Created
December 12, 2017 14:12
-
-
Save andrejcremoznik/8d6ecef7aa11b8750a28637b42b57528 to your computer and use it in GitHub Desktop.
Blog post snippets - WordPress Security
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Assuming that: | |
# - the normal user on the server is `john` and he's the only member of the group `john` | |
# - the webroot is in `/srv/http/mywebsite.com` | |
# Recursively set user and group ownership of everything to john | |
chown john:john /srv/http/mywebsite.com -R | |
# Just in case, recursively remove write permission for group and others from everything | |
chmod go-w /srv/http/mywebsite.com -R | |
# Recursively set ownership of uploads to user john and group www-data | |
chown john:www-data /srv/http/mywebsite.com/wp-content/uploads -R | |
# Recursively allow the group to be able to write to uploads | |
chmod g+w /srv/http/mywebsite.com/wp-content/uploads -R |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
# ... | |
# Prevent access to scripts in uploads | |
location ~* /app/uploads/.*.(php|js)$ { | |
deny all; | |
} | |
# ... | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// ... | |
define('AUTOMATIC_UPDATER_DISABLED', true); | |
define('DISALLOW_FILE_EDIT', true); | |
define('DISALLOW_FILE_MODS', true); | |
// Run `wp cron event run --all > /dev/null 2>&1` | |
// in a real cronjob every few minutes | |
define('DISABLE_WP_CRON', true); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment