1. SQL Injection and URL Hacking:
    – Insert following to the .htaccess file

    <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC] RewriteRule ^(.*)$ – [F,L] RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR] RewriteCond %{QUERY_STRING} boot\.ini [NC,OR] RewriteCond %{QUERY_STRING} tag\= [NC,OR] RewriteCond %{QUERY_STRING} ftp\:  [NC,OR] RewriteCond %{QUERY_STRING} http\:  [NC,OR] RewriteCond %{QUERY_STRING} https\:  [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|”|;|\?|\*|=$).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC] RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$ RewriteRule ^(.*)$ – [F,L] </IfModule>

  2. Access to Sensitive Files
    – Insert following to the .htaccess file

    Options All -Indexes<files .htaccess>Order allow,denyDeny from all</files><files readme.html>Order allow,denyDeny from all</files><files license.txt>Order allow,denyDeny from all</files><files install.php>Order allow,denyDeny from all</files><files wp-config.php>Order allow,denyDeny from all</files><files error_log>Order allow,denyDeny from all</files><files fantastico_fileslist.txt>Order allow,denyDeny from all</files><files fantversion.php>Order allow,denyDeny from all</files>

  3. Default Admin Account
    – Create a new administrator account and delete the default “Admin” account
  4. Default Prefix in the database
    – Use prefix other than “wp_”
  5. Brute-Force Attacks
    – Brute-force attack will be almost impossible with login limit and penalty timeout

 

Difficulty level: Intermediate
Recurring Risk: No

 Want us to do this for you? It takes about 1 hour depending on the size of site.
Skill level required – Intermediate level
Our rate is $40 per hour ( min. 2 hours)
Call us at: +65 6511 4585 (Office hours)
Message us at: +65 8263 1460 (24 hours)
Email us at: [email protected]
Visit our website at: www.dyontech.com