How to secure your WordPress website

WordPress a number one open source CMS out there especially used by blogger to publish their content online. A wordpress is popular because of its number of rich features, many available plugins, widgets, thousands of theme, easy to manager interface. As per wikipedia, until April 2013, version 3.5 had been downloaded over 18 million times that shows how much wordpress is popular. As every coin has two sides there are some security breaches too found in wordpress blog. Its most targeted CMS by hackers.

Here I am listing some few points that would certainly enhance security of the wordpress.

1. To be started with, always keep your wordpress up to date. As wordpress developers always fix vulnerbility present in older version it is always best course of action to get wordpress updated to latest version. You can always see notifications in admin area to get updated.
2. Always disable ‘display error’ directive of php so in case any error presnt in your wordpress installation it will not be exposed to world.
3. Always change admin user name to something different. The easiest way to do this is create a new user account in WordPress (give it admin access). Then login with that username and delete your old account
4. It is often observed that hackers gain access to the wordpress by uploading a shell to the root directory. So your best bet is to set following settings in php.ini

file_uploads = Off (If you don’t want file upload, then make it off)
safe_mode = On

5. Make sure your local machine is not infected by means of sort of virus. You need to scan it periodically and remove if any threat exists. A best course of action is to install powerful antivirus.
6. Make sure you delete all unwanted themes and plugin.
7. Do not install any plugin that is new out there. Make sure a plugin has good reviews and not vulnerble.
8. Always take daily offsite backup in case of anything goes wrong.
9. Make sure you have not setup 777 permission to any files or folders.

You can read following official tutorial provided by wordpress to secure your wordpress installation.

http://codex.wordpress.org/Hardening_WordPress

Account Creation Status: failed Sorry, a mysql user with the name xxxx already exists

Recently i wanted to terminate one of customer’s account and restore once again. So i used

/scripts/killacct

After terminating the account, in order to restore i used following script.

/scripts/restorepkg

But the script halted during the process with following error on the screen.


Account Creation Status: failed Sorry, a mysql user with the name xxxx already exists

The error clearly means that the account was not terminate properly and I would need to find out what entry remained in the server that resulting in the error.

After a bit of research I found an user entry in following files.

/var/cpanel/databases/users.db

/etc/dbowners

After removing these entries, execute the following command.

userdel -f username

It worked and I could successfully restore user using the script.

Disable cphulk from shell in cPanel server

Recently one of our customer complained not being able to login in WHM and was suspecting cphulkd blocking him and wanted us to disable it from the shell. Hence here are the steps I provided him.

/usr/local/cpanel/etc/init/stopcphulkd

/usr/local/cpanel/bin/cphulk_pam_ctl --disable

Above commands will just stop or disable cphulkd temporarily if you restart the cPanel service, it would again start the cphulkd service. In order to stop it permanently.

You can try

rm -f /var/cpanel/hulkd/enabled

Enjoy!!

1 77 78 79 80