Jul 03

10 Useful WordPress Security Tweaks

Web Development, Wordpress, web design, webmaster by surajit kayalNo Comments »
Tags: , ,

1. Prevent Unnecessary Info From Being Displayed
2. Force SSL Usage
3. Use .htaccess To Protect The wp-config File
4. Blacklist Undesired Users And Bots
5. Protect Your WordPress Blog From Script Injections
6. Fight Back Against Content Scrapers
7. Create A Plug-In To Protect Your Blog From Malicious URL Requests
8. Remove Your WordPress Version Number… Seriously!
9. Change The Default “Admin” Username
10. Prevent Directory Browsing

Source: http://bit.ly/drXo8o

Jan 27

Protect The Admin Area In WordPress

Web Development, Wordpress, php by surajit kayalNo Comments »
Tags: , ,

The administration area of a Web application is a favorite target of hackers and thus particularly well protected. The same goes for WordPress: when creating a blog, the system creates an administrative user with a perfectly secure password and blocks public access to the settings area with a log-in page. This is the cornerstone of its protection. Let’s dig deeper!

This article focuses on defending the administration area of WordPress, meaning all those pages in the wp-admin folder (or http://www.yourblog.com/wp-admin/) that are displayed after a user a verified. We bolded the phrase “after a user is verified” deliberately: it should be explicitly understood that only a simple query stands in the way of an evil hacker and the powerful admin area of your whole blog. The latter is only as strong as the passwords that are generated.

To make an attack more difficult, you should perform the following actions manually. These solutions do not guarantee 100% security, but you can create effective stumbling blocks on a hacker’s way to the administration area. Read More…

Oct 25

OAuth on the iPhone

mobile by surajit kayalNo Comments »
Tags: ,

Anyone who’s interested in security on the web has probably already heard of OAuth. I’ll skip the details of how OAuth works, since that information is available elsewhere, but here’s the short version (OAuth veterans may choose to skip the next three paragraphs):

Before we get started, let me define a bit of terminology from the OAuth Spec:

  • Service Provider: A web application that allows access via OAuth.
  • User: An individual who has an account with the Service Provider.
  • Consumer: A website or application that uses OAuth to access the Service Provider on behalf of the User.
  • Protected Resource(s): Data controlled by the Service Provider, which the Consumer can access through authentication.