Hi,
for security reasons I want to use this command.
How can I use it to lock a specific domain?
How to use v-lock-wordpress to prevent spreading or being infected by PHP malware
This command has the following syntax:
In this case, you should simply write the URL of your website instead of the DOMAIN - for example:
For updating purposes, you will have to first unlock your website by running the following command:
The following is a further explanation of the code inside:
This script does the following to prevent PHP-FPM from editing/adding any files:
This way, PHP-FPM that is running as local user, can not edit/add any files.
Additionally, for those folders :
That will allow editing/adding there, but... then
Additionally, the script checks and corrects file and folder permissions:
IMPORTANT:
As mentioned before, you will have to use v-unlock-wordpress in order to be able to update your WordPress site - since the process involves changing PHP files.
Code: Select all
v-lock-wordpress DOMAIN
Code: Select all
v-lock-wordpress yourdomain.com
Code: Select all
v-unlock-wordpress yourdomain.com
The following is a further explanation of the code inside:
This script does the following to prevent PHP-FPM from editing/adding any files:
Code: Select all
chmod -R 0755 public_html/
chown -R www-data:www-data public_html/
Additionally, for those folders :
- wp-content/uploads/
- wp-content/cache/
Code: Select all
chmod -R 0755
chown -R currentUser:currentUser
- it will add .htaccess file to prevent execution of .php files inside those folders.
Additionally, the script checks and corrects file and folder permissions:
Code: Select all
find public_html/ -type d -exec chmod 755 {} +
find public_html/ -type f -exec chmod 644 {} +
As mentioned before, you will have to use v-unlock-wordpress in order to be able to update your WordPress site - since the process involves changing PHP files.
- myVesta
- Site Admin
- Posts: 800
- Joined: Fri Jun 19, 2020 9:59 am
- Has thanked: 4 times
- Been thanked: 5 times
Try.
The solution is not perfect for every scenario, for example, if some plugin put custom .php script inside /wp-content/uploads/ - that .php script will definitely fail execution.
However, we successfully locked few WordPress sites that have WooCommerce, without any problem.
The solution is not perfect for every scenario, for example, if some plugin put custom .php script inside /wp-content/uploads/ - that .php script will definitely fail execution.
However, we successfully locked few WordPress sites that have WooCommerce, without any problem.