[resolved] Multisite own directory (+Security) (6 posts)

  1. joaoramos
    Posted 5 years ago #

    It is documented that giving WordPress it's own directory won't work for Multisite setups. Though, I'm slightly obsessed with security and as a fresh Multisite user I'd like to know if there are any other ways of protecting the core files. Please keep in mind I'm already Hardening WordPress the non-Multisite way. Still, are there any specific Multisite ways of doing so? Pardon me for my bad english.

  2. Harden the server itself.

    really, the practice of giving it its own directory is another security-thru-obscurity which will slow someone down by maybe five minutes.

    There's already extra features built in the multisite to stop non-super-admins from wrecking things. the best thing you can do is to stop people from lifting your FTP password, because that's a bajillion times easier to get.

    Use sftp or ssh to do work on your server instead, or via a web control panel and pick super-complex passwords. ;)

  3. joaoramos
    Posted 5 years ago #

    Got it. Thank you once again, Andrea ;)

  4. Also don't use the same password for WordPress as your FTP/SSH server.

    The one and only time my server was infected was when I used a Windows PC with no virus scanning, got a weird popup, AND was FTPing. Yeah, I knew it was screwey right then and there. Ended up with Darkmailer on my box!

  5. Oh, this one time? I got hacked and it was my own darn fault.

    Somehow, permissions on my wp-config were set so someone could snag it and read it. the db user's password was the same as my cpanel/ftp password.

    DOH. Yeah, bonehead all the way. (In my own defense, this was, like, 4-5 years ago...)

    Now, the hacker was not able to get into WordPress. they were able to get into my files though, and lucky for me all they did was put a index.html on the server, which overrode all the WordPress stuff.

    Lesson learned, never forgot it.

  6. joaoramos
    Posted 5 years ago #

    Yeah, a learned it the same way. All my 7 WordPress blogs (some of which where institutional) got hacked too. That's why I got obsessive with security :(

Topic Closed

This topic has been closed to new replies.

About this Topic