1. Halo Guest, pastikan Anda selalu menaati peraturan forum sebelum mengirimkan post atau thread baru.

Pengguna Wordpress Wajib Baca - Penting

Discussion in 'Wordpress' started by rakabitor, Apr 30, 2013.

  1. rakabitor

    rakabitor Hero

    Joined:
    Apr 25, 2011
    Messages:
    565
    Likes Received:
    29
    Location:
    Tiang Jemuran
    Bismillah ..
    Pengguna Wordpress Wajib Baca - Penting​

    Ijin Share sedikit info penting mastah :D

    Bagi aganwan/wati yang wordpress addicted mungkin harus lebih waspada, karena serangan mass rapid transportation eh salah .. Mass Rapid Random Attack ke wp-login.php, akhir-akhir ini semakin menggila.

    Berikut ane bantu sedikit list attacker host yang demen ngincer login wordpress anda, silahkan ditambahkan bagi yg punya koleksi lengkapnya.

    Sebagai referensi pengamanan tambahan WP anda mungkin ada bagusnya untuk baca trit ini:
    http://www.ads-id.com/forums/showthread.php/150704-share-tips-sederhana-amankan-WP
    http://www.ads-id.com/forums/showthread.php/155276-Amankan-Jantung-Wordpress-Mu
    dll ... silahkan ubek2 lagi ...

    atau misalkan kalo blog atau site wp ente gak perlu registrasi atau guest post kecuali ente sendiri, dan gak mau rempong :D.
    tambahkan kode ini di htaccess
    Code:
    <files wp-login.php>
    Order allow,deny
    allow from [B]IP address ente[/B] pakai CIDR format
    Deny from all
    </files>
    Note :
    tolong tambahin bagi para mastah yg punya koleksi attacker host ke wp-login.php

    Sekian Terima Kasih
     
    Last edited: Apr 30, 2013
    ibnuroem likes this.
  2. boboho

    boboho Newbie

    Joined:
    Apr 16, 2011
    Messages:
    2,095
    Likes Received:
    175
    Location:
    Samarinda - Tepian Mahakam
    Kalo ane, tak sembunyiin tuh wp-login.php nya heheh jadi cuman ane aja yg tau urlnya.. Kalo dia akses dari wp-admin/ redirect ke home page pake 404 hehe

    Pake plugin better wp security ada fitur rubah wp-login.php
     
    Harun likes this.
  3. rakabitor

    rakabitor Hero

    Joined:
    Apr 25, 2011
    Messages:
    565
    Likes Received:
    29
    Location:
    Tiang Jemuran
    Kasih tau mastah detil pemakain pluginnya mastah :D
    biar yg lain lebih aware dari attacker
     
  4. dedisuparman

    dedisuparman Super Hero

    Joined:
    Mar 27, 2011
    Messages:
    2,350
    Likes Received:
    280
    Location:
    Indramayu
    Ijin nyimak mas, saya masih kurang paham masalah keamanan WP, mohon petunjuknya
     
  5. boboho

    boboho Newbie

    Joined:
    Apr 16, 2011
    Messages:
    2,095
    Likes Received:
    175
    Location:
    Samarinda - Tepian Mahakam
    Nih ss setting hide backend dari Better WP Security
    [​IMG]
    tinggal setting aja kayak di SS

    Login slug untuk : domain.com/wp-login.php
    register slug untu : domain.com/register
    admin slug untuk : domain.com/admin

    kalo contoh di SS, login ane lewat domain.com/lewatsini
    bisa ditambah ama plugin 404 to start, supaya yang akses wp-login.php redirect ke home page..

    kalo cara manual bisa liat di postingan ane 2 taon yg lalu :)) di http://www.ads-id.com/forums/showthread.php/74331-trik-menyembunyikan-wp-login-php

    setting khusus nubie, yg mastah jangan diketawain yah..
     
    loconk, cupuonline and dedisuparman like this.
  6. psycho

    psycho Ads.id Fan

    Joined:
    Apr 23, 2012
    Messages:
    118
    Likes Received:
    3
    Location:
    Jakarta
    Ane stuju bgt sma mastah yg satu ini, ane jg pake WP Better Security.

    Stelah dpet saran dri slah satu mstah di forum trcinta kita ini, trus ane ubek2 ndiri tuh plugin. Eh nemu fitur bisa ngrubah url wp-admin. Kalo dari ane recommended bgt. :komunis:

    Kdang2 kalo ane lg iseng, nyoba2 nmbahin wp-admin d blog2 yg kliatan bgus. Eh trnyata dia make wordpress jg... :silau: (ini perbuatan yg tdak patut d cntoh ya)
     
  7. rakabitor

    rakabitor Hero

    Joined:
    Apr 25, 2011
    Messages:
    565
    Likes Received:
    29
    Location:
    Tiang Jemuran
    Busyet dah yg ngelike banyak amat mastah :p
    ijin pajang di trit atas y!
     
  8. xenovesta

    xenovesta Super Hero

    Joined:
    Sep 1, 2010
    Messages:
    857
    Likes Received:
    11
    ntu kalo nggak salah korbannya ntar sama si "attacker" (nyang aslinya) disurung ngebrute force lagi web lain . Jadi kemungkinan hostnya banyak banget gan.
    Dan belum tentu mereka itu "attacker" aslinya.
     
  9. rakabitor

    rakabitor Hero

    Joined:
    Apr 25, 2011
    Messages:
    565
    Likes Received:
    29
    Location:
    Tiang Jemuran
    ohh begitu ye gan ... waduh sadis banget tuh ... bijimane caranya ye ... :pusing:
     
  10. mencawak

    mencawak Ads.id Fan

    Joined:
    Oct 5, 2012
    Messages:
    127
    Likes Received:
    1
    wah, senasib nih :D
    dari kemarin banyak email notif site lockout dari plugin wpbetter security.
    ipnya dari china, amrik, rusia, indonesia.
    akhirnya kemarin ane pake plugin wsecure buat ganti url adminnya :D
    misanya domain.com/wp-admin nanti redirect ke homepage.
    sementara kalo mau login, harus tau keywordnya. misak domain.com/wp-admin/?keyword baru bisa login :D
     
  11. Shano

    Shano Ads.id Fan

    Joined:
    Apr 12, 2013
    Messages:
    177
    Likes Received:
    5
    Location:
    Jatim
    Terima kasih sharenya gan..mantap
     
  12. munars

    munars Ads.id Pro

    Joined:
    Jun 30, 2009
    Messages:
    446
    Likes Received:
    12
    Location:
    Bekasi
    nice share bos, pernah ngalamin juga :)
     

Share This Page