WordPress hardening methods

 

Block PHP execution in untrusted folders

 Go to public_html and you’ll see three folders called wp-includeswp-admin, and wp-content, like so

To protect your website from backdoor access files, you need to create a .htaccess file and upload it to your site’s/wp-includes/ and /wp-content/uploads/ directories.

You need to paste the following code in your .htaccess file.

<Files *.php>
deny from all
</Files>

For openlitespeed 


RewriteCond %{REQUEST_URI} ^.*(\/|php)$ [NC]
RewriteRule .* - [F,L]

Disable file editor



in wp-config.php


define( 'DISALLOW_FILE_EDIT', true );



Change security keys

To log in easily, WordPress stores your credentials so you don’t have to enter your credentials every time you want to login. But what’s important here is that it’s stored in an encrypted form.

https://api.wordpress.org/secret-key/1.1/salt/

copy paste from this url



For busniess websites only


Disallow plugin installations

There are occasions when a user or a client might install a plugin without checking its compatibility or credibility, as thoroughly as you may do. This can lead to a number of problems on your website, so it is best to remove the ability for them to do so altogether. 

You can disable plugin and theme updates and installations in two ways:

By adding a line of code to your wp_config php file

Follow the same method as detailed in the previous section, you need to add the following line:

define('DISALLOW_FILE_MODS’,true);



Deny access to wp-config.php

Denying access is a much more concrete measure, and if you do this, you won’t have to move the file at all. Go to your .htaccess file and add the following code, right at the top: 

<files wp-config.php>
order allow,deny
deny from all
</files>



automation

find /home/*/public_html/ -type d -name "wp-includes" -o -name "wp-admin" -o -name "wp-content" | xargs -I {} cp -v .htaccess "{}"


Here's what this command does step by step:


find /home/*/public_html/ \( -type d -name "wp-includes" -o -path "*/wp-content/uploads" \) | xargs -I {} cp -v .htaccess "{}"





  1. find /home/*/public_html/: This part of the command starts the search from "/home/*/public_html/".

  2. \( -type d -name "wp-includes" -o -path "*/wp-content/uploads" \): This condition uses the -type d flag to search for directories and combines the search for "wp-includes" with the -path "*/wp-content/uploads" condition, which matches "wp-content/uploads" directories anywhere within the "public_html" directory structure.

  3. |: This is the pipe operator, which takes the output of the find command on the left and uses it as input for the xargs command on the right.

  4. xargs -I {} cp -v .htaccess "{}": This part of the command takes each directory path found by find one at a time and copies the ".htaccess" file from the current directory (where this command is executed) into each of those directories. The {} is a placeholder that represents the path of each directory found by the find command, and -I {} specifies the placeholder.

With this modified command, it will search for both the "wp-includes" folder and the "wp-content/uploads" folder within "/home/*/public_html/" and copy the ".htaccess" file into each of them.




vi add_disallow_file_edit.sh

chmod +x add_disallow_file_edit.sh


#!/bin/bash

# Define the search and replacement strings
search_string='<?php'
replace_string='define( '\''DISALLOW_FILE_EDIT'\'', true );'

# Loop through the wp-config.php files in /home/*/public_html/
for config_file in /home/*/public_html/wp-config.php; do
    # Check if the file exists
    if [ -e "$config_file" ]; then
        # Check if the search string exists in the file
        if grep -q "$search_string" "$config_file"; then
            # Add the replace string after the search string
            sed -i "/$search_string/a $replace_string" "$config_file"
            echo "Added DISALLOW_FILE_EDIT in $config_file"
        else
            # Add the replace string at the top of the file
            sed -i "1s;^;$replace_string\n" "$config_file"
            echo "Added DISALLOW_FILE_EDIT at the top of $config_file"
        fi
    fi
done





In this script:

  • The replace_string no longer starts with a newline character, so it will not add extra newlines.
  • The replace_string directly contains define('DISALLOW_FILE_EDIT', true);.

This should ensure that the define('DISALLOW_FILE_EDIT', true); line is added without extra newlines in the wp-config.php files.














































































Comments

Post a Comment

Popular posts from this blog

cpanel exam CPSP Answers

 Which of the following options best describes the role of Shared Hosting on a web server? Providing hosting for a single website owned by different people on multiple servers. Providing hosting for a single website owned by one person on one server. Providing hosting for multiple websites owned by different people on one server. Providing hosting for multiple websites owned by one person on one server. 3 Which of the following capabilities can a cPanel account user perform easily from within the cPanel account interface without the aid of a system administrator? File and configuration management. Relocating the physical server. Upgrading server hardware and equipment. Installing new database software. 1 File and configuration management. Which of the following options best describes a core benefit to using cPanel & WHM, as a web hosting provider operating on a cPanel & WHM environment? cPanel users are able to create new virtualization resources to help host their web appl...
Read more

How to install zimbra collaboration suite 8.8.11 on CentOS 7

Check system requirements  https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0/Single_Server_Installation#System_Requirements prerequisites Before we get started, here are a few things that are required before we proceed with the installation. A clean installation of Centos 7 A Fully Qualified Domain (FQDN) for your server(Example mail.geekybum.com) An external DNS server with both A and MX records for your server to point to your Zimbra mail server IP Address A static IP Address assigned to network interface. Step 1: Root login to server through SSH Step 2: Install required packages for zimbra coloboration suite installation yum -y install unzip net-tools sysstat openssh-clients perl-core libaio nmap-ncat libstdc++.so Initial server setup To get started we need to configure a hostname for our server and a static IP address. vi /etc/hosts 135.125.30.56 mail.geekybum.com mail Replace the system hostname and FQDN values accordingly in order to match your ow...
Read more

awstats installation

Set Up AWStats for Nginx on Ubuntu sudo apt-get install awstats add access log file to generate stats using this server { # ... all your other config ... access_log /var/log/nginx/yourdomain.com.access.log ; # ... all your other config ... } /etc/nginx/sites-available vi awstats.parleproducts.com.conf cd /etc/awstats/ vi awstats.parleproducts.com.conf #path to your nginx log file LogFile="/var/log/nginx/parleproducts.com.access.log" # Domain of your vhost SiteDomain="parleproducts.com" # Directory where to store the awstats data DirData="/var/lib/awstats/" # Other domains/subdomain you want included from your logs, for example the www subdomain HostAliases="www.parleproducts.com" # If you customized your log format above add this line: LogFormat = ""%host %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot"" # If you did not, uncomment and use this line: #...
Read more