Secur|ty And .

htaccess |n Wordress
|=---------------=[ Securlty And .htaccess ln Wordress ]= --------------=|
|=----------------------=[ Author : [os_all_[oe ]=----------------------=|
|=---------------------=[ [osall[oe[hotmall.com ]=----------------------=|
1hls artlcle l'm made relerence artlcles lrom r3m1ck entltled Securlng your Wordress (lndoneslan
verslon)
ost ln : http://www.explolt -ld.com/artlcles/securlng-your-wordpress-lndoneslan-verslon
1hls artlcle ls only a llttle extra lrom my brother r3m1ck
okay now go to slmple artlcles Securlty And .htaccess ln Wordress
Culte a lot ol securlty loopholes Wordress. Cenerally located on root dlrectory. 1here ls also located on
the parent dlrectory / maln.
cMS Wordress conslsts ol three maln dlrectorles :
1. wp-odmin
2. wp-content
3. wp-inc/udes
ln each dlrectory contalns qulte a lot ol llles. ln lact there are more dlrectorles ln ol maln dlrectory.So,
Any securlty Wordress cMS loopholes ln current dlrectory,especlally ll explolted vla u8L?uere ls
complete llst ol Wordress vulnerabllltles that could lead to 'bug' ln the lorm ol error messages.
complete wlth securlty
1. doma|nname]wp-sett|ngs.php
Securlty 1lps
1. Logln to your hostlng control panel ( domalnname/cpanel).
2. Co to maln Wordress lolder.
ll uslng cpanel, go to publlc_html> wp-settlngs.php
ll uslng Spanel, go to the slte dlrectory> slte's domaln name> www> wp -settlngs.php
3. Add / paste the code to ellmlnatlng error :
lnl_set(dlsplay_errors", 0),
error_reportlng(0),
reclsely at bottom ol the openlng code lrom u <?php
look lmages
4. cllck save to new settlngs.
2. doma|nname]wp-adm|n]f||ename
uere ls a llst ol lllenames ln your wp-admln dlrectory that could brlng up an error when explolted vla a
u8L:
admln-lunctlons.php
menu.php
menu-header.php
optlons-head.php
upgrade-lunctlons.php
Lxamples ol vulnerabllltles : http://your.domaln.name.com/wp -admln/menu.php
Securlty 1lps
1. llke wlth the above method, Add / paste the code to ellmlnatlng error
example ll llle menu.php .
lnl_set(dlsplay_errors", 0),
error_reportlng(0),
look lmages
3. uo the same ln llles contalned ln the wp-admln, as ln llst above
4. locatlon dlrectory :
publlc_html > wp-admln > lllename (ll uslng canel)
go to slte dlrectory> domalnname> www> wp -admln (ll uslng Sanel)
Lxamples ol securlty : http://your.domaln.name.com/wp-admln/menu.php
3. doma|nname]wp-adm|n]|nc|udes]
doma|nname]wp-adm|n]|nc|udes]f||ename
1hls dlrectory contalns qulte a lot ol 'bugs' or vulnerabllltles ll explolted lurther to llles. Wlth a u8L
pattern as above, then error that dlsplays the hostlng account username could be look / appear.
Lxamples ol vulnerabllltles : http://your.domaln.name.com/wp-admln/lncludes/admln.php, uere ls a llst
ol lllenames ln your wp-admln dlrectory that could brlng up an error when explolted vla u8L:
admln.php
class-ltp-pure.php
class-ltp-sockets.php
class-ltp.php
class-wp-lllesystem-dlrect.php
class-wp-lllesystem-ltpext.php
class-wp-lllesystem-ltpsockets.php
class-wp-lllesystem-ssh2.php
comment.php
contlnents-cltles.php
llle.php
medla.php
mlsc.php
plugln-lnstall.php
plugln.php
template.php
theme-lnstall.php
update.php
upgrade.php
user.php
uow to Secure ?
?ou slmply create a llle .htacces ln wp-admln/lncludes dlrectory.
1. Logln to your hostlng control panel (domalnname/cpanel).
2. Co to publlc_html > wp-admln > lncludes (ll uslng canel) , go to slte dlrectory> domalnname>
www> wp-admln > lncludes (ll uslng Sanel)
3. create a new llle ln locatlon ol wp-admln > lncludes . wlth the name .ht acces (ln txt lormat) , txt
llle whlch wlll be rename wlth the name ' .htaccess '.
4. copy under code ln llle .htaccess
# u error handllng lor productlon servers
php_llag dlsplay_startup_errors oll
php_llag dlsplay_errors oll
php_llag html_errors oll
php_llag log_errors on
php_llag lgnore_repeated_errors oll
php_llag lgnore_repeated_source oll
php_llag report_memleaks on
php_llag track_errors on
php_value docrel_root 0
php_value docrel_ext 0
# [see lootnote 3] # php_value error_reportlng 999999999
php_value error_reportlng -1
php_value log_errors_max_len 0
3. cllck save to new settlngs.
1he above code ls uselul lor dlsplaylng error ln general,ellect ol addlng the llle .htaccess wlth the scrlpt
above you can look
http://your.domaln.name.com/wp-admln/lncludes/
http://your.domaln.name.com/wp-admln/lncludes/admln.php
4. doma|nname]wp-|nc|udes
doma|nname]wp-|nc|udes]f||ename
uere ls a llst ol lllenames ln your wp-lncludes dlrectory that could brlng up an error when explolted vla a
u8L:
canonlcal.php
class-leed.php
class.wp-scrlpts.php
class.wp-styles.php
comment-template.php
delault-embeds.php
delault-lllters.php
delault-wldgets.php
leed-atom-comments.php
leed-atom.php
leed-rdl.php
leed-rss.php
leed-rss2-comments.php
leed-rss2.php
general-template.php
kses.php
medla.php
post.php
reglstratlon-lunctlons.php
rss-lunctlons.php
rss.php
scrlpt-loader.php
shortcodes.php
taxonomy.php
template-loader.php
theme.php
update.php
vars.php
wp-db.php
user.php
Securlty 1lps
1. Logln to your hostlng control panel (domalnname/cpanel).
2. Co to publlc_html > wp-lncludes (ll uslng canel) , go to slte dlrectory> domalnname> www> wp -
lncludes (ll uslng Sanel)
3. create a new llle ln locatlon ol wp-admln > lncludes . wlth the name .htacces (ln txt lormat) , txt
llle whlch wlll be rename wlth the name ' .htaccess '
4. copy under code ln llle .htaccess
<llmodule mod_rewrlte.c>
8ewrlteLnglne Cn
8ewrlte8ase /
8ewrlte8ule .*\.php$ http://your.domaln.name.com/ [L]
uselul to swltch to the lront page ol your domaln slte ll there ls a access your domaln slte through the
u8L .
8elerensl :
http://codex.wordpress.org/
http://google.com/
1o 8e contlnue :u
Speclal 1hanks :
Allah SW1, Muhamad SAW
My slster nablla and uyah, My Lovely lltrl Ardlyadlla .
lndoneslan coder 1eam , Lxplolt -lu , kebumen cyber crew, uevllz code, Lxplore crew , Magelang cyber
, Malang cyber
My 8est lrlend :
kaMtlLz, Ll-larhatz, r3m1ck, adeyonatan ( 1hanks 8ro your Support \m/ )