WordPress/Hardening
From r00tedvw.com wiki
(Difference between revisions)
(Created page with "Hardening the security on WordPress should be taken seriously. With it being one of the most popular platforms out there, it becomes the most targeted. ==Secure Updates/Insta...") |
Revision as of 01:31, 5 October 2014
Hardening the security on WordPress should be taken seriously. With it being one of the most popular platforms out there, it becomes the most targeted.
Contents |
Secure Updates/Installations
Creating a new user
create a new user without a password. it will not be needed since we'll be using SSH keys.
type in the following command below and then hit ENTER through all the prompts
~$ sudo adduser wp-user
It will prompt you multiple times for the password, just keep hitting ENTER to bypass them until you get to the "Try Again" prompt and hit N for No
Enter new UNIX password: Retype new UNIX password: No password supplied Enter new UNIX password: Retype new UNIX password: No password supplied Enter new UNIX password: Retype new UNIX password: No password supplied passwd: Authentication token manipulation error passwd: password unchanged Try again? [y/N] n
Create ssh keys
~$ sudo su - wp-user ~$ ssh-keygen -t rsa -b 4096
when it prompts to ask where to save the key, use this:
/home/wp-user/wp_rsa
hit enter through the passphrase prompts
It should then confirm it has created the keys
Your identification has been saved in /home/wp-user/wp_rsa. Your public key has been saved in /home/wp-user/wp_rsa.pub
