2012
29.08

WordPress has potential security issues just like any other software. There are some steps that can be taken to help prevent your site being attacked.

The most common attacks usually fall into one of two categories:
- Sending specially-crafted HTTP requests to your server with specific exploit payloads for specific vulnerabilities. These include old/outdated plugins and software.
- Attempting to gain access to your blog by using “brute-force” password guessing.

  1. Keep WordPress up to date. Security vulnerabilities are always being looked at and fixed, so keeping up to date is very important.
  2. Make sure the web server your WordPress site is being hosted on is running secure stable versions of it’s software, or use a trusted web host that takes care of this for you.
  3. Find out if your web host makes regular backups of your site and database. You have to consider how you would restore your site if it was attacked. Personally I store all my sites on a Git server (Github is also a good choice for this if you don’t have your own server), meaning that I would just need a backup of the live database if I wanted to restore a site.
  4. Use strong passwords for all WordPress users, and make sure the Administrator user is not called ‘admin’.
  5. Use SFTP when connecting to your site, so that all data and passwords are encrypted.
  6. Lock down file permissions as much as possible. See the codex for more info on this.
  7. Keep plugins updated, and delete any that aren’t being used. Plugins that need write access to the WordPress files and directories should be used with caution. Make sure these are plugins from a trusted source.
  8. Block some SQL injection attacks by changing the database table prefix to something other than ‘wp_’.

This information was taken from the WordPress Codex, but common sense can also be applied. WordPress itself is pretty secure, it’s often the web hosting itself that can allow attacks to happen so make sure you use a reputable hosting company that doesn’t cut corners.

2012
28.08

I recently got my own VPS, and decided to start using it as a Git server. It’s a Linux server running Centos 6. This tutorial assumes some knowledge of basic Linux commands.

As root or a user with sudo permissions, first thing is to install the dependencies Git will need:
$ yum -y install zlib-devel openssl-devel cpio expat-devel gettext-devel

Then change directories ready to wget Git:
$ cd /usr/local/src

Download Git:
$ wget http://git-core.googlecode.com/files/git-1.7.9.tar.gz

Untar it and change directory:
$ tar xvzf git-1.7.9.tar.gz
$ cd git-1.7.9

Configure a make file, then install Git:
$ ./configure
$ make
$ make install

That’s it, Git is installed!
Next you will need to add a user called git, and give them a password:
$ adduser git
$ passwd git

Now switch to your local machine and check if you have a public SSH key:
$ ls ~/.ssh/id_rsa.pub

If you don’t, run
$ ssh-keygen
to generate a public/private key pair. Then copy it to the git users home directory on your server:
$ scp ~/.ssh/id_rsa.pub git@yourservername.com:

Connect to your server via ssh again, and copy the key to the Git users authorised keys:
$ cd /home/git/
$ mkdir -p .ssh
$ cat id_rsa.pub >> .ssh/authorized_keys

The restrict the permissions for .ssh and it’s contents:

$ chmod 700 .ssh
$ chmod 400 .ssh/authorized_keys

Passwordless SSH is now setup. You should be able to connect from your local machine like this:
$ ssh git@[your server name]

Once connected as the git user, you can setup your first Git repo:
$ mkdir testproject.git
$ cd testproject.git
$ git init --bare

‘Bare’ means that the repo will be initialised in the current directory, rather than making a new one.

Next go back to your local environment and go into the directory of the repo you want to push to your remote server. Add the remote location, and push:
$ git remote add origin git@[yourserver]:testproject.git
$ git status
$ git add .
$ git commit -m "initial commit"
$ git push origin master

That’s it! I did all of the above following these 2 tutorials:
Setting up Git on Centos
Running a simple git server using SSH

Comments welcome for anything I’ve missed/overlooked.