On 06/03/17 20:52, Markus Rosjat wrote:
Hi there,
well if it would be up to me I would skip wordpress for good but well
it's not my decition.
So I was wondering if there is some recommendations on what to block in
the httpd.conf and what file permissions to use.
For now I have:
- like wordpress suggest 0755 on dirs and 0644 on files
- wp-config.php setting to 0400 is not going to work at all I need at
least a 0644 or nothing shows up
- in http.conf I blocked /wp_content , /wp-content /uploads/*.php,
/wp-includes, /wp-includes/*.php and /wp-admin
so if there is something I can do further to harden things just let me
know :)
advice is most apreciated
Regards
Running WPScan[1] against your WordPress installation can be useful to
check that your WordPress install isn't too full of holes.
Cheers
Fred
[1]https://github.com/wpscanteam/wpscan
