Top 10 WordPress Security Mistakes скачать в хорошем качестве

Top 10 WordPress Security Mistakes

A quick video about basic Linux security. We'll be covering basic web hosting security: the most common misconfigurations and security holes (from a System Administrator's perspective) in WordPress sites. These security tips apply to Joomla, Magento, and other content management systems as well. I'll show you how to fix the most glaring issues, which prevent a huge percentage of the security compromises I see every day. Core Application incorrect file/dir permissions -777 -- should be 775 for dirs, 644 for files except in SPECIAL cases http://stackoverflow.com/questions/37... http://serverfault.com/questions/3571... running sites as root -dave:www-data instead -- group (web server) has read, OWNER IS THE ONLY ONE WHO CAN WRITE shared PHP/user between sites -most hosting companies use shared hosting -if you have one site or 23 sites, they're all running under ONE user and ONE PHP process. -one infected site means that everything is at risk, since that site can write to other sites (and thereby cross-infect them) web user has a shell (instead of /bin/false) -grep www /etc/passwd -- /sbin/nologin good, /bin/bash == BAAAD ssh with passwd login, root login enabled -no root login from iNet. -no password based logins. Period. weak FTP/hosting/DNS passwords -hosting companies that expose FTP -- scary Administration people don't update their CMS installations and plugins people run huge amounts of plugins 3rd-party badly engineered plugins/themes/etc. vulnerable 'custom' code -- uploaders with no authentication, etc. malvertising ######################### Full Linux Sysadmin Basics Playlist:    • The Linux Basics Course: Beginner to Sysad...   Check out my project-based Linux System Administration course (free sample videos): https://www.udemy.com/hands-on-linux-... Patreon:   / tutorialinux   Official Site: https://tutorialinux.com/ Twitter:   / tutorialinux   Facebook:   / tutorialinux