Updated WordPress Security Tips (markdown)
Peter
@@ -24,6 +24,12 @@ WordPress will look inside the web root directory for the wp-config.php file as
|
||||
|
||||
WordPress suffers from many [Full Path Disclosure](https://www.owasp.org/index.php/Full_Path_Disclosure) (FPD) vulnerabilities which can be used to facilitate in further attacks such as [Path Traversal](https://www.owasp.org/index.php/Path_Traversal). A bandaid for these bugs is to turn off directory listing in your web server's configuration file.
|
||||
|
||||
Solution: disable PHP reporting.
|
||||
Add this line in the 'php.ini' file.
|
||||
```
|
||||
error_reporting = off
|
||||
```
|
||||
|
||||
**7. Ensure any TimThumb files are up to date.**
|
||||
|
||||
TimThumb is a small php script for cropping, zooming and resizing web images which many WordPress themes use. In 2011 a Remote Code Execution vulnerability was found to affect it and was actively exploited. This vulnerability has been fixed in recent versions of TimThumb. If your WordPress theme uses the TimThumb script ensure that it is the latest version.
|
||||
|
||||
Reference in New Issue
Block a user