Hosting and Security
The default username for a wordpress install is ‘admin’ and once it’s set there’s no getting rid of it so plan this *pre-install* !!!
Once a valid username is known then an attacker can try to guess the password by trying to log in with a dictionary list of thousands of passwords. Make it hard for them and don’t choose the default login name!
This article describes how to set WordPress AUTH KEY parameters in your wp-config.php file to secure your cookies. These will ensure that your authentication cookies are encrypted using unique random salts – Codeseekah has done a good write-up and explanation here.
Let’s do it.
The page https://api.wordpress.org/secret-key/1.1/salt/ will generate suitably unique and random values on the fly and will look something like this:
define('AUTH_KEY', '-p*ac:4WAYd];@(XCtrR95F9 GM..7Ty-y/K?wVq1k|U*-QaX9<Tq[$v7SwI$[oj');
define('SECURE_AUTH_KEY', '[7;l|#G27hS<$N`H@V~PM8Tj<^rV[t|Tj(IB +?%ZTUyN8|1xM(ob|[cHzxq-C(^');
define('LOGGED_IN_KEY', 'xo|R-p(9;qNK9rhR^zwU+lgvQV0oR6jgqJ8|.=np1)>dc&Qx+-2b&d30ZxeDE(|c');
define('NONCE_KEY', '0@/BT#+%IQ3S#9YQg_h=.7zhq);|,TZ3j]*2<a]UuANXpX,ZIXf:kkfyV+@6zzPq');
define('AUTH_SALT', 'W+z`<d`6}aT #feo0#;q^+:})e,oCq*9A3u6=WXxsN^{2<5@.n53wQk2qa@4QPpI');
define('SECURE_AUTH_SALT', '6Z*}0sukZof!iCs|2]7bef9tLfbfjY@R#[<K-e3kgF~mIsu?&2-uzs@c>[i-IT8v');
define('LOGGED_IN_SALT', '=9o-~qia+jLY-ByE+Bc8T-j#=YH!mE-Hz4a,i-xR~nt)zoP[E:d8: J-tC^ke!?X');
define('NONCE_SALT', 'D|/=Qk+#0X@|?1217$AJQqR9h;|NOoc_|-q${B](
Now edit your file using vi, pico or nano etc:
# vi wp-config.php
Look for the section below which will have empty values, delete and replace with the ones you’ve generated above:
Save and exit, job done.
Warning: All you currently logged-in users will be logged out so make sure you tell them first!
This article describes how to find all instances of a file (or files matching a pattern) in a directory tree and then perform an action on them, e.g. deleting them.
There are many ways to skin this particular cat and this is one of them!
The basic find command syntax is:
find dir-name criteria action
To remove multiple files such as *.jpg or *.sh with one command find, use:
find . -name "FILE-TO-FIND" | xargs rm -rf {} \;
OR
find . -type f -name "FILE-TO-FIND" | xargs rm -f {} \;
The only difference between the above two syntax is that the first command remove directories as well whereas the second command only removes files. Options:
Example:
To delete all the readme.html and readme.txt files in a wordpress installation located in the /var/www directory you could first of all list them to make sure you’re not going to delete something you want to keep:
find /var/www/ -name readme.* | xargs ls -la {} \;
And then delete them:
find /var/www/ -name readme.* | xargs rm -f {} \;
