then investigate and see if that was a legitimate change
or some bad code was injected.
Database scanner feature can be used to scan your database tables. It will look
for any common suspicious-looking strings, javascript and html code in some of the
WordPress core tables.
Monitor the most active IP addresses which persistently produce the most
SPAM comments and instantly block them with the click of a button.
Prevent comments from being submitted if it doesn't originate from your domain
(this should reduce some SPAM bot comment posting on your site).
Add a captcha to your wordpress comment form to add security against
comment spam.
Ability to disable the right click, text selection and copy option for your frontend.
Additional Features
Ability to remove the WordPress Generator Meta information from the HTML
source of your site.
Ability to prevent people from accessing the readme.html, license.txt and wpconfig-sample.php files
Ability to temporarily lock down the front end of your site from general visitors
while you do various backend tasks (investigate security attacks, perform site upgrades, do
maintenance work etc.)
Ability to export/import the security settings.
Prevent other sites from displaying your content via a frame or iframe.
Plugin Support
If you have a question or problem with the All In One Security plugin, post it on
the support forum and we will help you.
Developers
If you are a developer and you need some extra hooks or filters for this plugin
then let us know.
Translations
English
German
Spanish
French
Hungarian
Italian
Swedish
Russian
Chinese
Portuguese (Brazil)
MMMMMMMMMMMMMMMMMMMMMM
BulletProof Security
1,424,250 DOWNLOADS
security. Hacker X, Spammer X, Bad Bot X does bad Action Y = Forbidden/Blocked. An "Action
Approach" is a much more effective and performance optimized approach to website security
since the bad action itself is being blocked/forbidden instead of attempting to block an
individual hacker/spammer that performed a bad action. Example: BulletProof Security blocks
all SQL Injection hacking attempts/attacks no matter who performed that SQL Injection hacking
attempt/attack.
completed. The new BPS Maintenance Mode design includes 20 background images, 15
center images (text box image), allows you to embed image files and YouTube videos,
FrontEnd Maintenance Mode, BackEnd Maintenance Mode or both FrontEnd & BackEnd
Maintenance Modes and most importantly is fast and simple to use so that you can switch in
and out of Maintenance mode quickly and easily. FrontEnd Maintenance mode is primarily
designed for development/maintenance purposes and BackEnd Maintenance Mode is
technically a security feature since enabling BackEnd Maintenance Mode allows you to deny
access to the /wp-admin folder/WP Dashboard by IP address. See BulletProof Security
FrontEnd/BackEnd Maintenance Mode Features for additional features and options.
Why .htaccess Website Security So Much Better Than Other Types of Website Security
The answer is very simple - .htaccess files (distributed Server configuration files) are
processed first before any other code on your website. In other words, hackers malicious
scripts are stopped by BulletProof Security .htaccess files/Firewalls before those scripts even
have a chance to reach the php code in WordPress. BulletProof Security uses .htaccess
website security files, which are specific to Apache Linux Servers. Please read the FAQ page
for Server compatibility questions.
Translations
days, 60 days, 90 days or 180 days), - Turn On/Off All Scheduled Backups (override - turn
on all scheduled backups or turn off all scheduled backups).
DB Backup Logging
Depending on your DB Backup settings, log entries will be logged anytime you
run a Manual Backup Job or whenever a Scheduled Cron Backup Job is run. The Backup
Job Completion Time, Zip Backup File Name, timestamp and other information is logged. If
you have chosen the option to automatically delete old zip backup files then the zip backup
file name and timestamp will be logged when old zip backup files are automatically deleted.
When you create a new Backup Job your Backup Job Settings are logged/saved in the DB
Backup Log.
DB Backup Log Automation: Automatically zipped, emailed and replaced based
on file size
Click the DB Backup Read Me help button for full descriptions of all features
and options.
Website displays & functions normally while visitors see a website under
maintenance page
TinyMCE WYSIWYG Editor
Embed image files and YouTube videos
20 background images, 15 center images (text box image)
Background image files/options and Center images (text box image) are
independent of each other so that you can mix and match different background images
with different Center images (text box image)
Enable Countdown Timer
Countdown Timer Text Color
Maintenance Mode Time in Minutes
Header Retry-After in Minutes ~ 503 HTTP Status Code
Enable FrontEnd Maintenance Mode ~ site development, maintenance, coming
soon, under construction, etc.
Enable BackEnd Maintenance Mode ~ Deny All IP address .htaccess protection
for the wp-admin folder / WP Dashboard
Maintenance Mode IP Address Whitelist Text Box: Enter The IP Addresses That
Can View The Website Normally (not in Maintenance Mode)
Maintenance Mode Text, Images, Videos Displayed To Website Visitors
Background Images ~ 20 background images ~ mix and match with center
images ~ see screenshot
Center Images ~ 15 center images ~ mix and match with background images ~
see screenshot
Background Colors (If not using a Background Image)
Display Visitor IP Address
Display Admin/Login Link
Display Dashboard Reminder Message when site is in Maintenance Mode
Send Email Reminder when Maintenance Mode Countdown Timer has
completed
Email: To, From, cc, bcc
MMMMMMMMMMMMMMMMMMMMMMM
Warning
Please read the installation instructions and FAQ before installing this plugin. iThemes Security
makes significant changes to your database and other site files which can be problematic, so a
backup is strongly recommended before making any changes to your site with this plugin.
While problems are rare, most support requests involve the failure to make a proper backup
before installation.
iThemes has been building and supporting WordPress tools since 2008. With our full range of
WordPress plugins, themes and training, WordPress security is the next step in providing you
with everything you need to build the WordPress web.
User action logging - track when user's edit content, login or logout
Dashboard Widget - manage important tasks such as user banning and system
scans right from the WordPress dashboard.
Online file comparison - When a file change is detected it will scan the origin of
the files to determine if the change was malicious or not. Currently works only in
WordPress core but plugins and themes are coming.
wp-cli integration - Manage your site's security from the command line.
Obscure
iThemes Security hides common WordPress security vulnerabilities, preventing attackers from
learning too much about your site and away from sensitive areas like your site's login, admin,
etc.
Changes the URLs for WordPress dashboard areas including login, admin and
more
Completely turns off the ability to login for a given time period (away mode)
Removes theme, plugin, and core update notifications from users who do not
have permission to update them
Protect
Hiding parts of your site is helpful, but won't prevent all attacks. In addition to obscuring
sensitive areas of your WordPress site, iThemes Security works to protect it by blocking bad
users and increasing the security of passwords and other vital information.
Scans your site to instantly report where vulnerabilities exist and fixes them in
seconds
Prevents brute force attacks by banning hosts and users with too many invalid
login attempts
Detect
iThemes Security monitors your site and reports changes to the filesystem and database that
might indicate a compromise. iThemes Security also works to detect bots and other attempts to
search vulnerabilities.
Run a scan for malware and blacklists on the homepage of your site
Receive email notifications when someone gets locked out after too many
failed login attempts or when a file on your site has been changed.
Recover
iThemes Security makes regular backups of your WordPress database, allowing you to get
back online quickly in the event of an attack. Use iThemes Security to create and email
database backups on a customizable schedule.
For complete site backups and the ability to restore or move WordPress easily, check
out BackupBuddy by iThemes.
Other Benefits
Makes it easier for users not accustomed to WordPress to remember login and
admin URLs by customizing default admin URLs
Detects hidden 404 errors on your site that can affect your SEO such as bad
links and missing images
Removes the existing jQuery version used and replaces it with a safe version
(the version that comes default with WordPress).
Tutorials
Learn how to use iThemes Security with our series of in-depth tutorial videostaught by lead
developer Chris Wiegman:
Getting Started
Global Settings
404 Detection
Away Mode
Banned Users
Compatibility
Works with Apache, LiteSpeed or NGINX (Note: NGINX will require you to
manually edit your virtual host configuration)
Features like database backups and file checks can be problematic on servers
without a minimum of 64MB of RAM. All testing servers allocate 128MB to WordPress and
usually don't have any other plugins installed.
Translations
Warning
Please read the installation instructions and FAQ before installing this plugin. iThemes Security
makes significant changes to your database and other site files which can be problematic, so a
backup is strongly recommended before making any changes to your site with this plugin.
While problems are rare, most support requests involve the failure to make a proper backup
before installation.
---------------------------------------------