WordPress.org

Support

Support » Multisite » [Resolved] Multisite own directory ( Security)

[Resolved] Multisite own directory ( Security)

  • It is documented that giving WordPress it’s own directory won’t work for Multisite setups. Though, I’m slightly obsessed with security and as a fresh Multisite user I’d like to know if there are any other ways of protecting the core files. Please keep in mind I’m already Hardening WordPress the non-Multisite way. Still, are there any specific Multisite ways of doing so? Pardon me for my bad english.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Harden the server itself.

    really, the practice of giving it its own directory is another security-thru-obscurity which will slow someone down by maybe five minutes.

    There’s already extra features built in the multisite to stop non-super-admins from wrecking things. the best thing you can do is to stop people from lifting your FTP password, because that’s a bajillion times easier to get.

    Use sftp or ssh to do work on your server instead, or via a web control panel and pick super-complex passwords. 😉

    Got it. Thank you once again, Andrea 😉

    Also don’t use the same password for WordPress as your FTP/SSH server.

    The one and only time my server was infected was when I used a Windows PC with no virus scanning, got a weird popup, AND was FTPing. Yeah, I knew it was screwey right then and there. Ended up with Darkmailer on my box!

    Oh, this one time? I got hacked and it was my own darn fault.

    Somehow, permissions on my wp-config were set so someone could snag it and read it. the db user’s password was the same as my cpanel/ftp password.

    DOH. Yeah, bonehead all the way. (In my own defense, this was, like, 4-5 years ago…)

    Now, the hacker was not able to get into WordPress. they were able to get into my files though, and lucky for me all they did was put a index.html on the server, which overrode all the WordPress stuff.

    Lesson learned, never forgot it.

    Yeah, a learned it the same way. All my 7 WordPress blogs (some of which where institutional) got hacked too. That’s why I got obsessive with security 🙁

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘[Resolved] Multisite own directory ( Security)’ is closed to new replies.