Hardening WordPress (Nginx, Ubuntu, OpenStack, HP Cloud)

Abhishek Ghosh

By Abhishek Ghosh May 19, 2015 12:00 pm Updated on May 19, 2015

Hardening WordPress (Nginx, Ubuntu, OpenStack, HP Cloud)

Hardening WordPress Written on Official WordPress is Pretty Outdated & Useless for IaaS. Here is Some Tips For Hardening WordPress Running on Nginx on OpenStack on HP Cloud with Akamai DNS, Akamai CDN, Ubuntu 14.04 LTS server OS. What are written on official WordPress docs were probably worthy when the original UNIX system was developed. Frankly, those webpages has been a way to get backlinks by various pathetic services. WordPress is a web application written in a pathetic language named PHP and driven by a database named MySQL. LAMP is not used anymore, instead LEMP is used for the serious websites. Digital Ocean costs $5.00 per month and OpenShift PaaS costs $0.00 per month. Apache2 is for running bigger stuffs.

Hardening WordPress Means Server Security

using simple logics, hard passwords, disabling Email forwarding to reset the password, using key based SSH, not using Microsoft Windows as client computer to connect, using security measures for SSH like port knocking makes it near improbable to hack in to the system.

Using a good IaaS anti DDoS system like Akamai DNS makes it difficult to penetrate.

WordPress website talks too much about file permission (chmod). If UNIX Wheel group is rightly set, file ownership (chmod, chgrp) are rightly set, it is frankly impossible to read a file by the World.

We never recommend to change the default CHMOD values after un-tar-ing the wordPress tarball. Frankly, the FTP has only few things which are unique for a website, which includes wp-config.php and the wp-content directory. It is better not to change the CHMOD value of wp-config.php – instead better to use ftp specific hacks from wp-config. We can force the files not to be edited by adding :

define('DISALLOW_FILE_EDIT', true);

1	define('DISALLOW_FILE_EDIT', true);

On Nginx, we can use Nginx NAXSI for higher security. Commonly forgotten things to fix is to remove the PHP version, Nginx version etc.

Hardening WordPress : OpenStack and Nginx Non-Specific

We can easily recover an instance on OpenStack. ping is not a great feature to be enabled in general. We need no firewall on HP Cloud’s OpenStack installation as there is virtual router. Port 80 and 443 will be universally open, we can restrict with Nginx the rest.

Most of the WordPress hacks are done via either SQL injection or javascript exploits. These usually come from the Plugins and themes (from Questionable source).

Tagged With hardening ubuntu os for wordpress , hardening wordpress on ubuntu

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

About Abhishek Ghosh

Here’s what we’ve got for you which might like :

Take The Conversation Further ...

Get new posts by email: