- Security Automation with Ansible 2
- Madhu Akula Akash Mahajan
- 143字
- 2021-07-02 22:00:00
Hardening WordPress
This includes basic checks for WordPress security misconfigurations. Some of them include:
- Directory and file permissions:
- name: update the file permissions
file:
path: "{{ WordPress_install_directory }}"
recurse: yes
owner: "{{ new_user_name }}"
group: www-data
- name: updating file and directory permissions
shell: "{{ item }}"
with_items:
- "find {{ WordPress_install_directory }} -type d -exec chmod
755 {} \;"
- "find {{ WordPress_install_directory }} -type f -exec chmod
644 {} \;"
- Username and attachment enumeration blocking. The following code snippet is part of nginx's configuration:
# Username enumeration block
if ($args ~ "^/?author=([0-9]*)"){
return 403;
}
# Attachment enumeration block
if ($query_string ~ "attachment_id=([0-9]*)"){
return 403;
}
- Disallowing file edits in the WordPress editor:
- name: update the WordPress configuration
lineinfile:
path: /var/www/html/wp-config.php
line: "{{ item }}"
with_items:
- define('FS_METHOD', 'direct');
- define('DISALLOW_FILE_EDIT', true);
There are many other checks we can add as the configuration changes and updates.
推薦閱讀
- ABB工業機器人編程全集
- 軟件架構設計
- Getting Started with Clickteam Fusion
- Practical Data Wrangling
- 數控銑削(加工中心)編程與加工
- CSS全程指南
- Hybrid Cloud for Architects
- CompTIA Linux+ Certification Guide
- 計算機網絡原理與技術
- 數據庫系統原理及應用教程(第5版)
- 我也能做CTO之程序員職業規劃
- Kubernetes for Serverless Applications
- 網站前臺設計綜合實訓
- Building a BeagleBone Black Super Cluster
- 電腦故障排除與維護終極技巧金典