Hardening WordPress Written on Official WordPress is Pretty Outdated & Useless for IaaS. Here is Some Tips For Hardening WordPress Running on Nginx on OpenStack on HP Cloud with Akamai DNS, Akamai CDN, Ubuntu 14.04 LTS server OS. What are written on official WordPress docs were probably worthy when the original UNIX system was developed. Frankly, those webpages has been a way to get backlinks by various pathetic services. WordPress is a web application written in a pathetic language named PHP and driven by a database named MySQL. LAMP is not used anymore, instead LEMP is used for the serious websites. Digital Ocean costs $5.00 per month and OpenShift PaaS costs $0.00 per month. Apache2 is for running bigger stuffs.
Hardening WordPress Means Server Security
using simple logics, hard passwords, disabling Email forwarding to reset the password, using key based SSH, not using Microsoft Windows as client computer to connect, using security measures for SSH like port knocking makes it near improbable to hack in to the system.
Using a good IaaS anti DDoS system like Akamai DNS makes it difficult to penetrate.
WordPress website talks too much about file permission (chmod). If UNIX Wheel group is rightly set, file ownership (chmod, chgrp) are rightly set, it is frankly impossible to read a file by the World.
We never recommend to change the default CHMOD values after un-tar-ing the wordPress tarball. Frankly, the FTP has only few things which are unique for a website, which includes wp-config.php and the wp-content directory. It is better not to change the CHMOD value of wp-config.php – instead better to use ftp specific hacks from wp-config. We can force the files not to be edited by adding :
---
1 | define('DISALLOW_FILE_EDIT', true); |
On Nginx, we can use Nginx NAXSI for higher security. Commonly forgotten things to fix is to remove the PHP version, Nginx version etc.
Hardening WordPress : OpenStack and Nginx Non-Specific
We can easily recover an instance on OpenStack. ping is not a great feature to be enabled in general. We need no firewall on HP Cloud’s OpenStack installation as there is virtual router. Port 80 and 443 will be universally open, we can restrict with Nginx the rest.
Most of the WordPress hacks are done via either SQL injection or javascript exploits. These usually come from the Plugins and themes (from Questionable source).
