Last active
December 10, 2015 15:09
-
-
Save jmatsushita/4452789 to your computer and use it in GitHub Desktop.
Hardening instructions for Wordpress. The Admin Dashboard wordpress and plugin updates won't work (they will need to be updated manually). "By employing some, ok all of the recommendations above you have effectively disabled WordPress from modifying its own files, admin users no longer have write permission to all files, and the themes / plugins…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# cd to wordpress install root | |
# only the lunix user account should be able to write files. | |
chown -R wp_user? . | |
# the apache process should be able to read files. | |
chmod -R 750 . | |
chgrp -R apache . | |
#uploads folder needs apache to be able to write | |
chmod -R 770 ./wp-content/uploads/ | |
#prevent execution of PHP in uploads folder | |
cat <<EOF > ./wp-content/uploads/.htaccess | |
php_flag engine off | |
<Files *.php> | |
deny from all | |
</Files> | |
EOF | |
#prevent execution of PHP in the whole wp-content folder | |
cat <<EOF > ./wp-content/.htaccess | |
<Files *.php> | |
deny from all | |
</Files> | |
EOF | |
#add basic authentication on the wp-admin folder | |
#this assumes .htpasswd file exists outside the web root and generated with htpasswd -c /path/to/.htpasswd wp_someusername | |
cat <<EOF > ./wp-admin/.htaccess | |
AuthUserFile /path/to/.htpasswd | |
AuthName "Protected Site" | |
AuthType Basic | |
Require valid-user | |
EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment