HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Suggest HOWTO (http://www.howtoforge.com/forums/forumdisplay.php?f=9)
-   -   wordpress vulnerability (http://www.howtoforge.com/forums/showthread.php?t=54931)

nbhadauria 14th November 2011 13:23

wordpress vulnerability
 
I am hosting multiple wordpress sites on centos..

And would like to know best practice to secure a wordpress site.

falko 15th November 2011 15:31

First make sure you keep Wordpress and all your WP modules up to date.

Might also be a good thing to use suExec + FastCGI or suPHP instead of mod_php.

nbhadauria 21st November 2011 19:29

I found some use full tips to start...

Security starts with your operating systems.

Try:
  1. Make sure web server is run by non-root user such as www or apache.
  2. All wordpress files are owned by root:root (use chown command).
  3. Set all files permission to r--r--r-- (0444 using the chmod)
  4. Set directories permission to r-xr-xr-x (0555) using the chmod command)
  5. Only set read-write permission for upload directories and caching directories.
  6. Turn on SELinux (assuming that you are using Linux with SELinux patches).
  7. Only install limited number of wordpress plugins
  8. Update and apply patches to Wordpress, operating systems, apache,php,mysql as soon as they are available.
  9. Subscribe to security mailing lists.
  10. Use /etc/sysctl.conf for hardening.
  11. Harden other part of LAMP such as PHP and mysql too.


can i have some tips on last point Harden other part of LAMP...

falko 22nd November 2011 14:32

Quote:

Originally Posted by nbhadauria (Post 267988)
  1. Harden other part of LAMP such as PHP and mysql too.


can i have some tips on last point Harden other part of LAMP...

I guess this refers to using the PHP Suhosin module.

nbhadauria 22nd November 2011 15:09

Thanks Falko,

can you please explain what are the posible ways used to inject encrypted code in to php site.

And can we have some real time experience about kind of hacking been done on php site.


All times are GMT +2. The time now is 15:41.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.