

How to Keep WordPress Secure - oshadi
http://wordpress.org/development/2009/09/keep-wordpress-secure/

======
dfranke
Put it in a chroot jail on a dedicated server with SELinux, GRSec, and
AppArmor all running at the same time, behind at least four layers of
firewalls. Store the server in a lead-lined room with no net connection, and a
good sturdy lock on the door whose opening requires a smart card, fingerprint
and iris scans, and presidential orders filed in triplicate. Erase the smart
card, spread acid on your fingertips, gouge your eyes out, and impeach the
president. Pass HTTP correspondence in and out on floppy disks doused in holy
water. Keep the server powered off at all times.

~~~
axod
One aspect of VPS's and (eugh) cloud computing, is the additional security. I
don't think this aspect gets trumpeted enough.

Instead of having a single big kick ass dedicated server running _everything_
, you can have maybe 10 VPS's each doing a different thing. You can group
things together in terms of risk - put wordpress on its own vps, put your
customer db on another, etc etc. At least then, if someone hacks into
wordpress, it doesn't really matter that much - they _only_ get wordpress,
nothing else, and you just clean off that machine from backups.

(Obviously have completely different login credentials for each VPS, and only
grant access from one VPS to another when really necessary, and restrict it).

~~~
yan
"You are absolutely deluded, if not stupid, if you think that a worldwide
collection of software engineers who can't write operating systems or
applications without security holes, can then turn around and suddenly write
virtualization layers without security holes." - Theo De Raadt

But yes, you are right for the most part. However, just throwing apps in VPS
doesn't automatically solve your security issues.

~~~
axod
Having 2 completely separate VPSs, in different data centers, secured with
different passwords, seems pretty much more secure than having a single server
to me.

Yes, there could theoretically be a way to punch through from an insecure VPS
into a secure VPS on the same host, but I think the chances are pretty slim
there.

~~~
desu
It's wonderful for redundancy as well. I recently migrated our DNS from two
dedicated servers in the same data centre, to three $20/month VPSs all on
different continents. I don't need power or bandwidth, what I need is super-
redundancy. These new VPS deals just hand it to me on an ultra-cheap platter.
Couldn't be happier.

The security is just an added bonus.

------
antonovka
There's no such thing as a secure WordPress installation -- the best you can
do is one without any _known_ issues.

~~~
nir
AFAIK wordpress.com never got broken into...

~~~
tptacek
That feels extremely unlikely.

~~~
simonk
Wordpress.com is up to date on the Wordpress software, only blogs that haven't
updated since the last 2 versions are open for attack.

~~~
tsally
<http://en.wikipedia.org/wiki/Zero_day_attack>

------
stse
They should try to figure out why people don't upgrade. Maybe there need to be
clearer reminders, or separation between features and security. The same goes
for why people aren't making backups. I would imagine it would be quite easy
just to diff the releases and exploit whatever got fixed anyways.

~~~
gchucky
There are pretty clear reminders. If you log into the Wordpress control panel,
there's a bar that says "The latest version is x. Click here to upgrade." And
they also built an automated update script that downloads, unpacks and
installs it all for you.

My guess is that people don't update because they fear potentially breaking
their styles or something.

~~~
philwelch
If you make a small change to the style you're using, it gets overwritten on
each update as long as it's a built-in style. The workaround is obvious
(rename your changed style) but, as an example, I have always been too lazy to
do this and I'm always behind the latest version.

~~~
photomatt
You should check out "child theme" functionality, which allows you to make
lazy changes to the style without modifying any core files, which is highly
recommended against.

~~~
philwelch
You're probably right, but if Wordpress checked out "automatically branching a
child theme every time I use the interface Wordpress itself provides me with
to modify core files" functionality, it would be more usable.

~~~
photomatt
I agree! This is on the roadmap.

------
idlewords
An approach I really like is to run your blog software of choice locally, then
rsync the generated flat files to a server. If you want comments, you'll need
to maintain some dynamic component on the server, but it still massively
reduces your exposure.

~~~
tlrobinson
I've started using Jekyll + Disqus for simple things (see
<http://narwhaljs.org> for an example).

Much less hassle than setting up a database, installing Wordpress (as easy as
it is) and most of all remembering to update Wordpress every few weeks, as
long as you don't need in-browser editing and such.

With Github pages (<http://github.com/blog/272-github-pages>) it's as simple
as pushing your source templates and documents (in HTML, Markdown, or Textile)

Jekyll is a little limited though, so I also have some scripts that do a
little preprocessing before handing it off to Jekyll.

------
oshadi
Below link shows some WordPress security tips and hacks that you can easily
implement on your WordPress blog.

[http://www.noupe.com/how-tos/wordpress-security-tips-and-
hac...](http://www.noupe.com/how-tos/wordpress-security-tips-and-hacks.html)

------
onreact-com
This post just shows how desperate these guys are. They don't even address
their own responsibility. They assume that having worms is perfectly natural.

They rather blame other people for suggesting the wrong solutions.

There is no other software out there that demands upgrades so often to no
avail getting infected again and again nonetheless.

Oh, sorry, there is one: Internet Explorer!

~~~
nir
Why not use another blogging platform then? It's not a Windows case of near-
monopoly. There are plenty of blogging platforms. If WP is crap, why not
switch to another one?

~~~
antonovka
Unfortunately, the options are very constrained if you require both features
and security. The only platform I know of with a strong security history and a
decent feature-set is Apache Roller: <http://roller.apache.org/>

------
desu
I think the single best thing you can do with wordpress is to run an SVN
install. They're usually pretty good about tagging updates, so for example the
update to 2.8.4 consisted of this:

    
    
      svn sw http://svn.automattic.com/wordpress/tags/2.8.4
    

Which is about the acceptable level of hassle IMO. Much more and I'd be outta
there.

~~~
photomatt
This is fantastic advice -- for many WP blogs I manage I just have them svn
update on a cron job nightly.

~~~
desu
You should publicise it more on the WP home page! I'm pretty technically able
and yet it took me quite a while to even realise I could do that.

