WordPress Security: Securing Sites From Hackers / Future Attacks


As WordPress is the most popular CMS available on the web but also vulnerable to threats if we don't follow the necessary security measures.

In one of previous guest post, Sarah Rexman mentioned some tips about securing WordPress and in this post I'm gonna share my own experience. While working as freelancer on oDesk, Elance and Freelancer; clients always have issues about securing their sites from hackers and ask about how to prevent from future attacks. So consider these points to secure your WordPress site for now and future:
  • Keep your WordPress up to date. Latest stable version is 4.7.5 released on 16th May, 2017.
  • Keep your all plugins, themes up to date.
  • Always keep backup of your database, files and make it update after some interval.
  • If site has been compromised, then you must change your salt keys from your wp-config.php file under root directory. You can generate new keys from here. It will force all users to have to log in again.
  • Change your all passwords associated with site at regular interval.
  • Use strong passwords for all logins. Include the mixture of atleast one uppercase letter, lowercase letter, special character, number.
  • Change your WP-Admin username from admin to some other name.
  • Change database prefix from wp_ to some other complicated characters to avoid zero-day SQL injection attacks.
  • Remove timthumb script if your site running it as its no longer supported or maintained.
  • Use plugins after testing it properly. Going through plugin review, Google search will let you know about the reputation of the plugin.
  • Keep track of latest visitors through log files for tracking site users. If you find any suspicious activity at any particular time, then logs files might help you to know a bit about the attacker.
  • Change permissions for .htaccess, wp-config.php, themes main files to 444.
  • Proper file permissions for other files and folders. Best practice is to use 644 for files and 755 for folders.
  • Keep your own system virus free.
  • Always try accessing the site credentials from your own system only.
  • Validate all user inputs  like URL, image uploads etc.
  • Keep track of WP-Admin, FTP accounts user section for any unauthorized user.
  • You can also use Wordfence plugin to monitor from malicious scripts.
  • Put some security to the server on which your site is hosted, either it hosted on dedicated or a shared server.
  • Keep updated with latest vulnerabilities.
Is your own site get infected with malware/virus, contact me through contact form to get rid of malware with future security implementation. In some cases, site might be hit by pharma hack, you can check it either through site content or by searching your site on Google with query "site:example.com pharma"

Having any further issue? Please comment down!

How To Protect In Cafe/Public Computers While Surfing Internet?

Protect in Cafe
People who surf internet on cafe/public computers, are more vulnerable to be hacked, reason is simple! They are unaware from the software installed on public computers, their privileges. It's always secure to access internet from your personal computers, but some times you have to access it from other places like cafe, your friend computer. So what if you wanna to secure yourself from these hacks? Two things you must keep in mind while surfing from pubic computers:

1. Always prefer to private browsing. Mostly people are unaware from this wonderful feature of browsers. So what is private browsing and how to enable it?
  • Private Browsing allows you to browse the Internet without saving any information about which sites and pages you’ve visited, private browsing do not save Visited pages, History, Passwords, Cookies and Cache files.
  • For enabling it, press Ctrl+Shift+P for firefox and IE users (For chrome use shortcut Ctrl+Shift+N or check my other post Incognito Window In Google Chrome For Safe Browsing), a prompting window will ask you for starting private browsing.
2. Use On-Screen Keyboard. What to do if you think there is suspicious keylogger installed on system. Don't take risk, use on-screen keyboard. Keyloggers captures information from normal keyboard only. So whenever you do login on your personal internet banking accounts or else, always prefer to use virtual keyboard. You can open it by typing OSK in run.

Tutorial On Shoulder Surfing Technique & How To Prevent From It

Shoulder Surfing
Hello everyone!! Today I'm gonna tell about a cool & funny hacking technique named Shoulder Surfing. Mostly among you would've use this technique before too, but never knew about its name, so let me clear what is shoulder surfing in brief:

Shoulder surfing is the way to obtaining information by looking over any person's shoulder (It's similar to cheating in exam from someone sitting ahead you). For e.g. while filling your personal data like email, password, security pin or while doing transactions from ATMs, person behind you can see what you're typing & grab the sensitive information. It seems weird, but persons who're very slow in typing, mostly become victim of it. Shoulder surfing can also be done through long distance by using binoculars.

How to prevent from this hacking technique?
  • As I recommend, type fast as you can.
  • Know who's behind you while typing.
  • At last but not least, pick strong passwords for email accounts, transactions (so that the person behind you even could not make a guess about what you typed).

    And the best way I found on Google:

Shoulder Surfing Prevention
haha :)

Tutorial On Information Gathering / Foot Printing (Hacking Technique)

Information Gathering
Information gathering or Foot printing is the basic technique of hacking which includes gathering maximum information about the target computer systems. It is a very important part of hacking because the more information about target system we have, more the number of attacks we can launch. Information gathering is the important technique because all other process of hacking based on information that you have. Therefore we must know what information to gather, where to find it, how to collect it & how to process the collected information.

Let's start with an example: Suppose your designation is as a hacker in your company & company wants some information about the target system like physical location, IP records and some details about the specific domain. What you've is only the domain name (e.g. www.example.com) or IP address. There are some practical steps you need to follow while gathering information about target system:
  • First step is to finding the IP address:
    • Go to command prompt> type ping www.example.com
    • It will give you IP of the target system.
  • After getting IP, next step is to know about the physical location of the victim:
    • Go to IP2location from here, enter the IP in search field & hit enter.
    • It will give you details about the physical location of the victim.
  • Now, we have to find out the details of the domain (example.com):
    • Go to who.is or whois.domaindetails.com & type the site address of victim.
    • It will give you details about domain owner, server, domain expiry/creation date.\
  • Use Traceroute for tracing the websites path:
  • Use Google for getting more information about the victim.
Following above methods will help you in getting maximum information about the target system & if you need further information, then google it with your queries.

Some of the tools used for information gathering are nslookup, traceroute & Nmap. Very soon, I will explain about Information Gathering technique using Back Track.

A Guide To Google Hacking Techniques

Google Hacking
Hi everyone!! As we all know Google is the major search engine and #1 ranking site and it's like a part of our daily routine.

Google hacking does not mean to hack Google's site/server, it means likely to be smart in Google search. Almost every kind of information is provided there, but the thing is how you search your queries. In this post I've provided a PPT which is all about Google hacking techniques. I'm sure after completing the whole PPT, you would become more expert in Google search.

PPT is all about learning the basics of Google hacking and finding vulnerabilities in the websites.

You can download it from here.

Whether you search your queries as smart worker or hard worker in Google, depends upon how much you know about it! so start your smart work from right now.

Tutorial On DNS Cache Poisoning (Redirect abc.com By Entering xyz.com In Address Bar)

DNS Cache Poisoning
Hello guys! Today I'm gonna post about a hacking technique named "DNS Spoofing or DNS Cache Poisoning". DNS cache poisoning is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) name server's cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer (often the attacker's). This trick is commonly used by hackers for redirecting original site to fake site (like opening Facebook, Gmail, Orkut would open fake facebook, gmail, orkut). Let's understand it by taking an example:
  • Go to C:\Windows\ System32\ Drivers\ etc\ Hosts
  • Open it with notepad.
  • Write 67.195.160.76 www.google.com below 127.0.0.1 localhost like that:
    127.0.0.1 localhost

    67.195.160.76  www.google.com
Where 67.195.160.76 is IP address of yahoo, you can change it whatever you want. If you are thinking about knowing IP address of any site, then go to command prompt> Type ping site name, for e.g. ping www.facebook.com


Note: Even you can use it for phishing purpose.

    Internet Download Manager v6.0 Beta Full Version Without Using Any Keygen

    IDM Logo
    Download Internet Download Manager v6.0 Beta Full Version Without Using Any Keygen. So no need to be panic. Just download this IDM version and access the full version's feature without any keygen.

    You can download it from here.

    Note: Never update it, when IDM will ask for updating it.



     

    How To Know Location Of Victim & When Your Mail Has Been Read?

    SpyPigHello friends! So do you wanna to know when your friends read your email? Now you can find out when your email has been read by the recipient! No more guessing: "Has he or she read my email yet?"

    SpyPig is a simple email tracking system that sends you a notification by email when the recipient opens your message. It works with virtually all modern email programs: Outlook, Eudora, Yahoo Email, Gmail, Hotmail, AOL Email and many others, follow these steps:
    • Enter your email address under step 1.
    • Any title under step 2.
    • Select image & then copy image location if you are using firefox, paste it in message body or simple drag & drop image, then send it as an attachment to the victim.
    • When victim will open it, you will receive a message with subject "Your email has been read with contents:
      • Email Title:
      • Sent by You:
      • Your IP Address:
      • Opened by Recipient:
      • Recipient Location:
      • Recipient IP Address:
    Note: For more information, visit SpyPig website.

    Best Server Hardware And Network Solution For Your Business

    The serverclub.com is a provider of server hardware and network plans. Just from its name you can understand the specialty of this website:dedicated server services. As why in our modern days the Internet is everything especially for our work, many of companies, web designers, businessmen or bloggers have enjoyed the advantages of the dedicated servers. 

    These servers allow other people to browse your website on the internet. This storage of this data on servers is called hosting. Some people to decrease their costs host their data in shared servers but sometimes have to deal with problems like the server overloading. So, that’s the reason the big companies and the website owners prefer the dedicated servers.

    Dedicated Server
    The ServerClub can provide you exactly this dedicated server hosting. The site provides the best hardware and software services and also very good and useful customer support, all these in very low prices. In additional are available two very profitable offers: to refer a friend and to become a reseller which in simple words means that when for example you recommend the ServerClub services to your friends then you will get the 10% of the rent bill of their server plan every month for the lifetime of their contract. You can also sell servers from your website gaining the 20% of the sales. 

    ServerClub Features:

    • Environmentally friendly technologies and power saving systems at the servers host which help the costs cutting.
    • Reliable hardware combined with amazing bandwidth = perfect hosting.
    • Excellent customer support service.
    • Backup server available in case of failure or overload.
    • Customization of plans and extra requirements depend on the needs.
    • High quality servers (instant setup of Dell’s premium servers with Xeon processors and hardware RAID, the IP network is designed by Cisco)

    In Conclusion


    ServerClub provides all the services which are required to set up dedicated hosting with the best possible features at logical rates. So if you are thinking to switch to dedicated hosting, you are highly recommended totake look onthe ServerClub.

    How To Create Your Own Website For Free With uCoz?

    The www.ucoz.com is a unique website which allows you to build your site easily, for free. It gives you the ability to create a multi-functional website for every topic you want. Either you are a professional or you just want to create a site for your personal purposes have in mind that with the ucoz you have the ability to create a page with your own unique style.

    How it Works?


    The uCoz allows you to create your page from a large number of template options for a functional and interactive site. But it’s good to keep in mind that is a free web builder so do not wait to get the functionality of a paid one. Although the ucoz is a site which gets closer to a paid website planning than the rest of its kind. It is the ideal helper to create your own website for free like personal homepages, online stores, portals, fan sites, blogs and communities, educational and governmental websites and many more.

    uCoz Free Site
    Except offering the typical features to Content Management Systems like the database of site users with division into groups or the RSS import and export, also offers some unique features as special template language which allows you to check different conditions when generating pages,template builder which allows to completely change the design in a very effective way and possibility to extend your website functionality with the help of PHP or third database servers like MySQL and API. It doesn’t require installation, offers many different templates in its template store and a variety of modules, tools and features as well to give your page a sense of your own personality. The good is that uCoz is suitable for both newbies and experienced professionals.

    Why Choose uCoz?


    uCoz has a very good background as works for 7 years already and has over 1.200.000 active websites with more than 100 million page views daily and the most important: error free. Also, it provides free Web hosting with unlimited space. It is not possible to summarize up everything in one article. But one you have to keep in mind: uCoz provides a free and easy to use service for people who want to create their own page with their own personality and to enjoy the many advantages of using a multi-functional website for their work, to exhibit their art, to express their ideas or just to have fun. Absolutely recommended!