Wordpress Stuff

Title: Protect Your Admin folder in WordPress by Limiting Access in .htaccess

/var/www/info.crouse.org/wp-admin/.htaccess
 #AuthUserFile /dev/null
 #AuthGroupFile /dev/null
 AuthName "WordPress Admin Access Control"
 AuthType Basic
 <LIMIT GET>
 order deny,allow
 deny from all
 allow from 64.129.121.111 #Did not work, because it's internal, but just in case
 allow from 10.52.2.27  #Rich's machine
 </LIMIT>
https://www.wpbeginner.com/wp-tutorials/protect-your-admin-folder-in-wordpress-by-limiting-access-in-htaccess/

Title: Directory listing of Info Site's data

/var/www/info.crouse.org/wp-content/uploads/.htaccess  Options -Indexes
https://stackoverflow.com/questions/7840323/apache-deny-listing-directory-but-allow-access-to-all-subfolders


Title: "XML-RPC server accepts POST requests only"
/var/www/info.crouse.org/.htaccess
 <files xmlrpc.php>
 Order allow,deny
 Deny from all
 </files>
https://www.rosehosting.com/blog/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack/
https://www.greengeeks.com/tutorials/article/how-to-enable-and-disable-xmlrpc-php-in-wordpress-and-why/

Title: Errata
https://www.codeinwp.com/blog/secure-your-wordpress-website/


Title: .htaccess not working apache
sudo a2enmod rewrite
sudo nano /etc/apache2/sites-available/000-default.conf
 <Directory "/var/www/html">
   AllowOverride All
 </Directory>

https://stackoverflow.com/questions/12202387/htaccess-not-working-apache


WordPress - Make is so users can update automatically

# PHP LDAP - for the LDAP login feature

sudo apt-get install php-ldap

sudo chown -R www-data:www-data /var/www/cnnwpt/wp-content/uploads

sudo chmod -R 755 /var/www/cnnwpt/wp-content/uploads

sudo chown -R www-data:www-data /var/www/cnnwpt/wp-content/themes

sudo chmod -R 755 /var/www/cnnwpt/wp-content/themes

sudo chown -R www-data:www-data /var/www/cnnwpt/wp-content/plugins

sudo chmod -R 755 /var/www/cnnwpt/wp-content/plugins

https://www.turnkeylinux.org/forum/support/20130531/cannot-upload-wordpress-media-library-wordpress-appliance

adduser --system --no-create-home wp_ftp_user

sudo addgroup wp_ftp_user www-data


define( 'WP_DEBUG', false );

chmod -R 755 .

define( 'FS_METHOD', 'direct' );

define( 'FTP_BASE', '/var/www/cnnwpt/' );

define( 'FTP_CONTENT_DIR', '/var/www/cnnwpt/wp-content/' );

define( 'FTP_PLUGIN_DIR', '/var/www/cnnwpt/wp-content/plugins/' );

define( 'FTP_USER', 'wp_ftp_user' );

define( 'FTP_PASS', 'P@$$w0rd' );

define( 'FTP_HOST', 'localhost' );

define( 'FTP_SSL', false );

chown -R www-data:www-data /var/www/cnnwpt

sudo apt install vsftpd

sudo cp /etc/ssl/certs/ca-certificates.crt /var/www/html/wp-includes/certificates/ca-bundle.crt

Block wp-admin from all IPs - Only allow certain IPs

<Files wp-login.php>                                                                    

#allow from xx.xxx.xx.xx                                                                

allow from  1.2.3.4

deny from all

</Files>

authLDAP


URI = ldap://USER:PASSWORD@snet.crouse.org:389/dc=snet,dc=crouse,dc=org

User-Read = checked

Filter = (sAMAccountName=%s)

Name-attribute = givenName

Second Name Attribte = sn

User-ID Attribute = sAMAccountName

Mail Attribute = mail

Groups for Roles

Group-Attribute = memberOf

Group-Separator = _

Group-Filter = (&(objectClass=user)(sAMAccountName=%s)(memberOf=*))

Administrator = CN=Domain Admins,OU=DomainUsers,DC=snet,DC=crouse,DC=org_CN=GRP-StudenFormsAdmins,OU=PROD,OU=Groups,OU=Crouse Hospital,DC=snet,DC=crouse,DC=org