11. SECURITY OP SERVER-NIVEAU:
.HTACCESS
Blokkeer de includes
# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+.php$ - [F,L]
RewriteRule ^wp-
includes/js/tinymce/langs/.+.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ -
[F,L]
12. SECURITY OP SERVER-NIVEAU:
.HTACCESS
Beperk backend access
Afzonderlijke .htaccess voor in /wp-
admin
# Limit backend acces.
order deny,allow
deny from all
allow from xx.xx.xx.xx
16. SECURITY OP SERVER-NIVEAU:
ROBOTS.TXT
Vermijd dat bots kritieke locaties kunnen crawlen
Voeg volgende toe als robots.txt:
User-agent: *
Disallow: /feed/
Disallow: /trackback/
Disallow: /wp-admin/
Disallow: /wp-content/
Disallow: /wp-includes/
Disallow: /xmlrpc.php
Disallow: /wp-
17. SECURITY: USER & EXTERN
Security op de pc’s/mac’s van eindgebruiker
Illegale/”gevonden” software
UPDATES UPDATES UPDATES!!!
Komt meestal neer op het heropvoeden van de
gebruiker