garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added #22 thanks to @SourceFrenchy

ethicalhack3r
2012-07-17 13:17:16 -07:00
parent 1c8b62ddaf
commit 87b4d35b58
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
WordPress-Security-Tips.md

@@ -82,4 +82,8 @@ Attackers may use search engines to find potential vulnerable victims. By removi
WordPress in recent versions uses the 'X-Frame-Options' HTTP header for privileged users to tell the browser where HTML frames are allowed to be loaded from. This isn't however set for unauthenticated users, allowing for potential [ClickJacking](https://www.owasp.org/index.php/Clickjacking) attacks. WordPress in recent versions uses the 'X-Frame-Options' HTTP header for privileged users to tell the browser where HTML frames are allowed to be loaded from. This isn't however set for unauthenticated users, allowing for potential [ClickJacking](https://www.owasp.org/index.php/Clickjacking) attacks.
**22. IP whitelist the wp-login.php file.**
Most administrative users login to their blog via the same IP address. By whitelisting access to the wp-login.php file you ensure that only specific IPs can access the wp-login.php file.
**For further WordPress hardening tips see: [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress)** **For further WordPress hardening tips see: [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress)**