You already know to use a decent password for your blog, but brute-force or dictionary attacks aren’t the only attacks used against bloggers. It’s much cheaper and faster to exploit software flaws, and that the hackers do. A programmer’s oversight may allow a hacker to gain access to your blog to insert spyware, adware, or links to various pharmaceuticals you’d prefer not to speak about in front of your mother.
And it’s not just WordPress proper. WordPress has caught some major criticism for its security holes — but lately it’s been a bunch of insecure plugins, not WordPress itself. Matt Mullenweg counters the argument that WordPress is insecure over here. I think he’s totally right — WordPress has a rich “plugin ecosystem” that no other blogging platform can touch.
However, the problem remains. WordPress has some great plugins that are written by people with the best of intentions — but who may not understand the importance of sanitizing data provided by untrusted users, and its relationship with security. Upgrading often, setting permissions, using good passwords, etc. — that all helps a lot — but unless you have the time and ability to painstakingly audit all program code for security vulnerabilities, you’d be best off running one of the WordPress firewalls —
Great! Yet something else that needs to be done! But would be well worth tackling!
svn co http://svn.automattic.com/wordpress/tags/2.7 .
We’re done. Now you can connect to your website and walk through the standard Wordpress installation.
Conclusion
I hope that you found this to be a useful series. I have put this entire series into a PDF document (along with a few extras) so that you can have a nice printed version available.
This is part six of our series on configuring a Slicehost slice. Today, we get into the meat of things. Put on your propeller hat because things get pretty geeky!
#! /bin/sh ### BEGIN INIT INFO # Provides: php-fastcgi # Required-Start: $all # Required-Stop: $all # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start and stop php-cgi in external FASTCGI mode # Description: Start and stop php-cgi in external FASTCGI mode ### END INIT INFO # Do NOT "set -e" PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="php-cgi in external FASTCGI mode" NAME=php-fastcgi DAEMON=/usr/bin/php-cgi PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME PHP_CONFIG_FILE=/etc/php5/cgi/php.ini # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions # If the daemon is not enabled, give the user a warning and then exit, # unless we are stopping the daemon if [ "$START" != "yes" -a "$1" != "stop" ]; then log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes" exit 0 fi # Process configuration export PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS DAEMON_ARGS="-q -b $FCGI_HOST:$FCGI_PORT -c $PHP_CONFIG_FILE" do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \ --background --make-pidfile --chuid $EXEC_AS_USER --startas $DAEMON -- \ $DAEMON_ARGS \ || return 2 } do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE > /dev/null # --name $DAEMON RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don’t delete their pidfiles when they exit. rm -f $PIDFILE return "$RETVAL" } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; restart|force-reload) log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 exit 3 ;; esac
Make /etc/init.d/php-fastcgi executable:
sudo chmod 755 /etc/init.d/php-fastcgi
Create /etc/default/php-fastcgi
sudo nano /etc/default/php-fastcgi
and add this for its content:
START=yes # Which user runs PHP? (default: www-data) EXEC_AS_USER=www-data # Host and TCP port for FASTCGI-Listener (default: localhost:9000) FCGI_HOST=localhost FCGI_PORT=10005 # Environment variables, which are processed by PHP PHP_FCGI_CHILDREN=4 PHP_FCGI_MAX_REQUESTS=1000
Recently found How to Firewall Your WordPress Blog to be useful. From the website:![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=99b30404-8ed1-41e9-8149-a2cf765abccf)
This is part eight of our series on configuring a 
This is part seven of our series on configuring a ![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=7cd902a2-fba7-4be2-8266-d7c0b3e3941e)
This is part six of our series on configuring a 
This is part five of our series on configuring a 
