https://github.com/cr0hn/wordpress-docker-sec

Anti-hacking tools deploying configuration for Wordpress
https://github.com/cr0hn/wordpress-docker-sec

hacking hardening nmap plecost security wordpress wp-scan wp-scanner

Last synced: 10 months ago
JSON representation

Anti-hacking tools deploying configuration for Wordpress

• Host: GitHub
• URL: https://github.com/cr0hn/wordpress-docker-sec
• Owner: cr0hn
• Created: 2018-03-28T10:25:00.000Z (almost 8 years ago)
• Default Branch: master
• Last Pushed: 2020-05-27T08:50:35.000Z (over 5 years ago)
• Last Synced: 2025-03-25T17:09:23.165Z (10 months ago)
• Topics: hacking, hardening, nmap, plecost, security, wordpress, wp-scan, wp-scanner
• Language: Shell
• Size: 477 KB
• Stars: 14
• Watchers: 3
• Forks: 5
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: change_statics_signature.sh
  • Funding: .github/FUNDING.yml

Awesome Lists containing this project

README

          
# Anti-hacking tools deployment of WordPress

This repo only do a small hardening of Wordpress, **without change any internal functionality** of Wordpress.

**The main goal is to disable hacking tools lik: WP-Scan or Plecost**

# Support this project

Support this project (to solve issues, new features...) by applying the Github "Sponsor" button.

## Remove Metas && versions from statics

Followed this: https://tehnoblog.org/wordpress-security-how-to-hide-wordpress-meta-generator-version-info/

## Remove PHP Warnings and debug info

Not only do security tasks, also configure the Wordpress site to suppress the PHP Warning & debug info to the website

## Changing default CSS / Javascript hashed

Some security tools for Wordpress check .css / .js files, calculate a hash and can determinate the version of Wordpress from these files.

We change these files adding spaces at the ending of these files

## Memory limit

Increased default Wordpress memory limit to 128M by default

# Examples

This docker image must be complemented with the *nginx-wordpress-docker-sec* image, that you can find at: https://github.com/cr0hn/nginx-wordpress-docker-sec

To quick test, you can download the *docker-compose.yml* form this repo and launch a complete hardened stack of Wordpress:

```yaml

version: "3"

services:

  wordpress:

    image: cr0hn/wordpress-docker-sec

    depends_on:

      - mysql

    environment:

      - WORDPRESS_DB_USER=my-user

      - WORDPRESS_DB_HOST=mysql

      - WORDPRESS_DB_PASSWORD=my-secret-pw

      - WORDPRESS_DB_NAME=wordpress

      - WORDPRESS_TABLE_PREFIX=mycustomprefix_

    volumes:

      - wordpress:/var/www/html

  nginx:

    image: cr0hn/nginx-wordpress-docker-sec

    depends_on:

     - wordpress

    volumes:

     - wordpress:/var/www/html/

    ports:

     - "8080:80"

    environment:

      POST_MAX_SIZE: 128m

  mysql:

    image: mysql:5.7

    environment:

      MYSQL_ROOT_PASSWORD: my-secret-pw

      MYSQL_DATABASE: wordpress

volumes:

  wordpress:

```

# Screenshots

If you deploy this version of configuration for Nginx + wordpress-docker-sec (see below) hacking tools will tell you something like:

## WP-Scan

![WP-SCan](screenshots/wp-scan.jpg)

## Plecost

![Plecost](screenshots/plecost.jpg)

## Nmap

![Nmap](screenshots/nmap.jpg)