Wermescher Advisory Logo

Secure WordPress

Inhaltsverzeichnis

File permissions

find . -type d -exec chmod 755 {} \; # Change directory permissions rwxr-xr-x
find . -type f -exec chmod 644 {} \; # Change file permissions rw-r--r--

Ownership

During setup:

chown www-data:www-data -R * # Let Apache be owner

After setup:

chown root:root -R * 					# Let your useraccount be owner
chown www-data:www-data wp-content -R	# Let apache be owner of wp-content
chown www-data:www-data  wordfence-waf.php

find . -type d -exec chmod 755 {} \; # Change directory permissions rwxr-xr-x
find . -type f -exec chmod 644 {} \; # Change file permissions rw-r--r--

# .wordfence-waf.php
chmod 644 wordfence-waf.php

# .htaccess
chown root:root .htaccess
chmod 644 .htaccess

# wp-config.php
chown root:root wp-config.php
chmod 644 wp-config.php


# to test:
#   click on "Wordfence" - "Firewall" --> should be activated
#   activate/deactivate plugin
#   install / uninstall plugin

Special files

config – so you dont need to enter username password for installing plugins

define('FS_METHOD', 'direct');

.htaccess file in main directory

Copy your htaccess file to a backup directory

chmod 644 .htaccess

After each modification (e.g. wordfence firewall optimization) make a backup of the .htaccess file.

File permissions

Install and configure Wordfence

Install and configure UpdraftPlus

Memory limit (e.g. for woocommerce)

Edit the wp-config.php file on your WordPress site. It is located in your WordPress site’s root folder.

Next, you need to paste this code in wp-config.php file just before the line that says ‘That’s all, stop editing! Happy blogging.’

define( 'WP_MEMORY_LIMIT', '256M' );

HTTP Headers

Check your site:

https://securityheaders.com/

Enable headers for apache:

a2enmod headers

Paste this into your VirtualHost config (nano /etc/apache2/sites-enabled/...):

   Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
   Header always set X-Frame-Options "SAMEORIGIN"
   Header always set X-Xss-Protection "1; mode=block"
   Header always set X-Content-Type-Options "nosniff"
   Header always set Referrer-Policy "strict-origin"
   Header always set Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),ful>
   Header always set Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;"

Restart server

service apache2 restart

Remove old security protocols (TLS 1.1, etc.)

e.g. if you use apache and Let’s Encrypt you can edit the by modifying some lines in the configuration:

Edit the include file:

nano /etc/letsencrypt/options-ssl-apache.conf

Modify the file to include the following:

SSLProtocol all -SSLv2 -SSLv3 -TLSv1.1 -TLSv1.2

Test

check on one of the follwoing sites:

https://securityheaders.com/

https://www.ssllabs.com/

Teilen:
Weitere Posts
Windows Core Prozesse verstehen

SMSS.EXE Die Aufgabe des SMSS.exe-Prozesses ist es, neue Sitzungen zu erstellen. Zuerst werden Session 0 und Session 1 erstellt, sobald das Betriebssystem startet. Sitzung 0

Release Update auf Contabo

Erzeuge einen Snapshot Einloggen auf: https://my.contabo.com/account/login Klick auf Ihre Dienste und suche nach der korrekten IP Adresse Klick auf Verwalten – Steuerung Erzeuge einen Snapshot

Wie sichere ich meinen SSH-Server unter Linux

Normalerweise wird SSH verwendet, um sicher auf Linux-Server zuzugreifen. Durch Benutzer manuell oder auch durch automatisierte Systeme wie Ansible. Die meisten Benutzer verwenden SSH-Verbindungen mit

Sende uns eine Nachricht