Setting up and using WP Security Scan

The other day, Lolipop's Wordpress was hacked.
One of my clients was also a victim of a blog using Lollipop, and I was able to restore it safely, but even users need to ensure their Wordpress is secure.
If you are a victimThis solution may help.

The solution to damage such as hacking is to take a backup so you don't have to worry about it anytime.
The database data is backed up; if you have this, there is a high possibility that it can be restored. surelyWP-DBManagerand back up your database regularly.

Also, take security measures for Wordpress to avoid becoming a victim. A useful plugin is WP Security Scan.

Clickable table of contents

install

Click Add New under Plugins in the left menu of the dashboard.
Enter "WP Security Scan" in the search window and click the search button.
A list of search results will be displayed, so click "Install now" under WP Security Scan. You will be asked "Are you sure you want to install?", so click OK.
Finally, enable it and the installation is complete.

Settings and usage

Once the installation is complete, "WSD security" will be added to the menu on the left, so click on it.
dashboard

The image below is the first screen.
If there is a problem, it will be displayed in red.

setting-initial

  1. You have the latest version of WordPress.
  2. Your table prefix is not wp_(Is the prefix you choose when installing Wordpress set to "_wp"?)
  3. Your WordPress version is successfully hidden.
  4. WordPress DB Errors turned off.
  5. WP ID META tag removed form WordPress core
  6. No user “admin”. (Are you using admin as your username?)
  7. The file .htaccess does not exist in the wp-admin section. Read more why you should have a .htaccess file in the WP-admin area here.

When I try to explain it

  1. It is important to use the latest version of Wordpress from a security perspective.Wordpress is always updated when vulnerabilities are discovered.
  2. If you install WordPress with the default settings, the prefix of the database table will be "wp_". Please change this.
  3. If you know the version of WordPress, you can be hacked by exploiting vulnerabilities in that version.
  4. You can also understand vulnerabilities from WordPress error information
  5. It's a little unclear, but it seems to be okay if you install WP Security Scan.
  6. Using admin as the username is not good for security.
  7. Access is restricted to the wp-admin folder, but in my case I deliberately ignore this so that I can update from my smartphone etc.

Look at "Scanner" in the next menu.

setting-before

Folders that are displayed in yellow are letting you know that there is a problem with permissions.
Use FTP software to change the permissions to the numbers shown on the right.

This is how to change permissions with ffftp.

Right-click on the folder you want to change and a menu will appear, then click "Change Attributes".
ftp1

A small window will open, so change the number in the blue background for "Current Attributes." Finally, click the "OK" button to change the permissions.
ftp2

The yellow background will disappear when the permissions are successfully changed.
setting-after

The next menu is “Database”.
Here you can back up your database and change the prefix of your database tables.
If you set the prefix to the default "wp_" when installing Wordpress, you can change it here.
[Important] This is a risky process, so be sure to back up your database before changing the prefix.

Take a backup.
Just click "Backup now".
The location of the backup file is "wp-content/plugins/wp-security-scan/backups/".
database-buckup1

Once the backup is complete, you will see a screen like this.
You can also download backup files.
database-buckup2

Prefix change.

It is OK if both parts of the red frame in the image are Yes.
Below that, on the light blue background,

There is a security risk because wp-config.php in the root is writable. After running this script, set the permissions of wp-config.php to 644.

However, in my case, the permissions were originally 644, so you probably don't need to change them.
Next, enter the new prefix in the box following Change the current in half-width alphanumeric characters,
Finally, click the blue "Start Renaming" button.

database-prefix

After waiting for a while, the screen below will appear.
on a green background

All tables have been successfully updated!
The wp-config file has been successfully updated!

If it is displayed, the prefix has been successfully changed.

database-prefix1

I would like to install this plugin to increase the security of WordPress.

en_USEnglish
jaJapanese en_USEnglish