Archive for the ‘ Releases ’ Category

The easiest, most effective way to secure WordPress Sites

WordPress Site security : How To Avoid hackers

1. Place the below on functions to hide WordPress version.
function remove_wp_version() {
return ”; //returns nothing, exactly the point.
}
add_filter(‘the_generator’, ‘remove_wp_version’);

2. Activate the plugin Better WP Security and configure it.

3. Change folder permission
For Directories:  755
For Files: 644

4. Protect config file on htaccess
php>
order allow,deny
deny from all
</Files>

5. No directory browsing. Add the below code on htaccess
# directory browsing
Options All -Indexes

6. Prevent Access To wp-content
Order deny,allow
Deny from all
<Files ~ “.(xml|css|jpe?g|png|gif|js)$”>
Allow from all
</Files>

7. Protect .htaccess
Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>

8. Securing wp-includes
# Block the include-only files.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]

# BEGIN WordPress

9. Help Prevent “Content Scrapers”
RewriteEngine On
#Replace ?mysite\.com/ with your blog url
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
#Replace /images/nohotlink.jpg with your “don’t hotlink” image url
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]

Make sure to replace “mysite” with your website’s URL and “/images/nohotlink.jpg” to the path of your image.

10. Protect Your WordPress Blog from Script Injections
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

11. Things to avoid when choosing a password:

Any permutation of your own real name, username, company name, or name of your website.
A word from a dictionary, in any language.
A short password.
Any numeric-only or alphabetic-only password (a mixture of both is best).

12. Change username of “admin.”  and Admin user id 1 to something else

13. Change the table_prefix: Many published WordPress-specific SOL-injection attacks make the assumption that the table_prefix is wp_, the default.
Changing this can block at least some SQL injection attacks.

14. Remove unused themes and inactive plugins from WP-content folder.

15. FTP : When connecting to your server you should use SFTP encryption if your web host provides it.
If you are unsure if your web host provides SFTP or not, just ask them.
Using SFTP is the same as FTP, except your password and other data is encrypted as it transmitted between your computer and your website.
This means your password is never sent in the clear and cannot be intercepted by an attacker.

16. Scan your site frequently.
http://sitecheck.sucuri.net/scanner/

Automatically Backup Your WordPress Site to Google Drive – Version 2

We have released new version(v2) on wp google drive plugin to make back of your wordpress site files to google drive in efeectivemanner.

http://wordpress.org/extend/plugins/wp-google-drive/

Exclusive tutorial on How to Backup your WordPress blog to Google Drive. It is always recommended to backup your WordPress blog, which includes files (themes, plugins etc) and SQL tables (all your blog posts, comments, drafts etc are stored as tables in database).

Whenever your blog is gone (due to unsecured activities or some other reasons), these backups will help to get back your blog. In some cases, using 3rd party plugins and themes can also lead to malfunction of your blog, here also these backups helps to retain back your blog.

Reasons to Backup WordPress Blog to Google Drive

  • Its a Google Product and is free to use up-to 5GB.
  • Can get access to backups on any of the devices like Smartphones, Tablet PC’s, Laptops etc.
  • Backups will be uploaded in quite less time (sometimes based on internet connection also).
  • Highly Secure and reliable service, so there wont be any loss of data in the process.
  • Backups can be shared with your blog partners (if have any) with a single click of mouse

How to Backup WordPress blog to Google Drive

Download and Install Google Drive for WordPress plugin from official WordPress plugin repository.

Google Drive for WordPress Plugin »

Please see the video for plugin process.

Here is the step-by-step guide that helps to backup your WordPress blog to Google Drive. Brief list of things you have to do in this tutorial:

  1. Login to Google API and create a Client ID in it.
  2. Authorizing the Plugin by using Client ID and Client Secret.
  3. Setting up the plugin frequency to take backups.

google-drive-plugin

  • Go to “API Access” tab and click on “Create an OAuth 2.0 client ID”

backup-wordpress-blog-google-drive-api-access

backup-wordpress-blog-google-drive-api

  • Go to “API Access” tab and click on “Create an OAuth 2.0 client ID”

google-drive-api-access

  • In the pop-up window, give a product name and upload logo before clicking on “Next” button.

google-drive-create-client-id

  • By default “Web Application” will be selected and don’t change it.

google-drive-client-settings

  • In “Your site or hostname” section, click on “More Options” to expand link sections.

google-drive-client-id

  • Now, paste the link in the “Backup Settings” page here. Enter domain name in “JavaScripts” origin field.

google-drive-insert-url

  • Click on “Create Client ID” and you have successfully created a Client ID using Google API Console.

google-drive-dashboard

  • Copy the Client ID and Client Secret from API dashboard and paste them in “Configure Google” page.

  • You have to authorize the plugin by clicking on “Allow Access” button.

google-drive-permissions

  • Allow Access to the Plugin and the entire setup has been successfully installed.

Check Out : WordPress Plugin

How to automatically Backup WordPress blog to Google Drive

  • Now, you can configure this plugin further by entering the custom folder ID of your Google Drive.
  • Also define the maximum number of backups (use any positive integer in that field).
  • Set the frequency of backup and everything will be automatically stored in your Google Drive.

    Backup Settings:

    1. You can name your backup directory, any name you like just enter it on text box.
    2. Mail Options : Enable this option to receive mail notification after successful backup on google drive.
    3. Schedule Backup:You can schedule a backup duration here. Based upon the Scheduled time, it will automatically perform schedule backup to google drive.
    4. Manage database :
    –Check yes, if you want to keep Database backup
    –Check the option if you want to exclude particular tables from backup
    –Always keep a recent backup of your site.Here you have option to keep most recent backups.
    Select how many you want to maintain on your server.
    –If you want, you can move particular backup folder to google drive.
    5. Manage Files:
    –Check option to exclude files from backup
    –Select how many backups you would like to maintain on your server.
    –If you want, you can move particular backup folder to Google drive.
    6. On-time backup: For immediate backup.

    FYI:

    Both schedule backup and Ontime backup will works based upon your files selection on Manage database and Manage Files section.

WP Google Drive Plugin

We are Released New wp google drive plugin to make back of your wordpress site files to google drive.

http://wordpress.org/extend/plugins/wp-google-drive/

Exclusive tutorial on How to Backup your WordPress blog to Google Drive. It is always recommended to backup your WordPress blog, which includes files (themes, plugins etc) and SQL tables (all your blog posts, comments, drafts etc are stored as tables in database).

Whenever your blog is gone (due to unsecured activities or some other reasons), these backups will help to get back your blog. In some cases, using 3rd party plugins and themes can also lead to malfunction of your blog, here also these backups helps to retain back your blog.

Reasons to Backup WordPress Blog to Google Drive

  • Its a Google Product and is free to use up-to 5GB.
  • Can get access to backups on any of the devices like Smartphones, Tablet PC’s, Laptops etc.
  • Backups will be uploaded in quite less time (sometimes based on internet connection also).
  • Highly Secure and reliable service, so there wont be any loss of data in the process.
  • Backups can be shared with your blog partners (if have any) with a single click of mouse

How to Backup WordPress blog to Google Drive

Download and Install Google Drive for WordPress plugin from official WordPress plugin repository.

Google Drive for WordPress Plugin »

Here is the step-by-step guide that helps to backup your WordPress blog to Google Drive. Brief list of things you have to do in this tutorial:

  1. Login to Google API and create a Client ID in it.
  2. Authorizing the Plugin by using Client ID and Client Secret.
  3. Setting up the plugin frequency to take backups.

google-drive-plugin

  • Go to “API Access” tab and click on “Create an OAuth 2.0 client ID”

backup-wordpress-blog-google-drive-api-access

backup-wordpress-blog-google-drive-api

  • Go to “API Access” tab and click on “Create an OAuth 2.0 client ID”

google-drive-api-access

  • In the pop-up window, give a product name and upload logo before clicking on “Next” button.

google-drive-create-client-id

  • By default “Web Application” will be selected and don’t change it.

google-drive-client-settings

  • In “Your site or hostname” section, click on “More Options” to expand link sections.

google-drive-client-id

  • Now, paste the link in the “Backup Settings” page here. Enter domain name in “JavaScripts” origin field.

google-drive-insert-url

  • Click on “Create Client ID” and you have successfully created a Client ID using Google API Console.

google-drive-dashboard

  • Copy the Client ID and Client Secret from API dashboard and paste them in “Configure Google” page.

google-drive-plugin

  • You have to authorize the plugin by clicking on “Allow Access” button.

google-drive-permissions

  • Allow Access to the Plugin and the entire setup has been successfully installed.

Check Out : WordPress Plugin

How to automatically Backup WordPress blog to Google Drive

  • Now, you can configure this plugin further by entering the custom folder ID of your Google Drive.
  • Also define the maximum number of backups (use any positive integer in that field).
  • Set the frequency of backup and everything will be automatically stored in your Google Drive.

 

google-drive-plugin

google-drive-plugin

WordPress 3.0.4 Is Now Available

Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

Source: wordpress.org

WordPress 3.0.2 – Mandatory Security Release

WordPress 3.0.2 is available and is a mandatory security update for all previous WordPress versions. Haiku has become traditional:

Fixed on day zero
One-click update makes you safe
This used to be hard

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue!

Download 3.0.2 or update automatically from the Dashboard > Updates menu in your site’s admin area. You should update immediately even if you do not have untrusted users.

Source: wordpress.org

WordPress 3.2 to Drop Support for PHP 4 and MySQL 4

WordPress has announced a bold move today. In an official blog post Mark Jaquith, one of the lead developers

of WordPress said that eventually, starting this year WordPress will end the support for PHP 4 and MySQL 4.

Wordpress

WordPress

Quoting from the blog post, the reasons he gave were:

Our approach with WordPress has always been to make it run on common server configurations. We want users to have flexibility when choosing a host for their precious content. Because of this strategy, WordPress runs pretty much anywhere. Web hosting platforms, however, change over time, and we occasionally are able to reevaluate some of the requirements for running WordPress. Now is one of those times. You probably guessed it from the title — we’re finally ready to announce the end of support for PHP 4 and MySQL 4!

According to the official announcement, WordPress 3.1 which is due to be announced in late 2010 will be the last build to support PHP 4. Also WordPress 3.2 which should come anytime around first half of 2011, the compatibility will be fixed to PHP 5.2. Also for MySQL, announcement made on the blog post was:

In less exciting news, we are also going to be dropping support for MySQL 4 after WordPress 3.1. Fewer than 6 percent of WordPress users are running MySQL 4. The new required MySQL version for WordPress 3.2 will be 5.0.15.

In order to check, which version of PHP and MySQL your hosting provider provides, you can make use of Health Check plugin. This plugin will tell you, if you are ready to be upgraded to WordPress 3.2 when it is available. If you are not ready for it, your blog will not be able to upgrade to WordPress 3.2 because of an inbuilt adapter, which stops it.

According to us, this announcement is surely a bold move, but should not take much concerns for most of the blog owners as statistics show that very less number of trivial blogs only run on PHP4. But still if you are unaware of the version of PHP and MySQL that your hosting provider provides, you better keep an eye on it and check it before it’s too late for you to upgrade to latest version of WordPress.

Source: blogsdna.com , WordPress

WordPress 3.0 Release Candidate

As Matt teased earlier, the first release candidate (RC1) for WordPress 3.0 is now available. What’s an RC? An RC comes after beta and before the final launch. It means we think we’ve got everything done: all features finished, all bugs squashed, and all potential issues addressed. But, then, with over 20 million people using WordPress with a wide variety of configurations and hosting setups, it’s entirely possible that we’ve missed something. So! For the brave of heart, please download the RC and test it out (but not on your live site unless you’re extra adventurous). Some things to know:

  • Custom menus are finished! Yay!
  • Multi-site is all set.
  • The look of the WordPress admin has been lightened up a little bit, so you can focus more on your content.
  • There are a ton of changes, so plugin authors, please test your plugins now, so that if there is a compatibility issue, we can figure it out before the final release.
  • Plugin and theme *users* are also encouraged to test things out. If you find problems, let your plugin/theme authors know so they can figure out the cause.
  • There are a couple of known issues.

If you are testing the RC and come across a bug, you can:

We hope you enjoy playing with the 3.0 RC as much as we’ve enjoyed making it for you. Enjoy!

Download WordPress 3.0 RC1

%d bloggers like this: