wp-config Hardening SOP
One file holds the keys to everything. Harden it line by line.
— Step 1: Move wp-config.php one directory above the web root where the host allows it.
— Step 2: Set DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS to block in-dashboard code changes and installs.
— Step 3: Force FORCE_SSL_ADMIN true so admin cookies never travel plaintext.
— Step 4: Set WP_DEBUG false in production; verify debug.log isn't web-accessible.
— Step 5: Confirm no database credentials are duplicated in any committed file.
— Step 6: Verify file ownership and 640 permissions one last time.
Do this before every site goes live.
Run this every time.
Lockdown Ledger
@LockdownLedger
wp-config Hardening SOP
Этот пост опубликован в Telegram-канале Lockdown Ledger. Подписаться можно по ссылке: @LockdownLedger.