{"id":10642,"date":"2015-04-02T18:05:05","date_gmt":"2015-04-02T16:05:05","guid":{"rendered":"https:\/\/gks.com.ua\/security-site-wordpress-4.html"},"modified":"2021-10-17T15:58:37","modified_gmt":"2021-10-17T12:58:37","slug":"security-site-wordpress-4","status":"publish","type":"post","link":"https:\/\/gks.com.ua\/en\/security-site-wordpress-4.html","title":{"rendered":"Security of  site on WordPress. Part 4"},"content":{"rendered":"<p>In a <a style=\"text-decoration: underline;\" href=\"https:\/\/gks.com.ua\/en\/security-site-wordpress-3.html\">previous article<\/a> we told you how to hide the version of WordPress, close the site for adding a hotlinks, how to protect the directories and the admin panel of your site. Today we share with you some more secrets security site on <em>WordPress<\/em>.<\/p>\n<p><strong style=\"font-size: 18px;\">1. Install.php in WordPress.<\/strong><br \/>\nAs you know <strong>install.php (in folder wp-admin)<\/strong> is one of the most important file for installing WordPress. But <em>after that you installed this CMS this file will be unnecessary file more<\/em>. So, must to protect it or delete it. Do not be worry to delete this file! For updating WordPress you will not have problem because this file is in WordPress and you can easily add it to host when you want to update. But do not forget if do not delete or do not protect this file you will be goal for bad program and hacker! We have 3 different way that you can save site from attack to this file :<\/p>\n<ul>\n<li>First way is easy and the most useful way, <strong>delete this file<\/strong>. You do not need it.<\/li>\n<li>Via <em>.htaccess<\/em>: you must to put this .htaccess file to folder wp-admin and<strong> protect install.php<\/strong> in folder wp-admin but if your host allow .htaccess:\n<pre class=\"code_art\"><code># PROTECT install.php\r\n&lt;Files install.php&gt;\r\nOrder Allow,Deny\r\nDeny from all\r\nSatisfy all\r\n&lt;\/Files&gt;<\/code><\/pre>\n<\/li>\n<li>If you do not want to delete this file or your host do not allow .htaccess you can easily <em>change name<\/em> of this file to another! For example, change name install.php to mysafe-install.php. By this way you will a little more save it! And you can put this install.php to your host:\n<pre class=\"code_art\"><code>&lt;?php header(\"HTTP\/1.1 503 Service Temporarily Unavailable\"); ?&gt;\r\n&lt;?php header(\"Status 503 Service Temporarily Unavailable\"); ?&gt;\r\n&lt;?php header(\"Retry-After 3600\"); \/\/ 60 minutes ?&gt;\r\n&lt;?php mail(\"your@email.com\", \"Database Error\", \"There is a problem with teh database!\"); ?&gt;\r\n&lt;!DOCTYPE HTML PUBLIC \"-\/\/W3C\/\/DTD XHTML 1.0 Strict\/\/EN\" \"http:\/\/www.w3.org\/TR\/xhtml1\/DTD\/xhtml1-strict.dtd\"&gt;\r\n&lt;html xml:lang=\"en\" xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\" lang=\"en\"&gt;\r\n&lt;head&gt;\r\n&lt;meta http-equiv=\"Content-Type\" content=\"text\/html; charset=utf-8\" \/&gt;\r\n&lt;title&gt;Error Establishing Database Connection&lt;\/title&gt;\r\n&lt;\/head&gt;\r\n&lt;body&gt;\r\n&lt;img src=\"images\/wordpress-logo.png\" \/&gt;\r\n&lt;h1&gt;Error Establishing Database Connection&lt;\/h1&gt;\r\n&lt;p&gt;We are currently experiencing database issues. Please check back shortly. Thank you.&lt;\/p&gt;\r\n&lt;\/body&gt;\r\n&lt;\/html&gt;<\/code><\/pre>\n<\/li>\n<\/ul>\n<p><span style=\"color: red;\">After this you have two file install.php and mysafe-install.php.<\/span><\/p>\n<p><strong style=\"font-size: 18px;\">2. No Referrer!<\/strong><br \/>\nWordpress is blog, it is target for all spammer that want to post to your site advertising, hotlink, picture, or another things. If you do not want this spam must to use plugin or use <em>.htaccess file in main directory<\/em>. For test your site that is open or not please see <a style=\"text-decoration: underline;\" href=\"http:\/\/www.botsvsbrowsers.com\/SimulateUserAgent.asp\" target=\"_blank\" rel=\"noopener nofollow\">resource<\/a>.<br \/>\nAnd write URL as same as sample http:\/\/www.yoursite.com\/wp-comments-post.php.<br \/>\nAs you see your site is target for spammer! You can<strong> close it<\/strong> by put code to .htaccess file to your host ( if your host do not allow you can use plugin as same as <strong>\u0410kismet<\/strong> that is default in WordPress ):<\/p>\n<pre class=\"code_art\"><code># block comment spam \r\nRewriteEngine On\r\nRewriteCond %{REQUEST_METHOD} POST\r\nRewriteCond %{REQUEST_URI} .wp-comments-post\\.php*\r\nRewriteCond %{HTTP_REFERER} !.*yousite.com.* [OR]\r\nRewriteCond %{HTTP_USER_AGENT} ^$\r\nRewriteRule ^(.*)$ ^ http:\/\/example.com\/$ [R=301,L]<\/code><\/pre>\n<p><strong>OR<\/strong><\/p>\n<pre class=\"code_art\"><code># BLOCK NO-REFERRER SPAMS \r\n&lt;IfModule mod_rewrite.c&gt;\r\n RewriteEngine On\r\n RewriteCond %{REQUEST_METHOD} POST\r\n RewriteCond %{HTTP_USER_AGENT} ^$ [OR]\r\n RewriteCond %{HTTP_REFERER} !.*<span style=\"color: red;\">example.com<\/span>.* [NC]\r\n RewriteCond %{REQUEST_URI} \/wp\\-comments\\-post\\.php [NC]\r\n RewriteRule .* http:\/\/example.com\/ [R=301,L]\r\n&lt;\/IfModule&gt;<\/code><\/pre>\n<p><span style=\"color: red;\">Have attention that change example.com to your site address ( full address ), do not need http:\/\/ or www.<\/span><\/p>\n<p>By this method when spammer try to post to your site spam , see redirected to <em>http:\/\/example.com\/<\/em> and this is good for us.<\/p>\n<p><strong style=\"font-size: 18px;\">3. Block Bots.<\/strong><br \/>\nHow we can protect site from bad bots? We propose to you that use this code in <em>.htaccess<\/em> file if for your host it is acceptable:<\/p>\n<pre class=\"code_art\"><code># BLOCK BAD BOTS\r\n&lt;IfModule mod_setenvif.c&gt;\r\n SetEnvIfNoCase User-Agent ^$ keep_out\r\n SetEnvIfNoCase User-Agent (casper|cmsworldmap|diavol|dotbot)   keep_out\r\n SetEnvIfNoCase User-Agent (flicky|ia_archiver|jakarta|kmccrew) keep_out\r\n SetEnvIfNoCase User-Agent (libwww|planetwork|pycurl|skygrid|badbot)   keep_out\r\n SetEnvIfNoCase User-Agent (purebot|comodo|feedfinder) keep_out\r\nSetEnvIfNoCase User-Agent (<span style=\"color: red;\">badbot<\/span>)   keep_out\r\n &lt;Limit GET POST PUT&gt;\r\n  Order Allow,Deny\r\n  Allow from all\r\n  Deny from env=keep_out\r\n &lt;\/Limit&gt;\r\n&lt;\/IfModule&gt;<\/code><\/pre>\n<p>You can add another bad bot system in line by use new line, for example we added <span style=\"color: red;\">badbot<\/span> to line. You can add any system that you know is bad bot system .<\/p>\n<p>We hope that this article help to you that save your <a style=\"text-decoration: underline;\" href=\"https:\/\/gks.com.ua\/en\/business-card-site\">site<\/a> more! Please be connected with <a style=\"text-decoration: underline;\" href=\"https:\/\/gks.com.ua\/en\/services\">GKS Web Studio<\/a> know more about security of your site.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a previous article we told you how to hide the version of WordPress, close the site for adding a hotlinks, how to protect the directories and the admin panel of your site. Today we share with you some more secrets security site on WordPress. 1. Install.php in WordPress. As you know install.php (in folder <\/p>\n","protected":false},"author":2,"featured_media":9038,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[362],"tags":[406,436,373],"_links":{"self":[{"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/posts\/10642"}],"collection":[{"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/comments?post=10642"}],"version-history":[{"count":1,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/posts\/10642\/revisions"}],"predecessor-version":[{"id":10645,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/posts\/10642\/revisions\/10645"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/media\/9038"}],"wp:attachment":[{"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/media?parent=10642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/categories?post=10642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/tags?post=10642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}