Bagaimana cara mengamankan situs WordPress Anda?

[tonymartin]

Anda bisa melalui beberapa plugin keamanan WordPress terbaik yang pasti membuat situs Anda aman dari peretas.

Sucuri Security - Auditing, Malware Scanner dan Pengerasan Keamanan
Keamanan iThemes
Keamanan Wordfence
WP fail2ban
Semua Dalam Satu Keamanan & Firewall WP
Jetpack
SecuPress
Keamanan BulletProof
VaultPress
Google Authenticator - Autentikasi Dua Faktor

Plugin keamanan terbaik ini melakukan hal berikut

Pemantauan keamanan aktif
Pemindaian file
Pemindaian perangkat lunak jahat
Pemantauan daftar hitam
Pengerasan Keamanan
Tindakan pasca-peretasan
Firewall
Perlindungan serangan kekuatan brute
Pemberitahuan ketika ancaman keamanan terdeteksi

 

[BikinDesainSitus]

terima kasih sharingnya, mungkin perlu diberi keterangan, mana yang lebih unggul

Anda bisa melalui beberapa plugin keamanan WordPress terbaik yang pasti membuat situs Anda aman dari peretas.

kalau dari suhu2 di sini biasanya pakai istilah tidak ada system yang 100% aman.

 

[DEWABIZ.COM]

tidak ada system yang 100% aman.

Saya setuju,
Tp untuk plugin-plugin yg disebut diatas sangat membantu untuk meningkatkan keamanan pada situs berbasis wordpress

 

[Yundar Setiawan]

Sangat bermanfaat bang..

 

[ulajuhda]

kalau menurut saya tidak ada system yg aman 100%

ada beberapa tool yg digunakan yag sering digunakan para atacker2

misal contoh seperti ini
1. Wp-Scan ( buat melihat didalam wordpressnya ada bug gak )

C:\WPScan>ruby wpscan.rb --url http://www.sensordomain.co.id --enumerate u
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 2.9.4-dev
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
_______________________________________________________________

It seems like you have not updated the database for some time.
[?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]n
The remote host tried to redirect to: http://sensordomain.co.id/
[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]
[+] URL: http://www.sensordomain.co.id/
[+] Started: Mon May 21 09:05:38 2018

[+] robots.txt available under: 'http://www.sensordomain.co.id/robots.txt'
[+] Interesting entry from robots.txt: http://www.sensordomain.co.id/wp-admin/admin-ajax.php
[+] Interesting header: SERVER: Apache/2.4.29 (Unix) OpenSSL/1.0.1e-fips
[+] Interesting header: X-CNECTION: close
[+] Interesting header: X-POWERED-BY: PHP/5.6.30
[+] This site has 'Must Use Plugins' (http://codex.wordpress.org/Must_Use_Plugins)
[+] XML-RPC Interface available under: http://www.sensordomain.co.id/xmlrpc.php
[!] Upload directory has directory listing enabled: http://www.sensordomain.co.id/wp-content/uploads/
[!] Includes directory has directory listing enabled: http://www.sensordomain.co.id/wp-includes/

[+] WordPress version 4.9.3 (Released on 2018-02-05) identified from meta generator, links opml
[!] 4 vulnerabilities identified from the version number

[!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
Reference: https://wpvulndb.com/vulnerabilities/9021
Reference: https://baraktawily.blogspot.fr/2018/02/...sites.html
Reference: https://github.com/quitten/doser.py
Reference: https://thehackernews.com/2018/02/wordpr...ploit.html
Reference: https://cve.mitre.org/cgi-bin/cvename.cg...-2018-6389

[!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
Reference: https://wpvulndb.com/vulnerabilities/9053
Reference: https://wordpress.org/news/2018/04/wordp...e-release/
Reference: https://github.com/WordPress/WordPress/c...d9aec18216
Reference: https://cve.mitre.org/cgi-bin/cvename.cg...2018-10101
Fixed in: 4.9.5

[!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
Reference: https://wpvulndb.com/vulnerabilities/9054
Reference: https://wordpress.org/news/2018/04/wordp...e-release/
Reference: https://github.com/WordPress/WordPress/c...f850eedc7e
Reference: https://cve.mitre.org/cgi-bin/cvename.cg...2018-10100
Fixed in: 4.9.5

[!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
Reference: https://wpvulndb.com/vulnerabilities/9055
Reference: https://wordpress.org/news/2018/04/wordp...e-release/
Reference: https://github.com/WordPress/WordPress/c...412c77850d
Reference: https://cve.mitre.org/cgi-bin/cvename.cg...2018-10102
Fixed in: 4.9.5

[+] WordPress theme in use: bb-theme-child - v1.0

[+] Name: bb-theme-child - v1.0
| Location: http://www.sensordomain.co.id/wp-content/t...eme-child/
[!] Directory listing is enabled: http://www.sensordomain.co.id/wp-content/t...eme-child/
| Style URL: http://www.sensordomain.co.id/wp-content/t.../style.css
| Referenced style.css: http://sensordomain.co.id/wp-content/theme.../style.css
| Theme Name: Beaver Builder Child Theme
| Theme URI: http://www.wpbeaverbuilder.com
| Description: An example child theme that can be used as a starting point for custom development.
| Author: The Beaver Builder Team
| Author URI: http://www.fastlinemedia.com

[+] Detected parent theme: bb-theme - v1.6.1

[+] Name: bb-theme - v1.6.1
| Location: http://www.sensordomain.co.id/wp-content/themes/bb-theme/
| Changelog: http://www.sensordomain.co.id/wp-content/t...ngelog.txt
| Style URL: http://www.sensordomain.co.id/wp-content/t.../style.css
| Theme Name: Beaver Builder Theme
| Theme URI: http://www.wpbeaverbuilder.com/?utm_medi...admin-page
| Description: A customizable theme with a simple yet robust set of theme options.
| Author: The Beaver Builder Team
| Author URI: http://www.wpbeaverbuilder.com/?utm_medi...admin-page

[+] Enumerating plugins from passive detection ...
[+] No plugins found

[+] Enumerating usernames ...
[!] Stop User Enumeration plugin detected, results might be empty. However a bypass exists for v1.2.8 and below, see stop_user_enumeration_bypass.rb in C:/WPScan
[+] Identified the following 1 user/s:
+----+--------------+---------------------+
| Id | Login | Name |
+----+--------------+---------------------+
| 1 | calibreworks | calibreworks – Bank |
+----+--------------+---------------------+

[+] Finished: Mon May 21 0900 2018
[+] Requests Done: 408
[+] Elapsed time: 00:09:22

lhttps://github.com/wpscanteam/wpscan

2. WP Grab Info v2

C:\Perl64\bin>perl WP-Grab.pl -u http://sensordomain.co.id

____ ,
/---.'.__ ____//
'--.\ /.---'
_______ \ //
/.------.\ \| .'/ ______
// ___ \ \ ||/|\ // _/_----.\__
|/ /.-.\ \ \:|< >|// _/.'..\ '--'
// \'. | \'.|.'/ /_/ / \
// \ \_\/" ' ~\-'.-' \
// '-._| :H: |'-.__ \
// {/'==='\}'-._\ ||
|| \ \|
|| \ '
|/ \
||
WP Grab Info v2 ||

'
[+] http://sensordomain.co.id
[+] User: calibreworks
[+] Version: 4.9.3
[+] Can't Get Theme
[+] Plugin: formidable
[+] Plugin: bb-plugin
[+] Plugin: simple-follow-me-social-buttons-widget
[+] Plugin: sitepress-multilingual-cms
[+] Plugin: ajax-search-lite
[+] Plugin: ubermenu
[+] Plugin: jetpack
[+] Plugin: bb-ultimate-addon
[+] Plugin: scroll-back-to-top
[+] Plugin: wp-postviews
[+] Plugin: tablepress

3. bruteforce password


solusi aja mungkin menggunakan wp statis
https://wp2static.com/