Blog yang berisi informasi tentang linux, program, blogger, seo, tutorial, security

Saturday 8 February 2014

Manipulasi WP-Config di Wordpress

Google Ads
Google Ads

haii sahabat Bekasi Coders, kemarin iseng ingin bermain di wordpress dah lama ga megang wordpress sekalian belajar lebih dalam lagi , wordpress kian hari kian banyak aja bugnya keknya sih kalo di liat beha haahaha..

Sekarang saya akan share bagaimana kita manipulasi wp-config atau bisa disebut juga dengan menyembunyikan wp-config, terdengar sangat payah kan buat kalian ??
intinya siih mengurangi kerentanan oleh tangan jahil dengan memakai teknik symlink ( klo kata ane begitu :D)

tapi saya disini hanyaa sekedar share saja lah lumayan buat di coba nih.. behahahaha

Langsung Tkp :
  1. Buat Folder bernama misalkan bekasicoders .
  2. Jika sudah copykan wp-config kalian ke folder bekasi coders kemudian ubah menjadi bekasicoders1.php
  3. Kemudian buka dulu di address , saya disini mencoba di localhost ( gratisan aja pakk :v )
Code:

http://localhost/wordpress/bekasicoders/bekasicoders1.php

pasti ada error disana :p
seperti ini nihh


Code:
Warning: require_once(C:\xampp\htdocs\wordpress\bekasicoders/wp-settings.php) [function.require-once]: failed to open stream: No such file or directory in C:\xampp\htdocs\wordpress\bekasicoders\bekasicoders1.php on line 90

Fatal error: require_once() [function.require]: Failed opening required 'C:\xampp\htdocs\wordpress\bekasicoders/wp-settings.php' (include_path='.;\xampp\php\PEAR') in C:\xampp\htdocs\wordpress\bekasicoders\bekasicoders1.php on line 90

ente liat pasti tulisanya seperti dibawah ini :p klo gak ya pasti gak mungkin mencoba tutorial ini :p

Code:
C:\xampp\htdocs\wordpress\bekasicoders\bekasicoders1.php on line 90


lalu buka bekasicoders1.php dengan notepad ++ kek terserah yang penting bisa buat edit ( maksa anee nihh  )
heheuuu
dan setelah itu buka di line 90
Kalian rubah require_once(ABSPATH . 'wp-settings.php'); menjadi require_once(ABSPATH . '../wp-settings.php');
ngerti kan rubahnyaa ??? wong tinggal tulis doang :( :p

lalu coba refresh dan pasti terdapat error lagi
contohnya


Code:
Warning: require(C:\xampp\htdocs\wordpress\bekasicoders/wp-includes/load.php) [function.require]: failed to open stream: No such file or directory in C:\xampp\htdocs\wordpress\wp-settings.php on line 21

Fatal error: require() [function.require]: Failed opening required 'C:\xampp\htdocs\wordpress\bekasicoders/wp-includes/load.php' (include_path='.;\xampp\php\PEAR') in C:\xampp\htdocs\wordpress\wp-settings.php on line 21

permasalahan bisa diatasi dengan copy semua yang ada di dir wp-includes ke direktory yang dibuat.tadi ane klo ane ngebuat dengan nama bekasicoders ya copy disana :D



Refresh kembali, dan ternyata blank. Semua dir homo kalian atur sendiri untuk mengamankan nya  .
Belum selsai .. kalian manipulasi dulu wp-config yang ada di home kalian , layaknya seperti ini saya manipulasi :D




Code:
<?php
/**
* The base configurations of the WordPress.
*
* This file has the following configurations: MySQL settings, Table Prefix,
* Secret Keys, WordPress Language, and ABSPATH. You can find more information
* by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
* wp-config.php} Codex page. You can get the MySQL settings from your web host.
*
* This file is used by the wp-config.php creation script during the
* installation. You don't have to use the web site, you can just copy this file
* to "wp-config.php" and fill in the values.
*
* @package WordPress
*/

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'bekasi_coders');

/** MySQL database username */
define('DB_USER', 'vergos303');

/** MySQL database password */
define('DB_PASSWORD', 'bekasi_coders_1');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define('AUTH_KEY',         'c3lVn iu`j#*x_nX9K1N*X)%#Mj;UPZ+@Ty/M/f8 3Y~c{Aa%Yl]uD]&/|H*..i4');
define('SECURE_AUTH_KEY',  'Y<dauHGa6X?Ln*+_^_Q9}2apqf=+q+L0$KuS0?x;~ RI,-sTqQh^_M8$wmo@#[S-');
define('LOGGED_IN_KEY',    'ccrz>RKwh:n%.X%R32y2rgPY|y)3.Md(J.}p!o}<>sLeJ9oREEG2HSXO]4z5:Ygg');
define('NONCE_KEY',        'g(V<~wN{Tr_A^@K)tr)wkh-Lu~4[lQmY>D<P|>=[H#X,1ll!$J~YBsl$Id[Rg&%]');
define('AUTH_SALT',        'yRYaDcOM5m)el$U,6(:/3@~j}%`bQ?fC mwZE1$XM3:PSXv+Tv@{Q;)A6c-DrHl ');
define('SECURE_AUTH_SALT', 'W.*K>:H.1&q<*dW5jNo+~K}+vQqpp&u_tuL!voXXl~gc[.T<Ff9JK;Dp-b4ng^&|');
define('LOGGED_IN_SALT',   '}@mJlO,SO~%T?.~R>!=t_u:T_^0lp4Qy, b_}(D:os>v2uEyhRPxL-D?&TQk21]+');
define('NONCE_SALT',       ';99){buN>>{lslBg-1Pm&r&g?N/O_;R7C0u_EXBtuxYfzBFs38YPSG#S>VU,SL5E');

/**#@-*/

/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each a unique
* prefix. Only numbers, letters, and underscores please!
*/
$table_prefix  = 'drom_';

/**
* WordPress Localized Language, defaults to English.
*
* Change this to localize WordPress. A corresponding MO file for the chosen
* language must be installed to wp-content/languages. For example, install
* de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German
* language support.
*/
define('WPLANG', '');

/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*/
define('WP_DEBUG', false);

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
    define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');




Kemudian Save.

Refresh, dan lihat , jika terjadi error seperti ini :
Error establishing a database connection
hmm,, belum terkoneksi. tenang kalian buka File wp-load.php di notepad ++, kemudian lihat :

- Line 26 : ada wp-config.php rubah menjadi bekasicoders/bekasicoders1.php
- Line 29 : ada wp-config.php rubah menjadi bekasicoders/bekasicoders1.php
- Line 31 : ada wp-config.php rubah menjadi bekasicoders/bekasicoders1.php
- Line 34 : ada wp-config.php rubah menjadi bekasicoders/bekasicoders1.php

kemudian save. dan lihat hasilnyaa :p
weeewww masih error kan seperti dibawah ini?? buru-buru benerr gann emang mau kemana ? masih ada lanjutanya nih heheheehe



Code:
Warning: require_once(C:\xampp\htdocs\wordpress/../wp-settings.php) [function.require-once]: failed to open stream: No such file or directory in C:\xampp\htdocs\wordpress\bekasicoders\bekasicoders1.php on line 90

Fatal error: require_once() [function.require]: Failed opening required 'C:\xampp\htdocs\wordpress/../wp-settings.php' (include_path='.;\xampp\php\PEAR') in C:\xampp\htdocs\wordpress\bekasicoders\bekasicoders1.php on line 90




nih lanjutanya.. ente buka lagi file bekasicoders1.php nya dengan notepad++ atau applikasi text edit lainya :p dan ke Line 90.
ente rubah require_once(ABSPATH . '../wp-settings.php'); menjadi require_once(ABSPATH . './wp-settings.php');
kemudian save dan liat hasilnya  :D
dan sudah pasti normal lagii :D
jika ada tangan jahil yang melakukan symlink pasti tet tot 0 besar :D

tapi ini saya mencoba dilocalhost bukan site sendiri. jika ada kesalahan silahkan comment disini
mungkin saya bisa membantu :D

mau belajar lebih banyak lagi ??
klik disini

sebelum dan sesudahnya saya ucapkan terima kasih :)



Google Ads
Facebook Twitter Google+

2 comments

Ditunggu terus posting-postingannya gan.... :)

Back To Top