<b>Database & Secrets Hardening SOP</b>
Apply during every new-site provisioning.
— Step 1: Set a custom table prefix at install. Not <code>wp_</code>, and not a guessable word — use a random short string.
— Step 2: Give the WordPress DB user only the rights it needs: SELECT, INSERT, UPDATE, DELETE. Drop DROP, GRANT, and FILE in production.
— Step 3: Rotate all eight <code>wp-config.php</code> salts and keys. Pull fresh ones from the official secret-key API.
— Step 4: Move <code>wp-config.php</code> one directory above webroot if your stack allows it.
— Step 5: Bind MySQL to localhost. Confirm port 3306 isn't reachable from the public internet.
— Step 6: Verify backups encrypt the dump, not just the transport.
Run this every time.
Lockdown Ledger
@LockdownLedger
<b>Database & Secrets Hardening SOP</b>
Этот пост опубликован в Telegram-канале Lockdown Ledger. Подписаться можно по ссылке: @LockdownLedger.