SECURITY FIX CHECKLIST - IMMEDIATE ACTIONS
===========================================
Website: ahmedabadeventmanagement.com
Priority: CRITICAL

═══════════════════════════════════════════════════════════════

🚨 DO THESE NOW (Today):
═══════════════════════════════════════════════════════════════

□ 1. CHANGE cPANEL PASSWORD
   - Login to: https://server.infidns.com:2087/
   - Go to: Preferences → Change Password
   - Create STRONG password (16+ characters)
   - Use: Letters + Numbers + Symbols
   - Save new password securely

□ 2. CHANGE WORDPRESS ADMIN PASSWORD
   - Login to: https://ahmedabadeventmanagement.com/wp-admin/
   - Go to: Users → Your Profile
   - Generate new strong password
   - Save securely

□ 3. CHANGE DATABASE PASSWORDS
   - Login to cPanel
   - Go to: MySQL Databases
   - Change password for all database users
   - Update wp-config.php with new password

□ 4. REMOVE OR SECURE WP-FILE-MANAGER-PRO
   - Check if actively used
   - If not used: DELETE wp-content/uploads/wp-file-manager-pro/
   - If used: Add .htaccess restrictions (see SECURE-WP-FILE-MANAGER.txt)

□ 5. REVIEW ACCESS LOGS
   - Check cPanel access logs
   - Check WordPress login logs
   - Look for suspicious activity
   - Check file modification dates

═══════════════════════════════════════════════════════════════

📋 DO THIS WEEK:
═══════════════════════════════════════════════════════════════

□ 6. INSTALL SECURITY PLUGIN
   - Install Wordfence Security (free)
   - Or Sucuri Security
   - Enable firewall
   - Enable malware scanning
   - Set up login security

□ 7. UPDATE WORDPRESS CORE
   - Check current version
   - Backup first
   - Update to latest version
   - Test website after update

□ 8. UPDATE ALL PLUGINS
   - Go to: Plugins → Installed Plugins
   - Update all to latest versions
   - Remove unused plugins
   - Check for known vulnerabilities

□ 9. UPDATE THEME
   - Check theme version
   - Update to latest version
   - Remove unused themes
   - Keep only active theme

□ 10. ENABLE HTTPS
    - Install SSL certificate (if not done)
    - Update sitemap.xml to HTTPS
    - Force HTTPS redirects
    - Update all internal links

□ 11. SET UP BACKUPS
    - Install backup plugin (UpdraftPlus, etc.)
    - Set up automated daily backups
    - Store backups outside web root
    - Test backup restoration

□ 12. ADD .htaccess SECURITY RULES
    - Add security rules to root .htaccess
    - Block access to wp-config.php
    - Disable directory browsing
    - Block backup files

□ 13. REVIEW FILE PERMISSIONS
    - Set files to 644
    - Set directories to 755
    - Set wp-config.php to 600
    - Check all file permissions

□ 14. ENABLE 2FA
    - Enable 2FA on cPanel (if available)
    - Install 2FA plugin for WordPress
    - Set up Google Authenticator
    - Test 2FA login

═══════════════════════════════════════════════════════════════

📅 DO THIS MONTH:
═══════════════════════════════════════════════════════════════

□ 15. REGULAR SECURITY SCANS
    - Run weekly security scans
    - Review security logs
    - Monitor for threats

□ 16. KEEP SOFTWARE UPDATED
    - Check for updates weekly
    - Update WordPress, plugins, theme
    - Update PHP version if needed

□ 17. MONITOR SECURITY
    - Set up security alerts
    - Monitor failed login attempts
    - Review access logs regularly

□ 18. STRONG PASSWORD POLICY
    - Use password manager
    - Unique passwords for each service
    - Change passwords every 90 days
    - Enable 2FA everywhere

═══════════════════════════════════════════════════════════════

✅ VERIFICATION STEPS
═══════════════════════════════════════════════════════════════

After completing fixes, verify:

□ Can't access wp-file-manager-pro directory
□ HTTPS working on all pages
□ Security plugin installed and active
□ All software updated
□ Backups working
□ 2FA enabled
□ Strong passwords set
□ No suspicious files found
□ Access logs reviewed

═══════════════════════════════════════════════════════════════

PRIORITY ORDER:
═══════════════════════════════════════════════════════════════

1. Change passwords (CRITICAL - Do First)
2. Remove/secure wp-file-manager-pro
3. Install security plugin
4. Update all software
5. Enable HTTPS
6. Set up backups
7. Add security rules
8. Enable 2FA

═══════════════════════════════════════════════════════════════

