Plugin to completely lockdown the wordpress filesystem so that no hacker can write to it.
Author: | Marc Arbour (profile at wordpress.org) |
WordPress version required: | 4.0.0 |
WordPress version tested: | 4.4.32 |
Plugin version: | 1.0 |
Added to WordPress repository: | 09-03-2016 |
Last updated: | 09-03-2016
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
Rating, %: | 0 |
Rated by: | 0 |
Plugin URI: | http://marcarbour.ca |
Total downloads: | 1 038 |
Active installs: | 10+ |
Click to start download
|
I created this plugin because I am tired of having my WordPress sites being hacked. It is used to completely lock the filesystem with the help of a bash script. The said script is external from the website and ran via cron so you need cron access to make this work. Otherwise, this plugin is useless to you.
This plugin has a known bug. See FAQs.
FAQ
I use a captcha, database backup or “the like” plugin that needs to write to the filesystem. Will it be locked as well ?
Yes it will. And these plugins will “break”. Such scripts are rarely made for writing elsewhere then the webserver’s directories. As such, you could midofy the lock script to get it to unlock a specific directory after having locked them all. But what would be the point? A hacker could then use this to hack your site anyways.
Can I still use my “the like” plugins with this locking script ?
Yes you could. Either you get them to write elsewhere (then the webserver’s directories) and make sure that they won’t update with their respective author’s updates or you do this another way since you have cron (thus shell) access.
My advice : don’t open a door. Hackers like opened doors. Change the way you do things and you’ll get results you never had…. Security and protection.
Who can unlock the filesystem ?
By default, only people with edit_posts permissions and up can do this. This being because if you can edit a post, well, you could need to upload a picture to put into your post.
Are there any known bugs ?
No known bugs exist at this time. Please notify any and all bugs to the support forums on the plugin’s page.
ChangeLog
1.1
- Transformed all admin pages request into admin_url( $path, $scheme ) instead of hardcoding paths.
1.0