WordPress, open source and security

I'm sure you've heard of WordPress, a powerful easy-to-use blogging tool. Because of it's ease of use people have been converting and using it as a low cost, low level CMS and it's now marketed that way. Due to it's growth and vast amount of uses security has become a big issue.

The biggest problems when using a widely popular open source web based system is anyone can download, and find a vulnerability to exploit in the source code. So what's the best way of protecting myself against these vulnerabilities?

  1. The simplest way is to do your research and find out if the system is being exploited, a simple Google search will help determine that. There are quite a few solid open source PHP systems with very little security issues. Look for systems using classes and not variable based file inclusion to facilitate things such as plugins and system extensions.
  2. If you must have the exploited system understand the risk and make sure you put measures in place to ensure the vulnerabilities can not be exploited. For example If your running a LAMP server and you've set permissions to allow reading/writing to a directory that should never contain executable PHP disable PHP per directory using Apache.
    <Directory /wp-content/uploads >
    RemoveHandler .phtml .pht .php .phps .php3 .php3p .php4 .php5
    RemoveType .phtml .pht .php .phps .php3 .php3p .php4 .php5
    php_flag engine off
    </Directory>

    Hide files that may contain database usernames and passwords for public view.

    <files wp-config.php>
    order allow,deny
    deny from all
    </files>
  3. If given options when installing never choose the default. Security though obscurity, the less your hackers know, the better.
  4. And lastly do a Google search and see what others are doing, prehaps you'll find a solution for a vulnerability you didn't think of.
[Home]    [Company]    [Portfolio]    [Services: [Hosting Services]   ]   [Blog]    [Contact] Follow us on facebook Follow us on Linkedin

Se3 WEB Services is a company offering  

hosting services

Se3 WEB Services an Erie PA based company offering website development, website design Hosting and IT Services, Breaking the Boundaries of Web Development
Se3 WEB Services is an Erie PA based company offering website development, website design Hosting and IT Services
 
 
 
 
Se3 WEB Services is an Erie PA based company offering website development, website design Hosting and IT Services