You are on page 1of 5

2012 117000

%82.1



:

Wp-admin
wp-admin

.htaccess
.htaccess .htaccess

AuthUserFile /dev/null
AuthGroupFile /dev/null
"AuthName "Wordpress Admin Access Control
AuthType Basic
order deny,allow
deny from all
********* allow from


Cpanel Cpanel
. Password Protect Directories


Wp-admin
wp-admin .

wp-config.php

.htaccess
.htaccess
# protect wpconfig.php
><files wp-config.php
order allow,deny
deny from all
></files



...
.htaccess
Options -Indexes

wp-content


.htaccess
Order deny,allow
Deny from all
>"<Files ~ ".(xml|css|jpe?g|png|gif|js)$
Allow from all
></Files

.htaccess
.htaccess

hta
>")]<Files ~ "^.*\.([Hh][Tt][Aa
order allow,deny
deny from all
satisfy all
></Files
Plugins

plugins



.




dork


functions.php
:

;)'remove_action('wp_head', 'wp_generator

SQLi


wp-content/plugins :
blocksqli blocksqli.php
:
<?php
;global $user_ID
{ )if($user_ID
{ ))'if(!current_user_can('level_10
{ )if (strlen($_SERVER['REQUEST_URI']) > 255
;)"@header("HTTP/1.1 414 Request-URI Too Long
;)"@header("Status: 414 Request-URI Too Long
;)"@header("Connection: Close
;@exit
}
}
}
|| )"(if (strpos($_SERVER['REQUEST_URI'], "eval
|| )"strpos($_SERVER['REQUEST_URI'], "CONCAT
|| )"strpos($_SERVER['REQUEST_URI'], "UNION+SELECT
{ ))"strpos($_SERVER['REQUEST_URI'], "base64
;)"@header("HTTP/1.1 414 Request-URI Too Long
;)"@header("Status: 414 Request-URI Too Long
;)"@header("Connection: Close
;@exit
}
>?
plugin sqli
.






exploit-db

scan :
Exploit Scanner
Ultimate Security Checker
:


Google

robot.txt .
* User-Agent:
*Disallow: /wp-


. .