Hi there,
well if it would be up to me I would skip wordpress for good but well
it's not my decition.
So I was wondering if there is some recommendations on what to block in
the httpd.conf and what file permissions to use.
For now I have:
- like wordpress suggest 0755 on dirs and 0644 on files
- wp-config.php setting to 0400 is not going to work at all I need at
least a 0644 or nothing shows up
- in http.conf I blocked /wp_content , /wp-content /uploads/*.php,
/wp-includes, /wp-includes/*.php and /wp-admin
so if there is something I can do further to harden things just let me
know :)
advice is most apreciated
Regards
--
Markus Rosjat fon: +49 351 8107223 mail: rosjat@ghweb.de
G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden
http://www.ghweb.de
fon: +49 351 8107220 fax: +49 351 8107227
Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
No comments:
Post a Comment