Blog post snippets - WordPress Security

file-perms.sh

# Assuming that:
# - the normal user on the server is `john` and he's the only member of the group `john`
# - the webroot is in `/srv/http/mywebsite.com`

# Recursively set user and group ownership of everything to john
chown john:john /srv/http/mywebsite.com -R
# Just in case, recursively remove write permission for group and others from everything
chmod go-w /srv/http/mywebsite.com -R
# Recursively set ownership of uploads to user john and group www-data
chown john:www-data /srv/http/mywebsite.com/wp-content/uploads -R
# Recursively allow the group to be able to write to uploads
chmod g+w /srv/http/mywebsite.com/wp-content/uploads -R

nginx.conf

server {
  # ...
  
  # Prevent access to scripts in uploads
  location ~* /app/uploads/.*.(php|js)$ {
    deny all;
  }
  
  # ...
}

wp-config.php

<?php

// ...

define('AUTOMATIC_UPDATER_DISABLED', true);
define('DISALLOW_FILE_EDIT',         true);
define('DISALLOW_FILE_MODS',         true);

// Run `wp cron event run --all > /dev/null 2>&1`
// in a real cronjob every few minutes
define('DISABLE_WP_CRON',            true);