How to harden your Wordpress install (ssh)

I figured out how to harden wordpress using ssh and some common sense.

I changed ownership (user) of the cache and uploads folder to apache by

chown apache uploads
chown apache cache

to enable apache to write to it

chmod was set to more restrictive value of 755 each instead of easily
exploitable (as it happened on solarvps and zone.net) chmod 777

chmod 755 uploads
chmod 755 cache

giving me the following structure

ls -l /wp-content/

drwxr-xr-x 2 apache psacln 60416 May 3 05:39 cache
-rw-r--r-- 1 comh4x3d psacln 30 Nov 14 03:26 index.php
drwxr-xr-x 83 comh4x3d psacln 3072 Apr 17 12:48 plugins
drwxr-xr-x 9 comh4x3d psacln 1024 Apr 17 12:37 themes
drwxr-xr-x 5 comh4x3d psacln 1024 Mar 25 07:04 upgrade
drwxr-xr-x 3 apache psacln 8192 May 3 05:38 uploads

by that wordpress can upload files to the uploads folder and files can
be created in the cache folder.

to restrict the folders even more I added a
.htaccess file with chmod 644 each

vi .htaccess

for uploads:

Deny from all
Allow from 72.249.95.104 # server IP address

Order Allow,Deny
Deny from all
# deny everything but the
image and text files
Allow from all


# deny
opening those files
Order Allow,Deny
Deny from all


similar file for the cache folder, but instead of the image and doc
files only meta and html are allowed, make sure to remove html from
execcgi line

I hope you appreciate this article,

best,
julian klewes
h4×3d.com