Category: Cheatsheet

So, to apply some basic hardening, this is what I did:

Disable Options +Indexes on /wp/wp-content/uploads

Because WordPress is not in /, I chose to allow overrides by .htaccess for just Indexes in the /-configuration and fix this through a simple .htaccess in /wp/wp-content/uploads.

Disable XML RPC

I don’t like these kind of things and I fail to see the point of it for my specific use case. Therefore, it must go. For the WordPress-location, I added this directive to the Apache-configuration:

<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>


Updates through PHP-method

Appearantly, WordPress needs to be told to directly download updates instead of utilizing FTP. Fixed in wp-config.php by adding:
define('FS_METHOD','direct');