Safest wordpress mode

  • Hi all,
    I have a WordPress as frontpage of my website.
    The content and design of WordPress will not change and it will be fixed.
    For WordPress security in MySQL, I gave only the “select” privilege to the MySQL user and in host, I changed the WordPress files and directories permission like as below:

    find . -type f -exec chmod 444 {} +
find . -type d -exec chmod 511 {} +
chmod 400 wp-config.php

    Does it provide the entire security without making any disturbance in WordPress usage? will it make the fully secure WordPress ?

Viewing 3 replies - 1 through 3 (of 3 total)

  • Looks like a very well constructed attempt to really lock down a WordPress site, to the point of making it totally static. Of course it won’t be able to do automatic updates, you should disable them so as to save yourself the errors when it is attempted.
    All I can suggest is that you try this and see how it works, I suspect that some parts of the WordPress machine will complain when it can’t do things like count accesses.
    So now your real security falls back on the login/password for your SQL administration, and your command shell login to the web hosting.

    May I translate and comment about the commands you are running:
    find . -type f -exec chmod 444 {} +
    for all regular files make them read only for everyone.

    find . -type d -exec chmod 511 {} +
    for all directories make them readable only by the owner, and let anyone access the contents so long as they already know the name.

    chmod 400 wp-config.php
    Make the “wp-config.php” file only readable by the owner. Now this may cause you problems as on many systems the web server is NOT running as the user who owns the files, you may need to change the owner.

    Good luck, please let us know this experiment works out.

    Thread Starter MNSY

    (@mnsy)

    Thanks for replying dear RossMitchell,
    You are right, I forgot to mention that access to wp-login and wp-admin was limited by httaccess
    For me it is working fine on suphp mod
    Best Regards.

    With a read only database I can’t see wp-login or wp-admin getting you much even if you had a plugin that would let you upload arbitrary (code for .php) files) which won’t get far with the read only directories.

    Please keep us informed of developments.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Safest wordpress mode’ is closed to new replies.