The new Kali Linux distribution allows installation in a VMware virtual machine. This enables integration with a local area network and scanning of vulnerabilities. One good vulnerability scanner is wpscan. This is a vulnerability scanner that is used to scan websites running WordPress for security vulnerabilities. This makes it very useful for a webmaster. You can use this tool to scan your website and look for problems that should be fixed. I have used this tool on my website and I found various security problems that I have fixed. This is why Kali is an indispensable tool for website owners. Security is more important now than ever, and a tool that can look for security problems that potential attackers can also see is something that must be investigated. This command:
sudo wpscan --url http://www.myawesomeblogsite.com |
will search the http://www.myawesomeblogsite.com WordPress installation for any configuration errors and security issues. If there are any issues with directory browsing; use a .htaccess file to fix this. This does not interfere with the normal operation of your WordPress installation. The WordPress readme.html must be deleted. This is not necessary to the functioning of your website. Remove unused themes and plugins. The less code your website is running the better and more secure it will be. This lessens the number of possible attack vectors by large percentage. As well as upgrading your WordPress installation on a regular basis; that is another good way to maintain security.
To fix directory browsing; insert this code into a .htaccess file in the folder.
Options IndexIgnore * |
This will disable directory browsing.
Make sure that the install.php file is removed after the successful installation of WordPress. That file is sometimes left behind after installation by website administrators that are not as knowledgeable of WordPress as they should be. But please delete this after installation.
Since WordPress has such a large install base, there will of course be many people that are scanning websites for vulnerabilities regularly. This shows the need for a security plan that is proactive instead of retroactive. Waiting until you are hacked by a malicious Internet user does not help anyone. Your database could be compromised. The Snapchat and Ebay hacking incidents show that security must be taken more seriously. Those websites had their databases stolen and personal data compromised. The Ebay incident showcases the risks to websites that have a large user base. I believe that keeping your website safe involves removing security vulnerabilities before they are exploited. That is better than cleaning up after an attack. That is a large and complex process for a server administrator.