{"id":10413,"date":"2015-04-03T11:30:55","date_gmt":"2015-04-03T09:30:55","guid":{"rendered":"https:\/\/gks.com.ua\/bezopasnost-sajta-wordpress-3.html"},"modified":"2021-10-17T14:59:11","modified_gmt":"2021-10-17T11:59:11","slug":"security-site-wordpress-3","status":"publish","type":"post","link":"https:\/\/gks.com.ua\/en\/security-site-wordpress-3.html","title":{"rendered":"Security of  site on WordPress. Part 3"},"content":{"rendered":"<p>In previously article we tell you about some important moments that are necessary for security of you website. Any site can be subject to possible attacks. Therefore it is necessary to know how to prevent them.<br \/>\nIn this article, we&#8217;ll show you how to protect directories, the admin panel of your site and more.<\/p>\n<p><strong style=\"font-size: 18px;\">1. Directory.<\/strong><br \/>\nDirectories that are in your site must to be closed. Now you can check your directories is close or no. Please follow link of your site: http:\/\/yourdomain\/directory\/ (for example, http:\/\/yourdomain\/wp-includes). If you don\u2019t close your directory, you will see all of files in directory as same as functions.php, post-formats.php \u2026, So at now you can understand why we must to disable directory!<br \/>\n<strong>How we can disable directory for site?<\/strong> We have 2 ways:<\/p>\n<ul>\n<li>by <strong>.htaccess<\/strong> (for <em>Linux<\/em> host and host that allow it).<br \/>\nThis is easy, add this code to your .htacess in main directory:<\/p>\n<pre class=\"code_art\"><code># PREVENT DIRECTORY LISTINGS\r\nOptions \u2013Indexes<\/code><\/pre>\n<\/li>\n<li>by adding <strong>index.html<\/strong> file to directory (for <em>windows<\/em> server host that don\u2019t allow .htaccess):\n<pre class=\"code_art\"><code>&lt;!DOCTYPE&gt;\r\n&lt;html xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\"&gt;\r\n&lt;head&gt;\r\n&lt;meta http-equiv=\"Content-Type\" content=\"text\/html; charset=UTF-8\" \/&gt;\r\n&lt;title&gt;Untitled Document&lt;\/title&gt;\r\n&lt;\/head&gt;\r\n&lt;body&gt;\r\n&lt;h1&gt;Directory Listing Disabled!&lt;\/h1&gt;\r\n&lt;\/body&gt;\r\n&lt;\/html&gt;<\/code><\/pre>\n<\/li>\n<\/ul>\n<p><strong style=\"font-size: 18px;\">2.Protect admin.<\/strong><br \/>\nWe must to protect wp-admin from another people because they do not need it! How we can do it? By adding .htaccess file to this folder (wp-admin). You must get <em>your IP<\/em> and add to this .htaccess:<\/p>\n<pre class=\"code_art\"><code># SECURE WP-ADMIN \r\n&lt;FilesMatch \".*\"&gt;  \r\nOrder Deny,Allow  \r\nDeny from all  \r\nAllow from 123.456.78.9\r\n &lt;\/FilesMatch&gt;<\/code><\/pre>\n<p>Then by <strong>proxy test<\/strong> your site. You will see that you can go to admin panel but for another people it will be Forbidden.<br \/>\nYou can add several IP that you want to have access to your admin.<\/p>\n<p><strong style=\"font-size: 18px;\">3. WordPress version.<\/strong><br \/>\nOne of the biggest part for secure site and keep out from bad boy is that block sensitive information such as WordPress <em>version.<\/em><br \/>\nWhen you see code of site in 3 places you will see WordPress version in header:<\/p>\n<ul>\n<li>the version number displayed in web pages;<\/li>\n<li>the wp version number is displayed in rss feeds;<\/li>\n<li>the wp version number is displayed in other feeds.<\/li>\n<\/ul>\n<p>We don\u2019t want nobody see this information. So we must to go to the active theme folder and find file <span style=\"color: red;\">function.php<\/span>. In the <span style=\"color: red;\">end of this file (before ?&gt;)<\/span> add code bellow then save.:<\/p>\n<pre class=\"code_art\"><code>\/\/ remove version number from head &amp; feeds\r\nfunction disable_version() { return ''; }\r\nadd_filter('the_generator','disable_version');\r\nremove_action('wp_head', 'wp_generator');<\/code><\/pre>\n<p>After this actions you will see that version WordPress will not be show more in pages and feed! That was our goal.<\/p>\n<p><strong style=\"font-size: 18px;\">4. Hotlinking.<\/strong><br \/>\nAs you know link in your site meaning <span style=\"color: red;\">hotlink<\/span> that may be file, picture, video or another things \u2026from another site. How we can avoid hotlink in our site?<br \/>\nYou can add code bellow to your <em>.htaccess<\/em> file (in main directory of files):<\/p>\n<pre class=\"code_art\"><code># HOTLINK PROTECTION \r\n&lt;IfModule mod_rewrite.c&gt;\r\n RewriteEngine on\r\n RewriteCond %{HTTP_REFERER} !^$\r\n RewriteCond %{REQUEST_FILENAME} -f\r\n RewriteCond %{REQUEST_FILENAME} \\.(gif|jpe?g?|png|docx)$ [NC]\r\n RewriteCond %{HTTP_REFERER} !^https?:\/\/([^.]+\\.)?<span style=\"color: red;\">example<\/span>\\. [NC]\r\n RewriteRule \\.(gif|jpe?g?|png)$ - [F,NC,L]\r\n&lt;\/IfModule&gt;<\/code><\/pre>\n<p>Change <span style=\"color: red;\">\u00abexample\u00bb<\/span> to address of your site <span style=\"color: red;\">without .com (etc)<\/span>, then save it to host. As you will see hotlink don\u2019t allow more and additional you can add another format to this file in line 6.<\/p>\n<p>We hope that the tips in this article, we could help you in protecting your site. If you have any difficulties, you can <a style=\"text-decoration: underline;\" href=\"https:\/\/gks.com.ua\/en\/contacts\">write to us<\/a>. GKS Web Studio Team will advise you on any questions.<\/p>\n<p>In the <a style=\"text-decoration: underline;\" href=\"https:\/\/gks.com.ua\/en\/security-site-wordpress-4.html\" target=\"_blank\" rel=\"noopener\">next article<\/a>, we will share some more secrets of how to protect your site onWordpress.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In previously article we tell you about some important moments that are necessary for security of you website. Any site can be subject to possible attacks. Therefore it is necessary to know how to prevent them. In this article, we&#8217;ll show you how to protect directories, the admin panel of your site and more. 1. <\/p>\n","protected":false},"author":2,"featured_media":9035,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[362],"tags":[392,406,436,373],"_links":{"self":[{"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/posts\/10413"}],"collection":[{"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/comments?post=10413"}],"version-history":[{"count":2,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/posts\/10413\/revisions"}],"predecessor-version":[{"id":10419,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/posts\/10413\/revisions\/10419"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/media\/9035"}],"wp:attachment":[{"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/media?parent=10413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/categories?post=10413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/tags?post=10413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}