Skip to content
Anti-hacking tools deploying configuration for Wordpress
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
screenshots first commit Mar 28, 2018
.gitignore first commit Mar 28, 2018
Dockerfile
README.md
change_statics_signature.sh
docker-compose.yml
docker-entrypoint.sh
hardenize-and-run.sh
remove_metas_and_versions.txt first commit Mar 28, 2018
remove_php_warnings.txt remove PHP warnings && debug info Apr 9, 2018
swarm-stack.yml add missing environ var for wordpress Jun 27, 2019

README.md

Anti-hacking tools deployment of WordPress

This repo only do a small hardening of Wordpress, without change any internal functionality of Wordpress.

The main goal is to disable hacking tools lik: WP-Scan or Plecost

Remove Metas && versions from statics

Followed this: https://tehnoblog.org/wordpress-security-how-to-hide-wordpress-meta-generator-version-info/

Remove PHP Warnings and debug info

Not only do security tasks, also configure the Wordpress site to suppress the PHP Warning & debug info to the website

Changing default CSS / Javascript hashed

Some security tools for Wordpress check .css / .js files, calculate a hash and can determinate the version of Wordpress from these files.

We change these files adding spaces at the ending of these files

Memory limit

Increased default Wordpress memory limit to 128M by default

Examples

This docker image must be complemented with the nginx-wordpress-docker-sec image, that you can find at: https://github.com/cr0hn/nginx-wordpress-docker-sec

To quick test, you can download the docker-compose.yml form this repo and launch a complete hardened stack of Wordpress:

version: "3"
services:

  wordpress:
    image: cr0hn/wordpress-docker-sec
    depends_on:
      - mysql
    environment:
      - WORDPRESS_DB_USER=my-user
      - WORDPRESS_DB_HOST=mysql
      - WORDPRESS_DB_PASSWORD=my-secret-pw
      - WORDPRESS_DB_NAME=wordpress
      - WORDPRESS_TABLE_PREFIX=mycustomprefix_
    volumes:
      - wordpress:/var/www/html

  nginx:
    image: cr0hn/nginx-wordpress-docker-sec
    depends_on:
     - wordpress
    volumes:
     - wordpress:/var/www/html/
    ports:
     - "8080:80"
    environment:
      POST_MAX_SIZE: 128m

  mysql:
    image: mysql:5.7
    environment:
      MYSQL_ROOT_PASSWORD: my-secret-pw
      MYSQL_DATABASE: wordpress


volumes:
  wordpress:

Screenshots

If you deploy this version of configuration for Nginx + wordpress-docker-sec (see below) hacking tools will tell you something like:

WP-Scan

WP-SCan

Plecost

Plecost

Nmap

Nmap

You can’t perform that action at this time.