Protect Wordpress Login with Apache htpasswd and htaccess | Wordpress login pages left public are a target for brute force attacks or other vulnerabilities. I’ll show you how to keep the Wordpress login protected with Apache htpasswd and htaccess!
How to Create MySQL database and user
How to Create MySQL database and user | Here is quick way to create a MySQL database and user. This is useful for WordPress, Drupal, or other LAMP apps. Login to MySQL with the MySQL root password: $ mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 5 Server version:
Apache WordPress Drupal Website Permissions
Apache WordPress Drupal Website Permissions | Permissions on a Linux webserver is an often confusing topic but hopefully I can clear the mud. There may not be one right answer for all, but below are some suggested configurations! The following applies to WordPress, Drupal, or any similar application. Two concepts to hang on to: – In Linux there are users who
Wordfence: Security Plugin for WordPress
Wordfence: Security Plugin for WordPress | Here is a review of Wordfence, a WordPress security : Wordfence: Security Plugin for WordPress If you find this topic interesting, you may also be interested in Expert Pen Testing or CISSP training. Cool!
A Closer Look at WordPress Password Hashes
A Closer Look at WordPress Password Hashes | Check out this write up on WordPress password hashes: A Closer Look at WordPress Password Hashes If you find this topic interesting, you may also be interested in Expert Pen Testing or CISSP training. Check it out!
Protect Against XSS by Enabling HttpOnly for Linux Apache PHP
Protect Against XSS by Enabling HttpOnly for Linux Apache PHP | HttpOnly is a session cookie flag created to protect against cross site scripting and theft of session cookies. For good security, this should be enabled for PHP running under Apache especially for sites such as WordPress, Drupal, Joomla, and other popular PHP-based web applications. OWASP has some information on HttpOnly. I’ll show you how to
In-Depth WordPress Security
In-Depth WordPress Security | Here is an excellent write up on WordPress Security: In-Depth WordPress Security If you find this topic interesting, you may also be interested in Expert Pen Testing training. Check it out!
BlindElephant – Web Application Fingerprinting
BlindElephant – Web Application Fingerprinting | BlindElephant is a nifty python app that fingerprints web applications such as wordpress, drupal, mediawiki, phpbb, joomla, and many others to determine the version of the web application. BlindElephant works via a new trendy technique of fetching static elements of the web app such as .js, .css, and other core files then running a checksum
WPScan WordPress Vulnerability Scanner
WPScan WordPress Vulnerability Scanner | WPScan is a nifty WordPress vulnerability scanner. It can do things such as scan for installed plugins and provide vulnerability information based on results. It is part of Backtrack, which is handy as well! Here’s how wpscan looks checking scottlinux.com: root@bt:/pentest/web/wpscan# ruby wpscan.rb –url scottlinux.com –enumerate p
