Securing WordPress Installation

Posted by Shubhamoy on Jul 26, 2012 in Online Security Tips, wordpress | 0 comments

Nowadays we can easily setup a blog and start our journey as a blogger and all thanks to wordpress for providing such a wonderful platform for blogging. More than 54% websites are using WordPress and majority installations are quite vulnerable due to improper configuration. Now do we need to become a security expert to secure our wordpress installation? The answer is “NO”, we simply need to follow some steps which would provide sufficient security though it doesn’t mean that the security can’t be breached; reason behind vulnerability may be present in any component of the website or webserver which in turn can cause an attack.

So following are the steps to be followed:

Protecting wp-config.php

The most important file of the WordPress installation is the wp-config.php which needs to be protected at any cost.

File Permission: Permission may be changed to 400 or 440.
.htaccess Protection: This provides a protection from SymLink attacks.

</pre>
<pre>&lt;files wp-config.php&gt;
order allow,deny
deny from all
&lt;/files&gt;</pre>
<pre>

Tue24

Quality and Security: Paradise of Success

Posted by Shubhamoy on Jul 24, 2012 in Online Security Tips, programming fundamentals, web development | 0 comments

Recently I had attended a two day workshop on Information Security at my college. The workshop exposed to a various topics of the security domain. Out of which my personal favorite was the web based security and truly speaking, a person needn’t become a hacker to breakdown a website’s security since a simple search yields sufficient information required to launch an attack.

It will be foolish to say that a website is fully secured and can’t attacked because vulnerability may be present in any of the component of the website or the server may be using some outdated components which can be sufficient to launch an attack. So it becomes very tough for a normal user to have a determine that is their content secure or not?

In my last semester, we were taught software engineering which was quite an interesting subject since it gave a great exposure to various topics of software engineering. So the most appealing was the software quality; if we follow some rules, regulations, standards, etc. then we can drive-off many issues on both the functional and non-functional end.

Thu09

Online Security Tips

Posted by Shubhamoy on Apr 9, 2009 in General, Latest News, Online Security Tips, Software, Tech News | 0 comments

Hi Folks,

Many a times we face a problem of misuse of our mail ids or some bank account etc. So I’m going to explain you all some measures to prevent these kind of activities.

Do’s:

Change all your account’ passwords every month. Have a alphanumeric password.
Always check URL(e.g. http://yahoo.com for Yahoo! Mail & not http://abcd.com for Yahoo! Mail) before logging in any site.
Most of the websites use secured connection, i.e., https(Port No.: 81) & not http(Port No.: 80) like GMail, Yahoo! or any website Online Banking Site.
Install a good antivirus like Kaspersky Internet Security or Bit Defender.

Don’ts:

Avoid using Public Computers to access Bank Accounts, Mail Accounts etc.
Never access any personal account on your office computer because mostly the Network Administrator keep on running tools to capture passwords.
Never pass on any confidential item over mail or IM.
Never click links till the time you are not sure.
Never download mail attachments, till the time you are not sure about its content.
Never install unknown applications and running Keygen or Cracks(they have inbuilt viruses & trojans).
Avoid creating online profiles with genuine information and photo.

Finally there are tons of do’s and don’ts but if we are alert then we can protect ourselves.

Further Reading: