garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated WordPress Security Tips (markdown)

Christian Mehlmauer
2014-06-04 01:11:22 -07:00
parent 28a7df2bea
commit 29c8e438c1
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
WordPress-Security-Tips.md

@@ -94,4 +94,23 @@ Most administrative users login to their blog via the same IP address. By whitel
**23. Use a strong password**
**24. Review the Headers sent by your Webserver**
You should always review the HTTP Headers sent by your Webserver and limit them to a minimum.
To check your Headers you can execute the following command and check the output.
```
curl -skI http://www.domain.com
```
As an example, PHP sends it's version information in a header. To disable this, add or uncomment the following line in your php.ini:
```
expose_php = Off
```
If you are running apache, you can also minimize the info sent about your Webserver. You should edit the file `/etc/apache2/conf.d/security` and set the following values:
```
ServerTokens Prod # Only show Server: Apache
ServerSignature Off # Remove internal information
TraceEnable Off # Disable trace method
```
**For further WordPress hardening tips see: [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress)**