• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Hardening Rackspace Cloud Server for WordPress : Part 2

By Abhishek Ghosh April 6, 2014 3:12 am Updated on April 6, 2014

Hardening Rackspace Cloud Server for WordPress : Part 2

Advertisement

This is the Second Part of Our Hardening Rackspace Cloud Server Series of Guide. There are relatively unknown points which need some care to get fixed. So, we have started from Hardening Rackspace Cloud Server for WordPress Part 1 and obviously there are some points on the full step by step guide to Install WordPress on Ubuntu 13.10 on Rackspace. For any kind website, know it very well – do not run tests on relatively unknown websites offering free tools. As none of us has very well known domains; listing ourselves can expose to dangers!

 

Hardening Rackspace Cloud Server for WordPress : Users and Access Restriction

 

Normally, some Firewall Software is installed; be it IP Tables of ufw (Uncomplicated Firewall). The root user’s account should be limited from SSH via port 22 and a custom username should be used. These files of WordPress are known to be dangerous and often a point of security breech :

 

Vim
1
2
3
4
5
wp-config.php
.htaccess
read me.html
wp-admin/install.php
wp-config-sample.php

As we run the script to install WordPress, the wp-config-sample.php remains. It should be deleted or moved up to some publicly non-accessible folder. Point your browser to view our readme.html file.

Advertisement

---

So, first part is that, we have blocked the access from apache’s settings file, usually people do it from .htacess. But, people actually by chance can read your .htaccess. How people can read? Via compromised WordPress Plugin. If your WordPress is at /var/www ; you should change the permission, ownership etc :

Vim
1
2
3
sudo chown root:root /var/www/.htaccess
sudo chmod 400 /var/www/.htaccess
sudo chgrp root /var/www/.htaccess

chgrp becomes chirp by autocorrection by Mac. A reader tried a lot with chirp command on an older guide and eventually got quite angry. “Your all commands running properly but chirp is not running.”
So, the known vulnerable files should be blocked in both ways.

But you received an custom error document, right? It is actually quite easy to set from .htaccess :

Vim
1
2
3
4
# within the block for WordPress pretty permalink
ErrorDocument 403 /403.html
# unix path of this new 403.html is at /var/www/403.html when
# your WordPress is at /var/www

Actually there is tracking script too. If someone jumps too much, you will add the IP to Ban list (consider using some software on the server).

Hardening Rackspace Cloud Server for WordPress

 

Hardening Rackspace Cloud Server for WordPress : No Third Party Content Policy

 

Content means – the static files. You must not use a community version of some CDN to save $1 / month charge of Cloud Files. We need to use Google’s things as we are forced to use, try to use as less as possible. Google’s CDN, Server are of very poor quality – obviously, who is using a $3/month shared server, Google’s CDN appears blazing fast, but we have more faster, actually the fastest CDN – Cloud Files. It is Akamai’s Edge Server; from IBM to Microsoft all are clients of Akamai. Plus, Google is quite efficient at Spyware activities.

Never use other kind of Cloud DNS except of Rackspace, there is no need. Increase the TTL to near about 2 days to encourage DNS caching. If TTL is set to 2 days, even if someone changes your DNS; actually the materials will go from your server for many hours. 5 minutes TTL is for testing purpose.

For PHP, there is a patch named suhosin patch. Its easy to install :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
# Download Suhosin and cd to that place
unzip su.zip
cd suhosin-master
phpize
./configure
make
make install
echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini
Service https restart
# test
Confirm: php-v
# output
Check with Suhosin v0.9.35-dev, Copyright (c) 2007-2014, by SektionEins GmbH

We have covered almost all the common tricks used for Hardening Rackspace Cloud Server for WordPress. There might be one or two isolated tips, which will be linked on these two articles.

Tagged With AUFN , companyhgw , promisedoai

This Article Has Been Shared 862 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Hardening Rackspace Cloud Server for WordPress : Part 2

  • Mobile Phone Camera Photography : Get The Best Result

    Mobile Phone Camera Photography is becoming an important matter to seriously consider for Digital Photography. We always take a Mobile Phone with us.

  • Rackspace Cloud’s Way is The Way of Cloud Computing

    Rackspace Cloud’s Way is The Way of Cloud Computing,because Rackspace Defined the Way of Free Software usage for Cloud Computing as well as the managed support.

  • Installing WordPress on FreeBSD on Rackspace Cloud Server

    Installing Wordpress on FreeBSD on Rackspace Cloud Server is a bit different than on usual Linux distros, practically it is kind of installing on Mac OS X.

  • Cloud Storage : Understanding How it Works With Example

    Cloud Storage is important today as the individuals and companies requirements are growing exponentially and backup becoming and increasingly critical strategy.

  • Lock-In in Cloud Computing Services

    Lock-In happens in cloud as in any other sector, the service provider cloud sometimes make the transition out of their platform more difficult than it could be.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • What Online Casinos Have No Deposit Bonus in Australia March 30, 2023
  • Four Foolproof Tips To Never Run Out Of Blog Ideas For Your Website March 28, 2023
  • The Interactive Entertainment Serving as a Tech Proving Ground March 28, 2023
  • Is it Good to Run Apache Web server and MySQL Database on Separate Cloud Servers? March 27, 2023
  • Advantages of Cloud Server Over Dedicated Server for Hosting WordPress March 26, 2023

About This Article

Cite this article as: Abhishek Ghosh, "Hardening Rackspace Cloud Server for WordPress : Part 2," in The Customize Windows, April 6, 2014, March 30, 2023, https://thecustomizewindows.com/2014/04/hardening-rackspace-cloud-server-wordpress-part-2/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT