{"id":18657629,"url":"https://github.com/cr0hn/wordpress-docker-sec","last_synced_at":"2025-04-11T18:31:36.122Z","repository":{"id":69044041,"uuid":"127123583","full_name":"cr0hn/wordpress-docker-sec","owner":"cr0hn","description":"Anti-hacking tools deploying configuration for Wordpress ","archived":false,"fork":false,"pushed_at":"2020-05-27T08:50:35.000Z","size":488,"stargazers_count":14,"open_issues_count":0,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-25T17:09:23.165Z","etag":null,"topics":["hacking","hardening","nmap","plecost","security","wordpress","wp-scan","wp-scanner"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cr0hn.png","metadata":{"files":{"readme":"README.md","changelog":"change_statics_signature.sh","contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["cr0hn"]}},"created_at":"2018-03-28T10:25:00.000Z","updated_at":"2025-03-13T02:04:59.000Z","dependencies_parsed_at":null,"dependency_job_id":"d891cf92-ec20-48e7-9b6d-5c7e0d50ce68","html_url":"https://github.com/cr0hn/wordpress-docker-sec","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cr0hn%2Fwordpress-docker-sec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cr0hn%2Fwordpress-docker-sec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cr0hn%2Fwordpress-docker-sec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cr0hn%2Fwordpress-docker-sec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cr0hn","download_url":"https://codeload.github.com/cr0hn/wordpress-docker-sec/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248458507,"owners_count":21107090,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacking","hardening","nmap","plecost","security","wordpress","wp-scan","wp-scanner"],"created_at":"2024-11-07T07:29:17.136Z","updated_at":"2025-04-11T18:31:36.112Z","avatar_url":"https://github.com/cr0hn.png","language":"Shell","funding_links":["https://github.com/sponsors/cr0hn"],"categories":[],"sub_categories":[],"readme":"# Anti-hacking tools deployment of WordPress\n\nThis repo only do a small hardening of Wordpress, **without change any internal functionality** of Wordpress.\n\n**The main goal is to disable hacking tools lik: WP-Scan or Plecost**\n\n# Support this project\n\nSupport this project (to solve issues, new features...) by applying the Github \"Sponsor\" button.\n\n## Remove Metas \u0026\u0026 versions from statics\n\nFollowed this: https://tehnoblog.org/wordpress-security-how-to-hide-wordpress-meta-generator-version-info/\n\n## Remove PHP Warnings and debug info\n\nNot only do security tasks, also configure the Wordpress site to suppress the PHP Warning \u0026 debug info to the website\n\n## Changing default CSS / Javascript hashed\n\nSome security tools for Wordpress check .css / .js files, calculate a hash and can determinate the version of Wordpress from these files.\n\nWe change these files adding spaces at the ending of these files\n\n## Memory limit\n\nIncreased default Wordpress memory limit to 128M by default\n\n# Examples\n\nThis docker image must be complemented with the *nginx-wordpress-docker-sec* image, that you can find at: https://github.com/cr0hn/nginx-wordpress-docker-sec\n\nTo quick test, you can download the *docker-compose.yml* form this repo and launch a complete hardened stack of Wordpress:\n\n```yaml\n\nversion: \"3\"\nservices:\n\n  wordpress:\n    image: cr0hn/wordpress-docker-sec\n    depends_on:\n      - mysql\n    environment:\n      - WORDPRESS_DB_USER=my-user\n      - WORDPRESS_DB_HOST=mysql\n      - WORDPRESS_DB_PASSWORD=my-secret-pw\n      - WORDPRESS_DB_NAME=wordpress\n      - WORDPRESS_TABLE_PREFIX=mycustomprefix_\n    volumes:\n      - wordpress:/var/www/html\n\n  nginx:\n    image: cr0hn/nginx-wordpress-docker-sec\n    depends_on:\n     - wordpress\n    volumes:\n     - wordpress:/var/www/html/\n    ports:\n     - \"8080:80\"\n    environment:\n      POST_MAX_SIZE: 128m\n\n  mysql:\n    image: mysql:5.7\n    environment:\n      MYSQL_ROOT_PASSWORD: my-secret-pw\n      MYSQL_DATABASE: wordpress\n\n\nvolumes:\n  wordpress:\n```\n\n# Screenshots\n\nIf you deploy this version of configuration for Nginx + wordpress-docker-sec (see below) hacking tools will tell you something like:\n\n## WP-Scan\n\n![WP-SCan](screenshots/wp-scan.jpg)\n\n## Plecost\n\n![Plecost](screenshots/plecost.jpg)\n\n## Nmap\n\n![Nmap](screenshots/nmap.jpg)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcr0hn%2Fwordpress-docker-sec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcr0hn%2Fwordpress-docker-sec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcr0hn%2Fwordpress-docker-sec/lists"}