add new wp-secuirty apache conf

This commit is contained in:
Matthew Saunders Brown 2023-09-26 10:27:10 -07:00
parent e7962fdee0
commit 227a940563
2 changed files with 20 additions and 0 deletions

View File

@ -0,0 +1,13 @@
# restrict access to wordpress directories
<Directory "/srv/www/*/html/wp-content/">
<Limit POST PUT DELETE>
order deny,allow
deny from all
</Limit>
</Directory>
<Directory "/srv/www/*/html/wp-content/uploads/">
<Files "*.php">
Order Deny,Allow
Deny from All
</Files>
</Directory>

View File

@ -34,6 +34,12 @@ chmod 644 /usr/local/lib/systemd/system/wp-cron.*
systemctl enable wp-cron.timer systemctl enable wp-cron.timer
systemctl start wp-cron.timer systemctl start wp-cron.timer
# enable wp-security, restricts access to wordpress directories
cp apache2/conf-available/wp-secuirty.conf /etc/apache2/conf-available/wp-secuirty.conf
chmod 644 /etc/apache2/conf-available/wp-secuirty.conf
a2enconf wp-secuirty
systemctl reload apache2
# fail2ban wordpress configs # fail2ban wordpress configs
if [[ -d /etc/fail2ban/ ]]; then if [[ -d /etc/fail2ban/ ]]; then
chmod 644 fail2ban/filter.d/* chmod 644 fail2ban/filter.d/*
@ -44,3 +50,4 @@ if [[ -d /etc/fail2ban/ ]]; then
else else
echo "Fail2ban not installed, skipping fail2ban wordpress configs." echo "Fail2ban not installed, skipping fail2ban wordpress configs."
fi fi