WordPress hardening

Change location of wp-config.php file

Rename and move file to different location and then create new one in WP root folder. New wp-config.php file content:

<?php
include_once ('/direct/path/to/your/domain/folder/my_folder/pigeons.php');

Disallow file editing in wp-config.php

define('DISALLOW_FILE_EDIT', true);

Disable directory indexing and browsing

Add the following line to the top of root .htaccess file:

Options -Indexes

Disable WordPress XML-RPC with .htaccess

If you don’t use mobile app or remote connection to publish on WPBeginner etc. disable XML-RPC in root .htaccess file by adding following code:

<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

Disable script injections

Add the following code above # BEGIN WordPress line in root .htaccess:

<IfModule mod_rewrite.c>
RewriteEngine On 
RewriteBase / 
RewriteCond %{QUERY_STRING} (\<|%3C).script.(>|%3E) [NC,OR] 
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR] 
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2}) 
RewriteRule ^(.*)$ index.php [F,L] 
</IfModule>

Disable PHP file execution in certain WordPress directories

Create .htaccess file in e.g. /wp-content/uploads/ and add following code:

<Files *.php>
deny from all
</Files>

Change files and folders access permissions

WordPress recommends the following settings:

755 or 750 for directories 
644 or 640 for files 
600 for wp-config.php (also the moved one)

Password protect your WordPress admin (wp-admin) directory

Login to server panel admin and find ftp explorer. You can add password to wp-admin folder.

Recommended plugins

What they can do? Enable: two factor authentication – 2FA, SSL protocol, remove e.g. WP version from <head>, change login URL address and limit login attemptions.

  1. Google Authenticator
  2. Really Simple SSL
  3. Meta Generator and Version Info Remover
  4. WPS Hide Login
  5. WPS Limit Login

Restore postgresql db from dump

script.sh

 #!/bin/bash
 if ["$(whoami)" != "root"]; then
     echo "Start script as root root!"
     exit 1
 fi
 _DBNAME="$1"
 while [ -z "$_DBNAME" ]; do
     echo "Write DB name!"
     read _DBNAME
 done
 _DBUSER="$2"
 while [ -z "$_DBUSER" ]; do
     echo "Write DB username!"
     read _DBUSER
 done
 _PATH="$3"
 while [ -z "$_PATH" ]; do
     echo "Write path to DB dump file!"
     read _PATH
 done
 service postgresql restart
 su - postgres -c "dropdb $_DBNAME"
 su - postgres -c "createdb $_DBNAME -O $_DBUSER"
 su - postgres -c "psql $_DBNAME < $_PATH"

Update permissions – Laravel

script.sh

#!/bin/bash
if [ "$(whoami)" != "root" ]; then
     echo "Start script as root!"
     exit 1
fi
_PATH="$1"
while [ -z "$_PATH" ]; do
     echo "Write path to Laravel folder!"
     read _PATH
done
_USER="$2"
while [ -z "$_USER" ]; do
     echo "Write user name!"
     read _USER
done
chown -R $_USER:www-data $_PATH/./portal
find $_PATH/./ -type f -exec chmod 664 {} \;
find $_PATH/./ -type d -exec chmod 775 {} \;
chgrp -R www-data $_PATH/storage $_PATH/bootstrap/cache
chmod -R ug+rwx $_PATH/storage $_PATH/bootstrap/cache

Node.js – installation, update, usage

Install required packages

# apt-get install debian-keyring debian-archive-keyring apt-transport-https dirmngr

Add sources to /etc/apt/sources.list

deb https://deb.nodesource.com/node_10.x stretch main
deb-src https://deb.nodesource.com/node_10.x stretch main

Add keys

# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1655A0AB68576280

Install Node.js

# apt-get update
# apt-get install nodejs
$ npm i -g create-react-app
$ npm install -g npm

Usage

$ create-react-app <nazwa>

Update

$ npm -v // show current version
$ n lsr // list versions
$ n latest // install and use latest
$ n 12.0.0 // install and use choosed version

Docker installation

# apt-get update
# apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common
# curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
# apt-key fingerprint 0EBFCD88
# add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
# apt-get update
# apt-get install docker-ce
# apt-get install docker-compose

USB Debian

# cp <file> <device> 
# dd if=<file> of=<device> bs=4M; sync

LDAP – attributes

String X.500 AttributeType

CN - commonName
L - localityName
ST - stateOrProvinceName
O - organizationName
OU - organizationalUnitName
C - countryName
STREET - streetAddress
DC - domainComponent
UID - userid

Triple monitor in LXDE – GTX650Ti

Monitors setting: vertical – horizontal – vertical

$ vim /home/user/.config/autostart/lxrandr-autostart.desktop
[Desktop Entry]
Type=Application
Name=Autostart LXRandR
Comment=Start xrand with LXRandR settings
Exec=sh -c 'xrandr --output VGA-0 --off --output DVI-D-0 --primary --mode 1920x1200 --pos 1200x0 --rotate normal --output DVI-D-1 --mode 1920x1200 --pos 3120x0 --rotate left --output HDMI-0 --mode 1920x1200 --pos 0x0 --rotate right'
OnlyShowIn=LXDE