Allowing wordpress to update itself with CentOS and securing it from spammers

Below is a list of commands to help secure your CentOS wordpress server.

SSH into your machine

If wordpress won’t allow you to update wordpress automatically and requests an FTP password, this command is especially important.

If apache isn’t the user create who.php

If the file doesn’t exist, create it.

Install fail2ban

To enable support of fail2ban in firewalld, you need to enable the epel repository under RHEL/CentOS systems.

File permissions for WordPress

Relative Path Suggested
/ 0755
/wp-admin 0755
/wp-includes 0755
/wp-config.php 0444
/wp-content 0755
/wp-content/themes 0755
/wp-content/plugins 0755
.htaccess 0444

You can set these using an FTP application such as Filezilla or using CHMOD if you have full control over your server.

Disable WordPress Pingback Exploit

There’s currently a way to exploit the Pingback command of wordpress; rather than go into great detail about it, I suggest you simply search for the plugin “Disable XML-RPC” and install it.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.