# Securing Apache/Wordpress



## TSS (Feb 12, 2009)

All,

I've set up a FreeBSD box to run Apache and Wordpress.  I am particuarly concerned about security.  So far, I have taken the steps which I know how to do (strict SSHD login rules, making sure MysQL DB has a password, etc).  I was hoping that I could get some tips for additional steps I could take to ensure the security of my server.

Thanks! 

Tim


----------



## gilinko (Feb 12, 2009)

There is a lot to do, but most of it isn't related to apache. If you are looking for true security I would suggest you enable a firewall for basic security and disable any services you might not need. All this can be found in the FreeBSD handbook.

For php there is a few security things that can be done, as is listed here: http://www.php.net/manual/en/security.php Most of these are standard settings that you have pre-set in the php.ini-recommended file.

As a final tip is to keep your software updated with ports(if you are using ports) using portaudit and such tools, for which there also is a section in the handbook.


----------



## vivek (Feb 12, 2009)

Create separate wordpress user and password. Only give access to wp database.

Always, runs updated version of WP.

Subscribe to freebsd security advice email notice and apply all kernel, userland and ports patches. 

Use firewall such as pf to block unwanted traffic.

Use Apache2 mod_security.


HTH


----------



## rghq (Feb 14, 2009)

To what has been said - use Suhosin + Mod_Security

If you can't find any whitelist rules for Wordpress, maybe run these in Detection Mode to collect some data to that can be used for later blocking.

And most important - install updates and read the logs (yes, that boring part - I know  )


----------



## vivek (Feb 15, 2009)

rghq said:
			
		

> To what has been said - use Suhosin


Suhosin is by default included with PHP5 under FreeBSD.


----------



## r-c-e (Feb 15, 2009)

Also, use .htaccess to only allow your IP to the wp-admin directory. Make sure your *plugins* are up to date as well.


----------

