Print
Hits: 323

Here is some security tricks in order to improve security on WordPress CMS:

 

CREATE and ALTER are used when upgrading, sometimes. INSERT, UPDATE, and SELECT are used all the time.

 

 First make sure you have in Php.ini:

 

memory_limit = 32M

upload_max_filesize = 10M

post_max_size = 20M

 

.htaccess is also important in Hardening WordPress because it's easy to use. Here is an example:

 

########## Begin - Rewrite rules to block out some common exploits

## If you experience problems on your site block out the operations listed below

## This attempts to block the most common type of exploit `attempts` to WordPress!

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

# Block out any script trying to set a mosConfig value through the URL

RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

# Block out any script trying to base64_encode crap to send via URL

RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]

# Block out any script that includes a <script> tag in URL

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

# Block out any script trying to set a PHP GLOBALS variable via URL

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

# Block out any script trying to modify a _REQUEST variable via URL

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

# Send all blocked request to homepage with 403 Forbidden error!

RewriteRule ^(.*)$ index.php [F,L]

# Block the include-only files.

RewriteRule ^wp-admin/includes/ - [F,L]

RewriteRule !^wp-includes/ - [S=3]

RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]

RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]

RewriteRule ^wp-includes/theme-compat/ - [F,L]

</IfModule>

########## End - Rewrite rules to block out some common exploits

 

#Allow login access to your admin area only from your ip:

<Files wp-login.php>

Order Deny,Allow

Deny from All

# Allow access from my IP address

Allow from x.x.x.x

</Files>

 

#Deny access to configuration file, wich contains usernames and passwords:

<Files wp-config.php>

Order Allow,Deny

Deny from all

</Files>

 

<Files .htaccess>

   Order Allow,Deny

   Deny from All

 

</Files>

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

# END WordPress

 

php_value upload_max_filesize 10M
php_value post_max_size 20M
php_value memory_limit 32M

 

file_uploads = On

If you don't have file_uploads = On you usualy get this message:

"Please select a file"

 

Dir:

find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;

For Files:

find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;

# Enable all core updates, including minor and major:

define( 'WP_AUTO_UPDATE_CORE', true );

Disable File Editing

 define('DISALLOW_FILE_EDIT', true);

 

Backups:

#!/bin/bash

/bin/rm -rf /mnt/*`date +%F --date='3 days ago'`.sql

/bin/rm -rf /mnt/*`date +%F --date='3 days ago'`.tgz

 

/usr/bin/mysqldump database_wp -u user_wp -p'mysqlpass' > /mnt/serverincloud.eu-`date +%Y-%m-%d`.sql

/bin/tar czfpP /mnt/serverincloud.eu-`date +%Y-%m-%d`.tgz /home/serverincloudeu/public_html/