#1  
Old 14th November 2011, 12:23
nbhadauria nbhadauria is offline
Member
 
Join Date: Aug 2010
Location: New Delhi, India
Posts: 79
Thanks: 1
Thanked 13 Times in 13 Posts
Send a message via Skype™ to nbhadauria
Default wordpress vulnerability

I am hosting multiple wordpress sites on centos..

And would like to know best practice to secure a wordpress site.
Reply With Quote
Sponsored Links
  #2  
Old 15th November 2011, 14:31
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

First make sure you keep Wordpress and all your WP modules up to date.

Might also be a good thing to use suExec + FastCGI or suPHP instead of mod_php.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
nbhadauria (15th November 2011)
  #3  
Old 21st November 2011, 18:29
nbhadauria nbhadauria is offline
Member
 
Join Date: Aug 2010
Location: New Delhi, India
Posts: 79
Thanks: 1
Thanked 13 Times in 13 Posts
Send a message via Skype™ to nbhadauria
Default

I found some use full tips to start...

Security starts with your operating systems.

Try:
  1. Make sure web server is run by non-root user such as www or apache.
  2. All wordpress files are owned by root:root (use chown command).
  3. Set all files permission to r--r--r-- (0444 using the chmod)
  4. Set directories permission to r-xr-xr-x (0555) using the chmod command)
  5. Only set read-write permission for upload directories and caching directories.
  6. Turn on SELinux (assuming that you are using Linux with SELinux patches).
  7. Only install limited number of wordpress plugins
  8. Update and apply patches to Wordpress, operating systems, apache,php,mysql as soon as they are available.
  9. Subscribe to security mailing lists.
  10. Use /etc/sysctl.conf for hardening.
  11. Harden other part of LAMP such as PHP and mysql too.


can i have some tips on last point Harden other part of LAMP...
Reply With Quote
  #4  
Old 22nd November 2011, 13:32
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Quote:
Originally Posted by nbhadauria View Post
  1. Harden other part of LAMP such as PHP and mysql too.


can i have some tips on last point Harden other part of LAMP...
I guess this refers to using the PHP Suhosin module.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 22nd November 2011, 14:09
nbhadauria nbhadauria is offline
Member
 
Join Date: Aug 2010
Location: New Delhi, India
Posts: 79
Thanks: 1
Thanked 13 Times in 13 Posts
Send a message via Skype™ to nbhadauria
Default

Thanks Falko,

can you please explain what are the posible ways used to inject encrypted code in to php site.

And can we have some real time experience about kind of hacking been done on php site.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem Updating and Uploading to Wordpress website on ISPConfig3 - Fedora 13 MrCompTech Tips/Tricks/Mods 8 25th August 2014 14:18
ISPConfig 3.x - First Steps (Creating Web Sites, Email Addresses, Etc.) sighkick Suggest HOWTO 18 7th October 2010 00:12
ispconfig wordpress and directory/file permissions willebanks Installation/Configuration 4 9th March 2010 21:52
wordpress u Amorphous Installation/Configuration 2 10th July 2009 10:00
wordpress MU and ISPconfig .htaccess isues palkat General 4 18th October 2006 11:57


All times are GMT +2. The time now is 15:41.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.