Hardening WordPress – wp-admin, uploads, no comments, deleting files
I’ve followed the concepts here:
As a measure to secure WordPress, I removed the wp-admin folder, and moved it to the private directory of my site, which requires a login. In order to get this config to work, I needed to create symbolic links to wp-content, wp-includes, and I copied over all root-level files. This works… to a degree.
I’m OK with the symlinks pointing to wp-content, wp-includes. However, I’d like to figure out which files in the root wordpress directory wp-admin requires, and which it doesn’t.
Additionally, how do I figure out which files the public side does not need?
In order to enable wordpress to write to the uploads folder, I need to run this unix command:
fs sa ~user/pathtosite/Public/html/wp-content/uploads groupOrServerName write
I don’t like leaving this folder server write-able, but don’t know any ways to get around this. Any ideas? My biggest fear is some sort of exploit that allows someone to write to the folder using a wordpress script.
Since WordPress is being used as a CMS, comments have been disabled. Can I safely delete:
So, can I delete these files in the public side:
or move these to the Private side?
- The topic ‘Hardening WordPress – wp-admin, uploads, no comments, deleting files’ is closed to new replies.