Full Stack Security Hardening

$600.00 $500.00

Don’t let your WordPress site be the victim of malicious hacks. We implement the most important security steps against potential threats to reduce the likelihood of disastrous attacks. We provide a full stack hardening service: WordPress core and server host.

SKU: sec204

Description

Don’t let your WordPress site be the victim of malicious hacks. We implement the most important security steps against potential threats to reduce the likelihood of disastrous attacks. We provide a full stack hardening service: WordPress core and server host.

The extensive list that our comprehensive WordPress hardening service covers is described below.

Hardening WordPress and PHP

It’s mission-critical to harden WordPress and your PHP files as much as possible to protect your server, your content, and your visitors from dangerous exploits.

  • Change WordPress keys and salt keys
  • Change WordPress file permission
  • Change WordPress directory permission
  • User audit (remove unused users, rename sensitive users, lock suspicious users)
  • Disable file editing
  • Enable two-factor authentication
  • Remove WordPress version metatags
  • Remove unused plugins and themes
  • Remove version from Stylesheet
  • Remove version from Script
  • Change WordPress table prefix
  • Change default login URL
  • Disable XMLRPC
  • Disable WP API JSON
  • Enable automatic core updates
  • Disable trackbacks and pingbacks
  • Disable WordPress emoji’s
  • Force SSL user login
  • Force SSL admin login
  • PHP hardening
  • Configure FastCGI Process Manager (FPM)
  • Remove php version header
  • Update PHP
  • Update WordPress plugins and themes
  • Update WordPress
  • WordPress Backup

Hardening database server (MySQL/MariaDB)

Protect your customers’ data. We follow the principle of “Least Privilege”. That means each application using MySQL should have its own user with limited privileges, accessing only the databases it needs to run. Global privileges are excluded, except for root, backup user, monitoring user, replication user.

  • Remove anonymous users
  • Remove users without password
  • Disallow remote users
  • Disable SHOW DATABASES
  • Disable LOCAL INFILE LOAD DATA
  • Remove test database
  • Change WordPress table prefix
  • Set root password
  • Obfuscate the root account
  • Run MySQL/MariaDB with mysql account (not root)
  • Enable MySQL/MariaDB Logging
  • Set appropriate permission on MySQL/MariaDB files
  • Delete MySQL/MariaDB shell history (.mysql_history)
  • Change MySQL/MariaDB default port
  • Bind database server to a local socket, or loopback address
  • Encryption of data at rest
  • Encryption of data in transit
  • MySQL/Mariadb database backup
  • Update MySQL/Mariadb database server

Hardening webserver (Nginx/Apache)

Webserver is the front line of your site. It is instrumental in securing WordPress. Relying on native webserver core settings eliminates the need to install and maintain extra third-party plugins that may slow down your WordPress website.

  • Implement SSL Certificate
  • Disable weak SSL/TLS protocols
  • Disable weak cipher suites
  • Secure Diffie-Hellman for TLS
  • Disable unwanted HTTP methods
  • Enable HTTP2
  • Enable security headers (Expect-CT, X-XSS Protection, X-FRAME-OPTIONS, and more)
  • Block file injection
  • Block SQL injection
  • Block common exploit
  • Block scripts from being executed (pl|cgi|py|sh|lua and more)
  • Disable PHP file execution
  • Block access to sensitive WordPress files (wp-config.php, wp-login.php, upgrade.php, and more)
  • Disallow access to parts of WordPress wp-includes folder
  • Block scripts from being executed from WordPress uploads folder
  • Block WordPress username enumeration
  • Disable directory browsing
  • Remove Nginx/Apache version header
  • Disable any hotlinking
  • Update Nginx/Apache webserver

Hardening Linux operating system

Hardening is the process of securing a system by reducing its surface of vulnerability. Securing your Linux server is important to protect your website.

  • Operating System check
  • Kernel security check
  • Audit of users
  • Audit/Removal of SUID/GUID binaries
  • IPtables configuration check
  • Close open ports with IPtables
  • Protecting from DDoS attacks with IPtables
  • Malware scanner (Rootkit Hunter, Clamav, Chkrootkit)
  • OpenSSH configuration check
  • Protect SSH from brute-force attacks
  • Disable SSH Password-based Authentication
  • Changing SSH Default Port
  • Secure /tmp /var/tmp /dev/shm
  • Stop unnecessary processes
  • Enhanced log rotation with Logrotate
  • Install and configure Logwatch
  • Install and configure Fail2Ban
  • Disable open DNS recursion
  • Server backup

Reviews

There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

Need help? Call 507.774.0084

Talk with an expert, FREE consultation

Contact Us

Talk with an expert. We’re here to help!