Skip to content

Instantly share code, notes, and snippets.

@ethicka
Last active September 18, 2016 22:52
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save ethicka/6465183df70300589b00 to your computer and use it in GitHub Desktop.
Hardening WordPress

Hardening WordPress

Change file permissions

Run the following commands:

find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;

find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;

chmod 400 wp-config.php or chmod 440 wp-config.php

Add to .htaccess

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
<files wp-config.php>
order allow,deny
deny from all
</files>

Edit wp-config.php

Add the following to wp-config.php

define('DISALLOW_FILE_EDIT', true);

Turn on a Firewall

Consider using ufw and fail2ban.

Protext from XML-RPC Attack

How To Protect WordPress from XML-RPC Attacks on Ubuntu 14.04

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment