View Single Post
Old 21st November 2011, 19:29
nbhadauria nbhadauria is offline
Join Date: Aug 2010
Location: New Delhi, India
Posts: 79
Thanks: 1
Thanked 13 Times in 13 Posts
Send a message via Skype™ to nbhadauria

I found some use full tips to start...

Security starts with your operating systems.

  1. Make sure web server is run by non-root user such as www or apache.
  2. All wordpress files are owned by root:root (use chown command).
  3. Set all files permission to r--r--r-- (0444 using the chmod)
  4. Set directories permission to r-xr-xr-x (0555) using the chmod command)
  5. Only set read-write permission for upload directories and caching directories.
  6. Turn on SELinux (assuming that you are using Linux with SELinux patches).
  7. Only install limited number of wordpress plugins
  8. Update and apply patches to Wordpress, operating systems, apache,php,mysql as soon as they are available.
  9. Subscribe to security mailing lists.
  10. Use /etc/sysctl.conf for hardening.
  11. Harden other part of LAMP such as PHP and mysql too.

can i have some tips on last point Harden other part of LAMP...
Reply With Quote