Changes

Jump to navigation Jump to search
*Check file permissions everything is 644, except wp-content which is 755
*Checking dbase rights and setting new passwords.
*Changing passwords on old accounts (with posts, so the accounts shouldn't be deleted) to random strong strings.
 
Checking user rights in the dbase and changing their password:
SET PASSWORD FOR 'username'@'localhost'='newpassword';
(Note that this shouldn't be logged in clear on the server, but might be on a client. Delete .mysql_history at the end of your session.)
 
.htaccess in wp-includes:
# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
# BEGIN WordPress
 
The #BEGIN WordPress tag is redundant as the file is 644 root.
 
Add the following to .htaccess in the wordpress dir:
<files wp-config.php>
order allow,deny
deny from all
</files>
==HTTPS==

Navigation menu