DOCSLIB.ORG

Admin Tools for Wordpress Nicholas K

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Admin Tools for Wordpress Nicholas K Admin Tools for WordPress Nicholas K. Dionysopoulos Davide Tampellini Admin Tools for WordPress Nicholas K. Dionysopoulos Davide Tampellini Copyright © 2017-2021 Akeeba Ltd Abstract This book covers the use of the Admin Tools for WordPress site security plugin for WordPress™ -powered web sites. Both the free Admin Tools Core and the subscription-based Admin Tools Professional editions are completely covered. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the appendix entitled "The GNU Free Documentation License". Table of Contents 1. Getting Started .......................................................................................................................... 1 1. What is Admin Tools? ....................................................................................................... 1 1.1. Disclaimer ............................................................................................................. 1 1.2. The philosophy ....................................................................................................... 2 2. Server environment requirements ......................................................................................... 2 3. Installing Admin Tools ....................................................................................................... 3 3.1. Updating to the latest version .................................................................................... 3 4. Upgrading from Core to Professional .................................................................................... 4 5. Requesting support and reporting bugs .................................................................................. 4 6. Quick Setup ...................................................................................................................... 4 2. Using Admin Tools ................................................................................................................... 7 1. The Control Panel ............................................................................................................. 7 2. The Plugin Params page ..................................................................................................... 9 3. Fixing the permissions of files and directories ....................................................................... 11 3.1. Configuring the permissions of files and directories ..................................................... 13 4. Emergency Off-Line Mode ................................................................................................ 14 5. Protecting Admin Tools with a password (Master Password) ................................................... 17 6. Protect your WordPress administration with a password .......................................................... 19 7. The .htaccess maker ......................................................................................................... 21 7.1. Basic Security ....................................................................................................... 23 7.2. Server protection ................................................................................................... 29 7.2.1. How to determine which exceptions are required .............................................. 31 7.3. Custom .htaccess rules ............................................................................................ 32 7.4. Optimisation and utility .......................................................................................... 33 7.5. System configuration .............................................................................................. 39 8. Malware Detection (the PHP File Scanner) ........................................................................... 40 8.1. How does it work and what should I know? ............................................................... 42 8.2. Configuration ........................................................................................................ 43 8.3. Scanning and administering scans ............................................................................ 45 8.4. Reading the reports ................................................................................................ 47 8.5. Automating the scans (CRON jobs) .......................................................................... 49 8.6. Automating the scans (scheduling URL) .................................................................... 49 9. Web Application Firewall .................................................................................................. 51 9.1. How WAF works and optimization .......................................................................... 54 9.2. Configure ............................................................................................................. 57 9.2.1. Basic Protection Features ............................................................................. 58 9.2.2. Request Filtering ......................................................................................... 63 9.2.3. Hardening Options ...................................................................................... 65 9.2.4. Cloaking .................................................................................................... 68 9.2.5. Project Honeypot ........................................................................................ 69 9.2.6. Exceptions ................................................................................................. 71 9.2.7. Auto-ban ................................................................................................... 73 9.2.8. Logging and reporting ................................................................................. 75 9.2.9. Customisation ............................................................................................. 78 9.3. WAF Exceptions ................................................................................................... 79 9.4. Administrator IP Whitelist ...................................................................................... 81 9.5. Site IP Blacklist .................................................................................................... 84 9.6. Anti-spam Bad Words ............................................................................................ 87 9.7. Security Exceptions Log ......................................................................................... 88 9.7.1. List of blocking reasons ............................................................................... 88 9.8. Auto IP Blocking Administration ............................................................................. 90 9.9. Auto IP Blocking History ....................................................................................... 91 9.10. Email templates ................................................................................................... 92 10. WordPress tools ............................................................................................................. 95 10.1. Update WordPress salts ........................................................................................ 96 iii Admin Tools for WordPress 10.2. Password expiration ............................................................................................. 97 10.3. Advanced WordPress options ................................................................................. 97 10.3.1. Post settings ............................................................................................. 98 10.3.2. System settings ......................................................................................... 99 11. Database tools .............................................................................................................. 100 12. HTTPS Tools ............................................................................................................... 101 13. URL Redirection .......................................................................................................... 101 14. Import and Exporting Settings ........................................................................................ 104 A. GNU General Public License version 3 ..................................................................................... 105 B. GNU Free Documentation License ........................................................................................... 114 iv Chapter 1. Getting Started 1. What is Admin Tools? Admin Tools is a security plugin, a software solution which will help you tighten the security of your WordPress site. Moreover, it has several features which will help you enhance the performance of your site and make your life administering the site a bit easier. Admin Tools is written with PHP and WordPress best practices in mind. It uses a native WordPress plugin to apply its security and performance enhancing features. It does not modify WordPress' core files ("core hacks"), therefore allowing you to update WordPress trouble-free. In fact, we only support the latest published version of WordPress at all times: it makes no sense thinking about a secure site while running
Load more

Recommended publications
  • IE 6.0 Download and Set-Up Downloading Internet Explorer
    IE 6.0 Download and Set-up To use the Web Commerce e-commerce service, you need to: • Gain access to the Internet • Install Microsoft™ Internet Explorer 6.0™ • Configure Temporary Internet files in Internet Explorer. • Configure AutoComplete in Internet Explorer. • Enable JavaScript in Internet Explorer. This tutorial provides detailed instructions to help you download and configure Internet Explorer 6.0 for use with Web Commerce application. Downloading Internet Explorer 6.0 Only Microsoft Internet Explorer 6 has the security features required to use the Web Commerce services. If you already have Internet access, you can use any Internet browser to download and install the most current version of IE, Internet Explorer 6. To download IE 6 from the Microsoft web site: 1. Go to the Microsoft Download Search page at: • http://www.microsoft.com/downloads/search.asp 1. Select the latest version of Internet Explorer (e.g.: Internet Explorer 6) from the Product Name drop-down list. 2. Select the operating system installed on your computer (e.g.: Windows 98) from the Operating System drop-down list. 3. Click the Find It! Button. A list of downloadable files appears. 4. Click Internet Explorer 6 from the list of files. A new browser window opens, which will allow you to specify which language version of IE you want to download. Exelon 2 5. Choose your preferred language and click the GO button. The next Windows File Download screen appears: 7. Click Internet Explorer 6 under the Download heading. A download box will open, select the Open Button, and the download for Internet Explorer 6 will commence.
    [Show full text]
  • Easy Slackware
    1 Создание легкой системы на базе Slackware I - Введение Slackware пользуется заслуженной популярностью как классический linux дистрибутив, и поговорка "кто знает Red Hat тот знает только Red Hat, кто знает Slackware тот знает linux" несмотря на явный снобизм поклонников "бога Патре­ га" все же имеет под собой основания. Одним из преимуществ Slackware является возможность простого создания на ее основе практически любой системы, в том числе быстрой и легкой десктопной, о чем далее и пойдет речь. Есть дис­ трибутивы, клоны Slackware, созданные именно с этой целью, типа Аbsolute, но все же лучше создавать систему под себя, с максимальным учетом именно своих потребностей, и Slackware пожалуй как никакой другой дистрибутив подходит именно для этой цели. Легкость и быстрота системы определяется выбором WM (DM) , набором программ и оптимизацией программ и системы в целом. Первое исключает KDE, Gnome, даже новые версии XFCЕ, остается разве что LXDE, но набор программ в нем совершенно не устраивает. Оптимизация наиболее часто используемых про­ грамм и нескольких базовых системных пакетов осуществляется их сборкой из сорцов компилятором, оптимизированным именно под Ваш комп, причем каж­ дая программа конфигурируется исходя из Ваших потребностей к ее возможно­ стям. Оптимизация системы в целом осуществляется ее настройкой согласно спе­ цифическим требованиям к десктопу. Такой подход был выбран по банальной причине, возиться с gentoo нет ни­ какого желания, комп все таки создан для того чтобы им пользоваться, а не для компиляции программ, в тоже время у каждого есть минимальный набор из не­ большого количества наиболее часто используемых программ, на которые стоит потратить некоторое, не такое уж большое, время, чтобы довести их до ума. Кро­ ме того, такой подход позволяет иметь самые свежие версии наиболее часто ис­ пользуемых программ.
    [Show full text]
  • Irods and Spectrum Archive
    Integration of iRODS with IBM Spectrum Archive™ Enterprise Edition A flexible tiered storage archiving solution Version 1.1 (02/17/2020) Nils Haustein IBM European Storage Competence Center Mauro Tridici Euro-Mediterranean Center on Climate Change (CMCC) Contents Introduction ............................................................................................................................................ 3 Executive summary ............................................................................................................................. 4 Tiered storage file systems ..................................................................................................................... 4 IBM Spectrum Scale with IBM Spectrum Archive ............................................................................... 5 Challenges with tiered storage file systems ....................................................................................... 6 iRODS ...................................................................................................................................................... 6 Integration of iRODS with IBM Spectrum Archive .................................................................................. 7 Typical workflows ............................................................................................................................... 8 Preventing transparent recalls ............................................................................................................ 9 Solution
    [Show full text]
  • Further Reading and What's Next
    APPENDIX Further Reading and What’s Next I hope you have gotten an idea of how, as a penetration tester, you could test a web application and find its security flaws by hunting bugs. In this concluding chapter, we will see how we can extend our knowledge of what we have learned so far. In the previous chapter, we saw how SQL injection has been done; however, we have not seen the automated part of SQL injection, which can be done by other tools alongside Burp Suite. We will use sqlmap, a very useful tool, for this purpose. Tools that Can Be Used Alongside Burp Suite We have seen earlier that the best alternative to Burp Suite is OWASP ZAP. Where Burp Community edition has some limitations, ZAP can help you overcome them. Moreover, ZAP is an open source free tool; it is community-based, so you don’t have to pay for it for using any kind of advanced technique. We have also seen how ZAP works. Here, we will therefore concentrate on sqlmap only, another very useful tool we need for bug hunting. The sqlmap is command line based. It comes with Kali Linux by default. You can just open your terminal and start scanning by using sqlmap. However, as always, be careful about using it against any live © Sanjib Sinha 2019 197 S. Sinha, Bug Bounty Hunting for Web Security, https://doi.org/10.1007/978-1-4842-5391-5 APPENDIX FuRtHeR Reading and What’s Next system; don’t use it without permission. If your client’s web application has vulnerabilities, you can use sqlmap to detect the database, table names, columns, and even read the contents inside.
    [Show full text]
  • How to Change Your Browser Preferences So It Uses Acrobat Or Reader PDF Viewer
    How to change your browser preferences so it uses Acrobat or Reader PDF viewer. If you are unable to open the PDF version of the Emergency Action Plan, please use the instructions below to configure your settings for Firefox, Google Chrome, Apple Safari, Internet Explorer, and Microsoft Edge. Firefox on Windows 1. Choose Tools > Add-ons. 2. In the Add-ons Manager window, click the Plugins tab, then select Adobe Acrobat or Adobe Reader. 3. Choose an appropriate option in the drop-down list next to the name of the plug-in. 4. Always Activate sets the plug-in to open PDFs in the browser. 5. Ask to Activate prompts you to turn on the plug-in while opening PDFs in the browser. 6. Never Activate turns off the plug-in so it does not open PDFs in the browser. Select the Acrobat or Reader plugin in the Add-ons Manager. Firefox on Mac OS 1. Select Firefox. 2. Choose Preferences > Applications. 3. Select a relevant content type from the Content Type column. 4. Associate the content type with the application to open the PDF. For example, to use the Acrobat plug-in within the browser, choose Use Adobe Acrobat NPAPI Plug-in. Reviewed 2018 How to change your browser preferences so it uses Acrobat or Reader PDF viewer. Chrome 1. Open Chrome and select the three dots near the address bar 2. Click on Settings 3. Expand the Advanced settings menu at the bottom of the page 4. Under the Privacy and security, click on Content Settings 5. Find PDF documents and click on the arrow to expand the menu 6.
    [Show full text]
  • HTTP Cookie - Wikipedia, the Free Encyclopedia 14/05/2014
    HTTP cookie - Wikipedia, the free encyclopedia 14/05/2014 Create account Log in Article Talk Read Edit View history Search HTTP cookie From Wikipedia, the free encyclopedia Navigation A cookie, also known as an HTTP cookie, web cookie, or browser HTTP Main page cookie, is a small piece of data sent from a website and stored in a Persistence · Compression · HTTPS · Contents user's web browser while the user is browsing that website. Every time Request methods Featured content the user loads the website, the browser sends the cookie back to the OPTIONS · GET · HEAD · POST · PUT · Current events server to notify the website of the user's previous activity.[1] Cookies DELETE · TRACE · CONNECT · PATCH · Random article Donate to Wikipedia were designed to be a reliable mechanism for websites to remember Header fields Wikimedia Shop stateful information (such as items in a shopping cart) or to record the Cookie · ETag · Location · HTTP referer · DNT user's browsing activity (including clicking particular buttons, logging in, · X-Forwarded-For · Interaction or recording which pages were visited by the user as far back as months Status codes or years ago). 301 Moved Permanently · 302 Found · Help 303 See Other · 403 Forbidden · About Wikipedia Although cookies cannot carry viruses, and cannot install malware on 404 Not Found · [2] Community portal the host computer, tracking cookies and especially third-party v · t · e · Recent changes tracking cookies are commonly used as ways to compile long-term Contact page records of individuals' browsing histories—a potential privacy concern that prompted European[3] and U.S.
    [Show full text]
  • Creating Permanent Test Collections of Web Pages for Information Extraction Research*
    Creating Permanent Test Collections of Web Pages for Information Extraction Research* Bernhard Pollak and Wolfgang Gatterbauer Database and Artificial Intelligence Group Vienna University of Technology, Austria {pollak, gatter}@dbai.tuwien.ac.at Abstract. In the research area of automatic web information extraction, there is a need for permanent and annotated web page collections enabling objective performance evaluation of different algorithms. Currently, researchers are suffering from the absence of such representative and contemporary test collections, especially on web tables. At the same time, creating your own sharable web page collections is not trivial nowadays because of the dynamic and diverse nature of modern web technologies employed to create often short- lived online content. In this paper, we cover the problem of creating static representations of web pages in order to build sharable ground truth test sets. We explain the principal difficulties of the problem, discuss possible approaches and introduce our solution: WebPageDump, a Firefox extension capable of saving web pages exactly as they are rendered online. Finally, we benchmark our system with current alternatives using an innovative automatic method based on image snapshots. Keywords: saving web pages, web information extraction, test data, Firefox, web table ground truth, performance evaluation 1 Introduction In the visions of a future Semantic Web, agents will crawl the web for information related to a given task. With the current web lacking semantic annotation, researchers are working on automatic information extraction systems that allow transforming heterogonous and semi-structured information into structured databases that can be later queried for data analysis. For testing purposes researchers need representative and annotated ground truth test data sets in order to benchmark different extraction algorithms against each other.
    [Show full text]
  • Digicult.Info Issue 6
    .Info Issue 6 A Newsletter on Digital Culture ISSN 1609-3941 December 2003 INTRODUCTION his is a rich issue of DigiCULT.Info covering topics in such Tareas as digitisation, asset management and publication, virtual reality, documentation, digital preservation, and the development of the knowledge society. n October the Italian Presidency of the European Union pro- Imoted, in cooperation with the European Commission and the ERPANET (http://www.erpanet.org) and MINERVA Continued next page (UofGlasgow),© HATII Ross, Seamus 2003 Technology explained and applied ... Challenges, strategic issues, new initiatives ... 6 3D-ArchGIS:Archiving Cultural Heritage 16 New Open-source Software for Content in a 3D Multimedia Space and Repository Management 10 Zope at Duke University: Open Source Content 19 The IRCAM Digital Sound Archive in Context Management in a Higher Education Context 55 Towards a Knowledge Society 16 PLEADE – EAD for the Web 31 Metadata Debate:Two Perspectives on Dublin Core News from DigiCULT´s Regional Correspondents ... 34 Cistercians in Yorkshire: Creating a Virtual Heritage Learning Package 37 Bulgaria 45 SMIL Explained 38 Czech Republic 47 Finding Names with the Autonom Parser 40 France 49 The Object of Learning:Virtual and Physical 41 Greece Cultural Heritage Interactions 42 Italy News, events ... 44 Poland 44 Serbia and Montenegro 23 Delivering The Times Digital Archive 30 NZ Electronic Text Centre 37 Cultural Heritage Events Action in the Preservation of Memory ... 52 New Project Highlights the Growing Use of DOIs 24 PANDORA,Australia’s
    [Show full text]
  • Issues with Using IE9 Browser
    NOTICE: Browser Compatibility Issues with Internet Explorer 9 VIPR uses eAuthentication for authentication and the eAuth system is most compatible with Internet Explorer 8. Therefore, IE8 is the preferred browser for use with VIPR. Older versions of Internet Explorer (IE6, IE7) as well as the current version of Mozilla Firefox are working options also. If a customer is using IE9 and having issues, there are several options available to the user in this case: Option 1: Change IE9 to browse in IE8 mode • Open IE9 and hit the F12 key (or Tools > Developer Tools Menu). Click Browser Mode and select IE8. Try again. Option 2: Download Mozilla Firefox, make it your default browser, and try again • Mozilla Firefox can be downloaded from http://www.mozilla.org/en-US/firefox/new/ • To make Firefox the default browser: 1. At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP) and then click Options. 2. Select the Advanced panel, then click the General tab, and then click Check Now. 3. Select Yes to set Firefox as your default browser. Option 3: Rollback from IE9 to IE8 1. Open the Control Panel. Click on Programs and Features. This may be called Add/Remove programs if you are using an older version of Windows. 2. Click on View Installed Updates in the left pane. 3. Right click on Windows Internet Explorer 9 and select Uninstall. 4. Restart your computer when prompted and it should now be running IE8. If you continue to have issues with logging into VIPR, please contact the IIA Helpdesk at 866-224-7677, or by e-mail at [email protected].
    [Show full text]
  • Böngésző Programok 23. Tétel
    23.tétel 1.0 Böngész ő programok használata, összehasonlítása. Az információ keresés technikái. Bogdán;Sleisz Böngész ő programok (Használata, összehasonlítása. Az információ keresés technikái) 23. tétel Az Internet kialakulása 20. század második felére helyezhet ő. Az ARPA rendszerb ől fejl ődött tovább az USA-ban, azóta folyamatosan fejlesztgetik a különböz ő protokollokat, illetve technológiákat, az adatforgalom sebességének növelése érdekében. Komoly tévhitet képez a világban, hogy az Internet az a böngész őben megjeleníthet ő weboldalak összessége. Nagy tévedés, ugyanis ez csak a HTTP protokoll által szolgáltatott tartalom, amely a teljes internetes adatforgalomnak kevesebb, mint az 1/10-ét képezi. Az internetet úgy kell elképzelni, mint egy hardvereszközt, ami az egész világot lefedi, a rajta elérhet ő szolgáltatásokat pedig nevezzük "szoftvereknek". Kétségkívül az egyik legelterjedtebb szolgáltatás ("szoftver") a 80-as port -on kommunikáló HTTP protokoll, amihez tartozik egy kommunikációs nyelv is. A HTTP protokoll célja hagyományos esetben- a távoli "szerveren/kiszolgálón" elhelyezked ő weboldal letöltése a helyi számítógépre. 1. A böngész ő a HTTP kommunikációs nyelven megfogalmazott kérést küld a szerver felé, hogy szeretnénk megjeleníteni a kért weboldalt 2. A szerver válaszol. Többféle üzenetet küldhet vissza a böngész őnek, és minden üzenethez tartozik egy azonosító szám is, úgynevezett Status Code. A legismertebb visszatérési érték talán a Not Found (a keresett weboldal nem található), melynek Status Code-ja a 404. Ilyet könnyedén el őidézhetünk, ha pl. nem létez ő oldalt próbálunk letölteni. A leggyakoribb azonban, ha a 200-as üzenetet kapjuk vissza, vagyis megjelenik az oldal. 3. Ezek után a böngész ő elkezdi letölteni a kért oldal forráskódját . A forráskód egy olyan leíró kód nagyrészt HTML nyelven, amely leírja, hogyan néz ki a weboldal.
    [Show full text]
  • Internet Explorer Users Are Required to Add the Portal URL to Trusted Sites
    CLA Client Portal Browser and Silverlight FAQs 1. Question: I am receiving an “Error 500” when clicking the link to access the CLA Document Portal. Resolution: Verify with your IT department that the portal is not blocked by any internal monitoring or protection applications. 2. Question: How do I know if my computer has Microsoft Silverlight Installed? Resolution: The first time you try and login to the portal you will be prompted to install Silverlight from Microsoft’s website if you don’t have it already installed. The installation typically takes less than one minute and is completely safe. http://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx If you cannot, or prefer not to, install Silverlight on your machine, a simplified version of the document portal that does not require Silverlight is available. Click on the Take me to the non- Silverlight login on the CLA Document Portal page (www.claconnect.com/docportal). 3. Question: I cannot access the CLA Document Portal. (Server error/Page not found) Resolution: Check that you are using a Microsoft Silverlight 4 compatible browser on all PC’s or MAC. A complete list of browsers and operating systems that support Silverlight 4 can be found at http://www.microsoft.com/getsilverlight/locale/en-us/html/installation-win-SL4.html Please note: Internet Explorer users are required to add the portal URL to Trusted Sites. Adding to Trusted Sites Internet Explorer settings 1. Open Internet Explorer and browse to https://portal.cchaxcess.com/Portal/. 2. In Internet Explorer, select Tools / Internet Options; then select the Security tab and click Trusted Sites and then Sites.
    [Show full text]
  • WP: ECS Overview & Architecture
    Technical White Paper ECS Overview and Architecture Abstract This document provides a technical overview and design of the Dell EMC™ ECS™ software-defined cloud-scale object storage platform. August 2021 h14071.19 Revisions Revisions Date Description December 2015 Initial release May 2016 Updated for 2.2.1 September 2016 Updated for 3.0 August 2017 Updated for 3.1 March 2018 Updated for 3.2 September 2018 Updated for Gen3 Hardware February 2019 Updated for 3.3 September 2019 Updated for 3.4 February 2020 Updated ECSDOC-628 changes May 2020 Updated for 3.5 November 2020 Updated for 3.6 February 2021 Updated for 3.6.1 August 2021 Updated for 3.6.2 and compression mechanism Acknowledgements This paper was produced by the following: Author: Zhu, Jarvis The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any software described in this publication requires an applicable software license. This document may contain certain words that are not consistent with Dell's current language guidelines. Dell plans to update the document over subsequent future releases to revise these words accordingly. This document may contain language from third party content that is not under Dell's control and is not consistent with Dell's current guidelines for Dell's own content. When such third-party content is updated by the relevant third parties, this document will be revised accordingly.
    [Show full text]