On 06/03/17 20:52, Markus Rosjat wrote:
Hi there,


well if it would be up to me I would skip wordpress for good but well it's not my decition.

So I was wondering if there is some recommendations on what to block in the httpd.conf and what file permissions to use.

For now I have:

- like wordpress suggest 0755 on dirs and 0644 on files

- wp-config.php setting to 0400 is not going to work at all I need at least a 0644 or nothing shows up

- in http.conf I blocked /wp_content , /wp-content /uploads/*.php, /wp-includes, /wp-includes/*.php and /wp-admin


so if there is something I can do further to harden things just let me know :)


advice is most apreciated


Regards



Running WPScan[1] against your WordPress installation can be useful to check that your WordPress install isn't too full of holes.

Cheers

Fred

[1]https://github.com/wpscanteam/wpscan

Reply via email to