{"id":2595,"date":"2015-09-23T14:23:08","date_gmt":"2015-09-23T14:23:08","guid":{"rendered":"http:\/\/www.pir8geek.com\/?p=2595"},"modified":"2015-09-23T14:23:08","modified_gmt":"2015-09-23T14:23:08","slug":"wphardening-fortify-the-security-of-any-wordpress-installation","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=2595","title":{"rendered":"WPHardening &#8211; Fortify the security of any WordPress Installation"},"content":{"rendered":"<p><strong>Installation:<\/strong><br \/>\nInstalling WPHardening requires you to execute one console command:<\/p>\n<pre>$ pip install -r requirements.txt\n<\/pre>\n<p><strong>Usage:<\/strong><\/p>\n<pre>$ python wphardening.py -h \n __          _______  _    _               _            _\n \\ \\        \/ \/  __ \\| |  | |             | |          (_)\n  \\ \\  \/\\  \/ \/| |__) | |__| | __ _ _ __ __| | ___ _ __  _ _ __   __ _\n   \\ \\\/  \\\/ \/ |  ___\/|  __  |\/ _` | '__\/ _` |\/ _ \\ '_ \\| | '_ \\ \/ _` |\n    \\  \/\\  \/  | |    | |  | | (_| | | | (_| |  __\/ | | | | | | | (_| |\n     \\\/  \\\/   |_|    |_|  |_|\\__,_|_|  \\__,_|\\___|_| |_|_|_| |_|\\__, |\n                                                                 __\/ |\n        Fortify the security of any WordPress installation.     |___\/\n     Caceria de Spammers - http:\/\/www.caceriadespammers.com.ar\nUsage: python wphardening.py [options]\nOptions:\n  --version             show program's version number and exit\n  -h, --help            show this help message and exit\n  -v, --verbose         Active verbose mode output results\n  --update              Check for WPHardening latest stable version\n  Target:\n    This option must be specified to modify the package WordPress.\n    -d DIRECTORY, --dir=DIRECTORY\n                        **REQUIRED** - Working Directory.\n    --load-conf=FILE    Load file configuration.\n  Hardening:\n    Different tools to hardening WordPress.\n    -c, --chmod         Chmod 755 in directory and 644 in files.\n    -r, --remove        Remove files and directory.\n    -b, --robots        Create file robots.txt\n    -f, --fingerprinting\n                        Deleted fingerprinting WordPress.\n    -t, --timthumb      Find the library TimThumb.\n    --chown=user:group  Changing file and directory owner.\n    --wp-config         Wizard generated wp-config.php\n    --plugins           Download Plugins Security.\n    --proxy=PROXY       Use a HTTP proxy to connect to the target url for\n                        --plugins and --wp-config.\n    --indexes           It allows you to display the contents of directories.\n    --minify            Compressing static file .css and .js\n    --malware-scan      Malware Scan in WordPress project.\n  Miscellaneous:\n    -o FILE, --output=FILE\n                        Write log report to FILE.log\n<\/pre>\n<p><strong>Examples<\/strong><br \/>\nCheck a WordPress Project Before using the tool, we must ensure that our working directory is WordPress.<\/p>\n<pre>$ python wphardening.py -d \/home\/path\/to\/wordpress -v\n<\/pre>\n<p><strong>Change permissions:<\/strong><br \/>\nThis option is to add the correct permissions to files and directories.<\/p>\n<pre>$ python wphardening.py -d \/home\/path\/to\/wordpress --chmod -v\n<\/pre>\n<p><strong>Remove files that are not used<\/strong><br \/>\nPart of the fortification of any system is to remove those files, directories or components required.<\/p>\n<pre>$ python wphardening.py -d \/home\/path\/to\/wordpress --remove -v\\\n<\/pre>\n<p><strong>Create your robots.txt file<\/strong><br \/>\nWordPress default does not incorporate the robots.txt file with this option poemos customize our robots.txt<\/p>\n<pre>$ python wphardening.py -d \/home\/path\/to\/wordpress --robots -v\n<\/pre>\n<p>For more information robots.txt<br \/>\n<strong>Remove all fingerprinting and Version<\/strong><\/p>\n<pre>$ python wphardening.py -d \/home\/path\/to\/wordpress --fingerprinting -v\n<\/pre>\n<p><strong>Check a TimThumb library<\/strong><\/p>\n<pre>$ python wphardening.py -d \/home\/path\/to\/wordpress --timthumb -v\n<\/pre>\n<p><strong>Create Index file<\/strong><br \/>\nThis file is created as a way to avoid sailing in a directory.<\/p>\n<pre>$ python wphardening.py -d \/home\/path\/to\/wordpress --indexes -v\n\n<\/pre>\n<p><strong>Download Plugins security:<\/strong><br \/>\nThe following is a list of the most commonly used security plugins that you can download automatically:<\/p>\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/extend\/plugins\/antivirus\/\">AntiVirus<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/extend\/plugins\/bad-behavior\/\">Bad Behavior<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/extend\/plugins\/block-bad-queries\/\">Block Bad Queries<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/extend\/plugins\/exploit-scanner\/\">Exploit Scanner<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/latch\/\">Latch<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/simple-history\/\">Simple History<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/stream\/\">Stream<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/extend\/plugins\/wp-security-scan\/\">WP Security Scan<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/extend\/plugins\/wp-dbmanager\/\">WP-DBManager<\/a><\/li>\n<\/ul>\n<pre>$ python wphardening.py -d \/home\/path\/to\/wordpress --plugins\n<\/pre>\n<p><strong>Wizard generated wp-config.php<\/strong><br \/>\nThis command automatically creates a file called wp-config-wphardening.php which can then rename it.<\/p>\n<pre>$ python wphardening.py -d \/home\/path\/to\/wordpress --wp-config\n<\/pre>\n<p><strong>WPHardening update<\/strong><br \/>\nWith this option you can always have the latest version of WPHardening.<\/p>\n<pre>$ python wphardening.py --update\n<\/pre>\n<p><strong>Use all options:<\/strong><\/p>\n<pre>$ python wphardening.py -d \/home\/path\/to\/wordpress -c -r -f -t --wp-config --indexes --plugins -o \/home\/user\/wphardening.log\n<\/pre>\n<p>For more info visit: <a href=\"http:\/\/www.caceriadespammers.com.ar\" target=\"_blank\" rel=\"noopener noreferrer\">www.caceriadespammers.com.ar<\/a><br \/>\n<a href=\"https:\/\/github.com\/elcodigok\/wphardening\" target=\"_blank\" rel=\"noopener noreferrer\">Download at Git Repository<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Installation: Installing WPHardening requires you to execute one console command: $ pip install -r requirements.txt Usage: $ python wphardening.py -h __ _______ _ _ _ _ \\ \\ \/ \/ __ \\| | | | | | (_) \\ \\ \/\\ \/ \/| |__) | |__| | __ _ _ __ __| | ___ _<\/p>\n","protected":false},"author":1,"featured_media":2596,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[431,278],"tags":[568,34,569,280],"class_list":["post-2595","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerability-analysis","category-web-application","tag-exploit-scanner","tag-security","tag-wordpress","tag-wpscan"],"_links":{"self":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2595","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2595"}],"version-history":[{"count":0,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2595\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2595"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2595"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2595"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}