On 06/03/17 20:52, Markus Rosjat wrote:
> Hi there,
>
>
> well if it would be up to me I would skip wordpress for good but well
> it's not my decition.
>
> So I was wondering if there is some recommendations on what to block in
> the httpd.conf and what file permissions to use.
>
> For now I have:
>
> - like wordpress suggest 0755 on dirs and 0644 on files
>
> - wp-config.php setting to 0400 is not going to work at all I need at
> least a 0644 or nothing shows up
>
> - in http.conf I blocked /wp_content , /wp-content /uploads/*.php,
> /wp-includes, /wp-includes/*.php and /wp-admin
>
>
> so if there is something I can do further to harden things just let me
> know :)
>
>
> advice is most apreciated
>
>
> Regards
>
>
Running WPScan[1] against your WordPress installation can be useful to
check that your WordPress install isn't too full of holes.
Cheers
Fred
[1]https://github.com/wpscanteam/wpscan
No comments:
Post a Comment