1
© Open Source Varsity. All Rights Reserved. Tel: 022 26124533 Email: [email protected]WordPress Security Scan Configuration
To configure the - WordPress Security Scan - plugin in your WordPress driven Blog, login to WordPress as administrator, by simply entering the url_of_your_website/wp-admin in your Browser. Enter the appropriate username and password { which was provided while installing WordPress } and then click on Log In as shown in Diagram 1.
Diagram 1
After logging in as WordPress Admin, a Dashboard page opens as shown in Diagram 2.
The Dashboard provides access to different WordPress functions and features.
2
© Open Source Varsity. All Rights Reserved. Tel: 022 26124533 Email: [email protected] In the left menu, locate the link Security. Click Security, from the drop down menu that appears are the features and functions provided by the plugin as shown in Diagram 3.The Security menu has the following sub menu-items – Security, Scanner, Password Tool, Database and Support.
Diagram 3
Security :
In the left menu, locate the link Security. Click Security, from the drop down menu that appears as shown in Diagram 4.
3
© Open Source Varsity. All Rights Reserved. Tel: 022 26124533 Email: [email protected] WP-Security Admin tools by WebsiteDefender page is displayed as shown in Diagram 5. This page provides the details required for security: Initial Scan
System Information Scan
About Website Defender.
Initial Scan:
The WP-Security Admin Tools scans the following information of your WordPress CMS. Probing for weaknesses a hacker could exploit:
1) WordPress version installed
2) WordPress database table prefix. (It also allows you to change the table prefix.) 3) WordPress version visible / hidden
4) WordPress DB Errors 5) WordPress ID Meta tag 6) WordPress Username
7) Presence of .htaccess file in WordPress CMS
NOTE: The issues are highlighted in red for the admin to take action. The issues highlighted in green are not be worried.
After getting the result of the initial scan, solve the issues highlighted in red.
System Information Scan:
The WP-Security Admin Tools scans the system information for: Operating System, Server, Memory usage, MySQL Version, SQL Mode, PHP Version, PHP Safe Mode, PHP Allow URL fopen, PHP Memory Limit , PHP Max Upload Size, PHP Max Post Size, PHP Max Script Execute Time, PHP Exif support , PHP IPTC support , PHP XML support.
About Website Defender:
Optionally integrates with the Websitedefender.com online service, which monitors your blog and website for malware, hacker activity and security vulnerabilities, giving you easy to understand solutions to keep your website safe. Website Defender's enhanced WordPress Security Checks allow it to identify and help contain any threats on a blog or website powered by WordPress.
With Website Defender you can:
Detect Malware present on your website
Audit your website for security issues
Avoid getting blacklisted by Google
Keep your website content and data safe
4
© Open Source Varsity. All Rights Reserved. Tel: 022 26124533 Email: [email protected] Diagram 5Scanner :
In the left menu, locate the link Security. Click Security, from the drop down menu that appears, click Scanner as shown in Diagram 6.
Diagram 6
The Scanner scans all the files and directories of WordPress CMS. It checks to see if files and directories have appropriate permissions settings. The current mode settings and required mode settings are displayed systematically.
Once the Blog / Website scan is completed one has to manually change the mode settings of each file(s) and directory(ies) as recommended in the WP-Security Scan table. Each such recommendation corresponds to a vulnerability that Scanner has discovered and needs attention.
5
© Open Source Varsity. All Rights Reserved. Tel: 022 26124533 Email: [email protected] Diagram 7Password Tool:
In the left menu, locate the link Security. Click Security, from the drop down menu that appears, click Password Tool as shown in Diagram 8.
Diagram 8
WP Security Scan - Password tool, scans for Password vulnerabilities in your blog and suggests corrective action.
The password tool can scan your password strength and can indicate whether the password being keyed in is a strong password or not. Alternatively, this tool can generate strong passwords for use as shown in Diagram 9.
6
© Open Source Varsity. All Rights Reserved. Tel: 022 26124533 Email: [email protected] In the left menu, locate the link Security. Click Security, from the drop down menu that appears, click Database as shown in Diagram 10.Diagram 10
Database:
The Database Security tools helps you to backup your WordPress CMS database and change the default WP Database table prefix ( i.e. wp- ) in just a single click as shown in Diagram 11.
7
© Open Source Varsity. All Rights Reserved. Tel: 022 26124533 Email: [email protected] To backup your database, click “Backup now!”as shown in Diagram 12.Diagram 12
“Database successfully backed up! ” message is displayed as shown in Diagram 13.
You can download the SQL file from the Available database backups links provided. The SQL file is stored at: “ wp-content\plugins\wp-security-scan\backups\ bck-07-31-2011-a18762309e5b8e3585f7b55701437c91.sql”.
The SQL file name is displayed in the output of this process as shown in diagram 13.
8
© Open Source Varsity. All Rights Reserved. Tel: 022 26124533 Email: [email protected]To change the default WP database table prefix ( i.e. wp_ ), enter the prefix desired in the textbox and click “Start Renaming” as shown in Diagram 14.
Diagram 14
“All tables have been successfully updated” & “the wp-config file has been successfully updated” message is displayed as shown in Diagram 15.
NOTE: The wp-config file permission must be writable and the database must have ALTER rights before running this script.
