php - How to allow wordpress website browsing but no file write or create -


i know how can setup website in way can browse website deny creation or editing of file except ftp access.

i have wordpress website gets hacked on , over. know have find exact vulnerability, quick temporary fix, deny website create new php pages or modify existing ones still allow update done ftp.

for folder 755 , files 644 , can find, files/folder owned account user. on dedicated hosting using whm/cpanel.

from i've read, doable using file ownership, hardly know group or user ownership put on files , folders achieve this.

all malicious files loaded directly file upload script. can't deny wordpress uploading files. wordpress doesn't know ftp. via ftp permissions change file's permissions (not whole website upload rules).

you have secure wordpress. process isn't hardly. steps:

  • check if have last wordpress version (update wordpress themes/plugins/wordpress core).
  • there plugins hide using wordpress. search on google "hide wordpress plugin" or this.

  • temporarily can change rules of .htaccess file, allow accessing admin panel ip. copy/paste code @ bottom of .htaccess file:

    rewriteengine on rewritecond %{request_uri} ^(.)?wp-login.php(.)$ [or] rewritecond %{request_uri} ^(.)?wp-admin$ rewritecond %{remote_addr} !^xxxipxxx$ rewriterule ^(.)$ - [r=403,l]

and replace xxxipxxx ip address. full article can find here http://premium.wpmudev.org/blog/limit-access-login-page/ .

i hope answer you.


Comments

Post a Comment

Popular posts from this blog

angularjs - ADAL JS Angular- WebAPI add a new role claim to the token -

i have created angular spa webapi backend using adal js authentication.as there no roles in ad, need manually add role claims in order give users access different api controllers. the roles stored in database. expecting inject claim through call webapi after authentication ad. webapi code might this. identity.addclaim(new claim("role", "user")); var ticket = new authenticationticket(identity, props); var accesstoken = startup.oauthbeareroptions.accesstokenformat.protect(ticket); is possible replace adal idtoken new token? is viable solution or there other better way handle this? as initial token generated azuread, possible edit token add new claim? appreciated. graph api supporting group claims. see here: http://justazure.com/azure-active-directory-part-4-group-claims/ if @ examples on page, users assigned groups , app can check group in claims. in current version of portal, need app manifest , modify it.
Read more

php - CakePHP HttpSockets send array of paramms -

i problem when make request (i can request). $link = 'http://uri/path/?param1=1&sid=2&sid=3&sid=4' $http = $httpsocket = new httpsocket(); $res = $httpsocket->get($link); if check request pr($http); i see : [line] => /url/path/?param1=1&sid%5b0%5d=2&sid%5b1%5d=3&sid%5b2%5d=4 http/1.1 and i'm getting empty response because server doesn't know parameters sid%5b0%5d=2 when try send parameters array : $data = array('param1' => '1', 'sid' => array('2','3', '4')); i see same changes %5b0%5d - additional indexes. how fix it? unfortunately , can not change server side, if send request in browser, i'll normal response in json format. when make request, can parameters this: $param1 = $_get['param1']; $sid= $_get['sid']; tip: use diferente names parameters. have multiples sid. use sid1, sid2, sid3... update: can parameters this:
Read more

node.js - Using Node without global install -

i'm working on few node & electron (atom shell) projects , i'm curious how them work without user having install node globally. i've seen few applications including node directory in project contains node.exe binary. how go setting node project use binary? edit: thought should add, i've searched everywhere answer this, unrelated results.
Read more