Posted on

Hardening WordPress: Pre-Install – Don’t Use ‘admin’ as your Administrator Login

The default username for a wordpress install is ‘admin’ and once it’s set there’s no getting rid of it so plan this *pre-install* !!!

Once a valid username is known then an attacker can try to guess the password by trying to log in with a dictionary list of thousands of passwords. Make it hard for them and don’t choose the default login name!

 

No related posts.

Posted on

Hardening WordPress: Set Unique Auth Keys and Salts for Authentication Cookie Encryption

This entry is part 2 of 2 in the series Hardening Wordpress

This article describes how to set WordPress AUTH KEY parameters in your wp-config.php file to secure your cookies. These will ensure that your authentication cookies are encrypted using unique random salts – Codeseekah has done a good write-up and explanation here.

Let’s do it.

The page https://api.wordpress.org/secret-key/1.1/salt/ will generate suitably unique and random values on the fly and will look something like this:

define('AUTH_KEY', '-p*ac:4WAYd];@(XCtrR95F9 GM..7Ty-y/K?wVq1k|U*-QaX9<Tq[$v7SwI$[oj');
define('SECURE_AUTH_KEY', '[7;l|#G27hS<$N`H@V~PM8Tj<^rV[t|Tj(IB +?%ZTUyN8|1xM(ob|[cHzxq-C(^');
define('LOGGED_IN_KEY', 'xo|R-p(9;qNK9rhR^zwU+lgvQV0oR6jgqJ8|.=np1)>dc&Qx+-2b&d30ZxeDE(|c');
define('NONCE_KEY', '0@/BT#+%IQ3S#9YQg_h=.7zhq);|,TZ3j]*2<a]UuANXpX,ZIXf:kkfyV+@6zzPq');
define('AUTH_SALT', 'W+z`<d`6}aT #feo0#;q^+:})e,oCq*9A3u6=WXxsN^{2<5@.n53wQk2qa@4QPpI');
define('SECURE_AUTH_SALT', '6Z*}0sukZof!iCs|2]7bef9tLfbfjY@R#[<K-e3kgF~mIsu?&2-uzs@c>[i-IT8v');
define('LOGGED_IN_SALT', '=9o-~qia+jLY-ByE+Bc8T-j#=YH!mE-Hz4a,i-xR~nt)zoP[E:d8: J-tC^ke!?X');
define('NONCE_SALT', 'D|/=Qk+#0X@|?1217$AJQqR9h;|NOoc_|-q${B](

Now  edit your file using vi, pico or nano etc:

# vi wp-config.php

Look for the section below which will have empty values, delete and replace with the ones you’ve generated above:

Save and exit, job done.

Warning: All you currently logged-in users will be logged out so make sure you tell them first!

No related posts.

Posted on

Linux: Using the ‘find’ Command to Remove All Instances of a File Within a Directory Tree

This article describes how to find all instances of a file (or files matching a pattern) in a directory tree and then perform an action on them, e.g. deleting them.

There are many ways to skin this particular cat and this is one of them!

The basic find command syntax is:

find dir-name criteria action

  1. dir-name : – Defines the working directory such as look into /tmp/
  2. criteria : Use to select files such as “*.sh”
  3. action : The find action (what-to-do on file) such as delete the file.

To remove multiple files such as *.jpg or *.sh with one command find, use:

find . -name "FILE-TO-FIND" | xargs rm -rf {} \;

OR

find . -type f -name "FILE-TO-FIND" | xargs rm -f {} \;

The only difference between the above two syntax is that the first command remove directories as well whereas the second command only removes files. Options:

  1. -name "FILE-TO-FIND" : File pattern.
  2. | xargs rm -rf {} \; : Delete all files matched by file pattern.
  3. -type f : Only match files and do not include directory names.

 

Example:

To delete all the readme.html and readme.txt files in a wordpress installation located in the /var/www directory you could first of all list them to make sure you’re not going to delete something you want to keep:

find /var/www/ -name readme.* | xargs ls -la {} \;

And then delete them:

find /var/www/ -name readme.* | xargs rm -f {} \;

No related posts.

Exit mobile version
%%footer%%