Forums

WordPress › Support » Multisite

[resolved] Multisite own directory (+Security) (6 posts)

  1. joaoramos
    Member
    Posted 1 year ago #

    It is documented that giving WordPress it's own directory won't work for Multisite setups. Though, I'm slightly obsessed with security and as a fresh Multisite user I'd like to know if there are any other ways of protecting the core files. Please keep in mind I'm already Hardening WordPress the non-Multisite way. Still, are there any specific Multisite ways of doing so? Pardon me for my bad english.

  2. Andrea_r
    team pirate
    Posted 1 year ago #

    Harden the server itself.

    really, the practice of giving it its own directory is another security-thru-obscurity which will slow someone down by maybe five minutes.

    There's already extra features built in the multisite to stop non-super-admins from wrecking things. the best thing you can do is to stop people from lifting your FTP password, because that's a bajillion times easier to get.

    Use sftp or ssh to do work on your server instead, or via a web control panel and pick super-complex passwords. ;)

  3. joaoramos
    Member
    Posted 1 year ago #

    Got it. Thank you once again, Andrea ;)

  4. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 1 year ago #

    Also don't use the same password for WordPress as your FTP/SSH server.

    The one and only time my server was infected was when I used a Windows PC with no virus scanning, got a weird popup, AND was FTPing. Yeah, I knew it was screwey right then and there. Ended up with Darkmailer on my box!

  5. Andrea_r
    team pirate
    Posted 1 year ago #

    Oh, this one time? I got hacked and it was my own darn fault.

    Somehow, permissions on my wp-config were set so someone could snag it and read it. the db user's password was the same as my cpanel/ftp password.

    DOH. Yeah, bonehead all the way. (In my own defense, this was, like, 4-5 years ago...)

    Now, the hacker was not able to get into WordPress. they were able to get into my files though, and lucky for me all they did was put a index.html on the server, which overrode all the WordPress stuff.

    Lesson learned, never forgot it.

  6. joaoramos
    Member
    Posted 1 year ago #

    Yeah, a learned it the same way. All my 7 WordPress blogs (some of which where institutional) got hacked too. That's why I got obsessive with security :(

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags