WordPress/Hardening

From r00tedvw.com wiki
Revision as of 01:31, 5 October 2014 by R00t (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Hardening the security on WordPress should be taken seriously. With it being one of the most popular platforms out there, it becomes the most targeted.

Contents

Secure Updates/Installations

Creating a new user

create a new user without a password. it will not be needed since we'll be using SSH keys.
type in the following command below and then hit ENTER through all the prompts

~$ sudo adduser wp-user

It will prompt you multiple times for the password, just keep hitting ENTER to bypass them until you get to the "Try Again" prompt and hit N for No

Enter new UNIX password: 
Retype new UNIX password: 
No password supplied
Enter new UNIX password: 
Retype new UNIX password: 
No password supplied
Enter new UNIX password: 
Retype new UNIX password: 
No password supplied
passwd: Authentication token manipulation error
passwd: password unchanged
Try again? [y/N] n

Create ssh keys

~$ sudo su - wp-user
~$ ssh-keygen -t rsa -b 4096

when it prompts to ask where to save the key, use this:

 /home/wp-user/wp_rsa

hit enter through the passphrase prompts
It should then confirm it has created the keys

Your identification has been saved in /home/wp-user/wp_rsa.
Your public key has been saved in /home/wp-user/wp_rsa.pub

setting file/folder permissions for wp user

Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Politics
Volkswagen
Covid
NCDMV
Toolbox