- Security Automation with Ansible 2
- Madhu Akula Akash Mahajan
- 143字
- 2021-07-02 22:00:00
Hardening WordPress
This includes basic checks for WordPress security misconfigurations. Some of them include:
- Directory and file permissions:
- name: update the file permissions
file:
path: "{{ WordPress_install_directory }}"
recurse: yes
owner: "{{ new_user_name }}"
group: www-data
- name: updating file and directory permissions
shell: "{{ item }}"
with_items:
- "find {{ WordPress_install_directory }} -type d -exec chmod
755 {} \;"
- "find {{ WordPress_install_directory }} -type f -exec chmod
644 {} \;"
- Username and attachment enumeration blocking. The following code snippet is part of nginx's configuration:
# Username enumeration block
if ($args ~ "^/?author=([0-9]*)"){
return 403;
}
# Attachment enumeration block
if ($query_string ~ "attachment_id=([0-9]*)"){
return 403;
}
- Disallowing file edits in the WordPress editor:
- name: update the WordPress configuration
lineinfile:
path: /var/www/html/wp-config.php
line: "{{ item }}"
with_items:
- define('FS_METHOD', 'direct');
- define('DISALLOW_FILE_EDIT', true);
There are many other checks we can add as the configuration changes and updates.