If not, it must be disabled or deleted. Of course, do not disable a module or application in a development or dump environment unless thoroughly tested (sometimes it may not be entirely clear whether a web server module or application is in use).
3. Controlling access to the web server with enhanced access control is essential for performing correct operations. Ultimately, you want to minimize the likelihood that accessing the web server will fall into the wrong hands. Here are a number of best practices to follow to maintain appropriate access control. Do not use root. If you need to perform administrative tasks, use sudo. Use powerful system (and word press) passwords. When using SSH, use the SSH key instead of the password. Consider restricting access to SSH \/ RDP from specific IP addresses. Enable 2fa (two-level authentication) on all cloud provider accounts. Ensure that each user accessing the web server has its own user. Do not share user accounts between users. Explicitly restrict people who need shell \/ SSH \/ remote desktop access. 4. File integrity monitoring (FIM) setting FIM (file integrity monitoring) helps system administrators determine when files are changed on the web server. Some files are frequently changed as part of regular web server operations, but files such as word press installation must not be changed unless the administrator changes (such as updating the wp-config.php file) or updates word press itself.
There are many options for file integrity monitoring, but it is recommended that you stick to being specific to the running application. The setting and operation are simple, and there are many adjustments. Otherwise, you will fall into meaningless reminders, unknowingly accumulate fatigue and erase efforts together. In summary, please find a solution that provides the greatest value in FIM, rather than providing more alerts and functions. 5. Do not directly expose the web server used by DDoS mitigation and WAF services to the Internet, but consider using cloudflare, fastly, Akamai or similar services to protect yourself from widespread attacks such as DDoS (denial of distributed service) attacks. Denial of service (DOS) attack is a type of attack. The attacker overwhelms the website through requests, resulting in the inability of the web server to provide requests to legitimate users.
In addition to mitigating denial of service, these cloud services also provide WAF (Web Application Firewall) function, which can usually prevent common web application attacks, such as default SQL injection (sqli) and simple cross site. Script (XSS). WAF is not a solution for web application vulnerabilities, but in particular, the use of WAF rules optimized for WordPress websites provides protection for malicious applications. What’s next? This paper discusses several common web server enhancement technologies, but there is no absolute advantage in security. Therefore, any method of defense system is not perfect. Especially in the face of a determined enemy. That’s why you want to protect all the components that make up the WordPress website. You cannot protect your web server and override WordPress security or your own computer.
However, continuous patches and good security practices and hygiene can greatly increase the effort required by attackers to successfully launch attacks. This means that in most cases, you will frustrate the attacker and attack softer objects.
