Updated WordPress Security Tips (markdown)
ethicalhack3r
@@ -18,9 +18,9 @@ Through experience we've found that WordPress plugins are normally the weakest l
|
|||||||
|
|
||||||
WordPress will look inside the web root directory for the wp-config.php file as well as within the directory above it. This will help in minimising the file being exposed to the Internet.
|
WordPress will look inside the web root directory for the wp-config.php file as well as within the directory above it. This will help in minimising the file being exposed to the Internet.
|
||||||
|
|
||||||
**6. Turn off directory listing on your web server.**
|
**6. Turn off verbose errors on your web server.**
|
||||||
|
|
||||||
WordPress suffers from many [Full Path Disclosure](https://www.owasp.org/index.php/Full_Path_Disclosure) (FPD) vulnerabilities which can be used to facilitate in further attacks such as [Path Traversal](https://www.owasp.org/index.php/Path_Traversal). A bandaid for these bugs is to turn off directory listing in your web server's configuration file.
|
WordPress suffers from many [Full Path Disclosure](https://www.owasp.org/index.php/Full_Path_Disclosure) (FPD) vulnerabilities which can be used to facilitate in further attacks such as [Path Traversal](https://www.owasp.org/index.php/Path_Traversal). A bandaid for these bugs is to turn off verbose errors in your web server's configuration file.
|
||||||
|
|
||||||
Solution: disable PHP reporting.
|
Solution: disable PHP reporting.
|
||||||
Add this line in the 'php.ini' file.
|
Add this line in the 'php.ini' file.
|
||||||
|
|||||||
Reference in New Issue
Block a user