• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Hardening Rackspace Cloud Server for WordPress : Part 1

By Abhishek Ghosh April 5, 2014 8:55 am Updated on April 5, 2014

Hardening Rackspace Cloud Server for WordPress : Part 1

Advertisement

Hardening Rackspace Cloud Server for WordPress is Important Because There Are Plugins Like W3 Total Cache Which Can Expose Things to Public. In general, we do NOT recommend to (1) Use an unmanaged server running WordPress for production sites (2) Use an unmanaged server running WordPress for production sites with various WordPress Plugins. (3) Use Popular Blogger Hero’s quick tips to make WordPress faster via .htaccess tricks.

One WordPress Plugin can be sufficient enough to fully compromise a website. We highly recommend to (1) Read all the topics written by Rackspace on their Knowledge base as articles (2) Get used with UNIX administration even if it is a managed server, the Home actually is yours but it is rented. You have more responsibilities than Rackspace Cloud Team. (3) Communicate with Rackspace Support in case you do some developmental works (quite risky); point to the webpage to ask to modify the things which probably increase server’s security, which are too related to a particular CMS (so out of scope for an UNIX administrator), like this guide on Hardening Rackspace Cloud Server for WordPress. (4) Read good blogs, articles on the web on UNIX Administration. (5) Use a different server for MySQL and close all the ports and use, activate only the IPv6 address for it.

 

Hardening Rackspace Cloud Server for WordPress : Part 1

 

Unmanaged Rackspace Cloud Server is actually a wrong terminology. There are many existing supports for normal accounts too. Please check Official Website for the list. Clearly, for the unmanaged – the Server Softwares are not configured by Rackspace for you and it is not monitored. But, actually there is monitoring, as one Server if get compromised can create trouble for the whole node. We DO NOT represent Rackspace and our recommendations can vary. Always give more importance to Rackspace’s current and let us know about such conflict. As, we are moving towards an age of Software Defined Data Center, after 5 years, probably you and me will rent a Software Defined Data Center instead of IaaS. WordPress, Google etc. might not exist after 5 years, but definitely – (1) Points on Security (2) Rackspace’s excellent support (3) OpenStack etc. will exist.

Advertisement

---

It is named Hardening Rackspace Cloud Server for WordPress Part 1 but actually you can take the story has started from How To Install WordPress on Ubuntu 13.10 on Rackspace Cloud Server, Create .htaccess Password for wp-login Page etc. articles. At current situation for enhanced privacy :

  1. Try not to use certain products from Google – Web Fonts (Both Google and Adobe collects data), Javascript Library (use Cloud Files or Akamai as CDN), Analytics (use Piwik like F/OSS), Google’s Mail Server etc.
  2. Block Google and other bot’s access to wp-admin, wp-includes, wp-content (except few folders like uploads) folder via .htaccess Password . It is quite difficult to configure to give the Ajax related PHP files to be allowed to pass port 80 or port 443, but it worths the time. Plugins can store API keys in raw text files. Robots.txt is never a secured way to block access.
  3. Change the ownership of files like wp-config.php, .htaccess to root and CHMOD to 400.
  4. Never ever CHMOD any folder to 0777. Read How To Fix Cannot Upload Media via WordPress Uploader or Update Plugins.
  5. Use Redis Cache and Other Plugins. Avoid using W3 Total Cache at current situation.
  6. Unless you are an educational institute or Governmental agency; it is unlikely to be a targeted fool to be attacked. But the number of newbie hackers is not less.
  7. Offload Comments to other’s server like try to use some Commenting Platform.

Hardening Rackspace Cloud Server for WordPress
 

Hardening Rackspace Cloud Server for WordPress : World Do Not Need To Know Your Server’s OS, PHP version, Apache’s Version

 

Medicine for the Script Kiddies

Hear about Script kiddie ? It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated hacking programs or exploits on their own, and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities. Add these three lines (or check if already you have added) to your .htaccess file within in the WordPress’s default block for Pretty Permalink :

 

Vim
1
2
3
4
5
6
# Options -Indexes disables directory browsing, uncomment the line below to activate
#Options -Indexes
# libwww-perl fix
RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)=http [NC]
RewriteRule ^(.*)$ “ [F,L]

 

It is a kind of fix for running libwww-perl hack for Apache Servers. Use custom error html pages like :

Vim
1
2
# Add to your .htaccess file
ErrorDocument 401 https://thecustomizewindows.com/401.html

401.html really should exist like ours.

Medicine for the Advanced Guys

Rexford H. Swain is a great person, he has excellent set of Online Tools :

Vim
1
http://www.rexswain.com/

Check your Header first :

Vim
1
http://www.rexswain.com/httpview.html

Also use this tool :

Vim
1
http://http-headers.online-domain-tools.com/

You must get rid off :

  1. Which Apache version is used
  2. Which PHP version is used
  3. Which OS the Server uses
  4. Any X-Powered-By header, W3 Total Cache nicely adds their own increasing more vulnerability

First, activate ServerSignature and ServerToken to off state :

 

Vim
1
2
3
4
5
6
7
8
9
# This is for Apache plus Ubuntu
cd /etc/apache2/
sudo nano apache2.conf
# scroll to the bottom and add these just above the vim stuffs (if exists)
ServerSignature Off
ServerTokens Prod
# press control [ ^ ] + O to save and [ ^ ] + X to exit
# restart apache
/etc/init.d/apache2 restart

All server signatures will go away, any 401, 403 page will never tell about the Port number 80 and OS name!

Test here :

Vim
1
http://http-headers.online-domain-tools.com/

All X-Powered-By-(the-bitch) will go away if you unset :

Vim
1
http://php.net/manual/en/function.header-remove.php

By now, you should know where is php.ini file, is not it? Find and edit this line in nano text editor :

Vim
1
2
3
4
expose_php = On
# change to
expose_php = off
# Off and off has no difference

As we enable mod_rewrite, we must set TraceEnable to off :

Vim
1
2
Add either in apache2.conf or in .htaccess
TraceEnable off

Do a telnet now :

Vim
1
telnet YOUR-IP 80

TraceEnable off causes apache to return a 403 Error. X-Powered-By-(the-bitches) has nothing to do with ‘encouraging caching’, actually they are for Reverse Proxy and Microsoft re-introduced it in ASP days for branding, they really encourage to get hacked by getting your setup identified. We should hide as much if we are serving plain html pages. Google is bad, but honestly they never say to expose these known vulnerabilities.

This Article Has Been Shared 942 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Hardening Rackspace Cloud Server for WordPress : Part 1

  • Installing XenForo Forum Software on Rackspace Cloud Sites

    Installing XenForo Forum Software on Rackspace Cloud Sites is just easy as installing WordPress, but the .htaccess needs a bit tweak for proper working.

  • Cloudpaging : What is Cloudpaging and How it Works

    Cloudpaging is based on Virtualization, applications are pre-virtualized, encrypted and split into pieces. System intense Apps or Games can take the advantage.

  • Cloud Computing and Airline Industry

    Cloud Computing Airline Industry might appear to most as separate and unrelated. Fact is, Airline Industry needs space on centralized host and softwares.

  • SoundCloud : What is SoundCloud and How to Use the Service

    SoundCloud is an online platform for musician and audio enthusiasts for distributing audio files. It serves as co-operation platform for the audiophiles.

  • Cloud Server and Cloud Storage : Overview of Cloud Market

    Cloud Server and Cloud Storage right now has quite good competition.Appropriately it can be compared with virtual marketplace.Here is overview of Cloud Market.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • The Importance of Voice and Style in Essay Writing April 1, 2023
  • What Online Casinos Have No Deposit Bonus in Australia March 30, 2023
  • Four Foolproof Tips To Never Run Out Of Blog Ideas For Your Website March 28, 2023
  • The Interactive Entertainment Serving as a Tech Proving Ground March 28, 2023
  • Is it Good to Run Apache Web server and MySQL Database on Separate Cloud Servers? March 27, 2023

About This Article

Cite this article as: Abhishek Ghosh, "Hardening Rackspace Cloud Server for WordPress : Part 1," in The Customize Windows, April 5, 2014, April 1, 2023, https://thecustomizewindows.com/2014/04/hardening-rackspace-cloud-server-wordpress-part-1/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT