To start the service, restore the conf file first:
mv /etc/init/vsftpd.conf.stop /etc/init/vsftpd.conf
service vsftpd stopstart
==Update Wordpress==
*Upgrade wordpress and its plugins. Note: DO NOT UPDATE THEMES!!!
*Turned off the FTP Server
*Lock Locked down directory permissions more tightly(see below)*Remove disused user accounts(any contributions set to Anne Dayton)*Changed permissions of all users to author, except Tay to editor, and left just Ed and Anne to admin
I also installed the delete-all-comments-easily plugin and easily deleted the enormous queue of junk comments.
===Changing permissions===
I used the shared server config found here: https://www.smashingmagazine.com/2014/05/proper-wordpress-filesystem-permissions-ownerships/
From the wordpress dir run:
sudo find . -type f -exec chmod 644 {} +
sudo find . -type d -exec chmod 755 {} +
sudo chmod 600 wp-config.php
Image upload was tested and worked fine, and a new plugin was also installed fine.
===Installing WordFence===
I also installed the free version of WordFence. It wouldn't have stopped our last malware, most likely, but it should stop at least some of the future annoyances. I went with the basic config. The notifications are sent to mcnair@rice.edu
===Still to do===
We should consider some extra hardening! See, for example, https://codex.wordpress.org/Hardening_WordPress
That we really can't update our theme is an ongoing issue...
[[Category: McNair Admin]]