WordPress.org

Ready to get started?Download WordPress

Forums

Hardening WordPress - wp-admin, uploads, no comments, deleting files (1 post)

  1. ururk
    Member
    Posted 5 years ago #

    I've followed the concepts here:

    http://codex.wordpress.org/Hardening_WordPress

    *****wp-admin*****

    As a measure to secure WordPress, I removed the wp-admin folder, and moved it to the private directory of my site, which requires a login. In order to get this config to work, I needed to create symbolic links to wp-content, wp-includes, and I copied over all root-level files. This works... to a degree.

    I'm OK with the symlinks pointing to wp-content, wp-includes. However, I'd like to figure out which files in the root wordpress directory wp-admin requires, and which it doesn't.

    Additionally, how do I figure out which files the public side does not need?

    *****uploads*****

    In order to enable wordpress to write to the uploads folder, I need to run this unix command:

    fs sa ~user/pathtosite/Public/html/wp-content/uploads groupOrServerName write

    I don't like leaving this folder server write-able, but don't know any ways to get around this. Any ideas? My biggest fear is some sort of exploit that allows someone to write to the folder using a wordpress script.

    *****comments*****

    Since WordPress is being used as a CMS, comments have been disabled. Can I safely delete:

    wp-comments-post.php
    wp-commentsrss2.php

    *****other files*****

    So, can I delete these files in the public side:

    wp-register.php
    wp-mail.php
    wp-pass.php

    or move these to the Private side?

    Thanks!

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.