{"id":14510,"date":"2022-04-13T14:50:26","date_gmt":"2022-04-13T12:50:26","guid":{"rendered":"https:\/\/hesmid.nl\/test\/?p=14510"},"modified":"2022-04-13T14:50:27","modified_gmt":"2022-04-13T12:50:27","slug":"wp-cli-secure-all-single-command-wordpress-security","status":"publish","type":"post","link":"https:\/\/hesmid.nl\/test\/wp-cli-secure-all-single-command-wordpress-security\/","title":{"rendered":"WP-CLI secure all &#8211;  Single-command WordPress security!"},"content":{"rendered":"\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-hack-the-wp wp-block-embed-hack-the-wp\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"qjwJz9wCfP\"><a href=\"https:\/\/hackthewp.com\/\">HomePage<\/a><\/blockquote><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;HomePage&#8221; &#8212; Hack The WP\" src=\"https:\/\/hackthewp.com\/embed\/#?secret=HT3SrIBjKd#?secret=qjwJz9wCfP\" data-secret=\"qjwJz9wCfP\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p><a href=\"https:\/\/hackthewp.com\/\">https:\/\/hackthewp.com\/<\/a><\/p>\n\n\n\n<p>NEW feature in <strong>>wp-cli<\/strong> to secure any WordPress instance in just 60 seconds.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">One command to rule them all \ud83e\udd18<\/h2>\n\n\n\n<p>80% of the attacks to WordPress instances could be mitigated by simply applying common security best practices [1].<\/p>\n\n\n\n<p><strong>wp secure all<\/strong> exactly does that for you. Via <strong>wp secure all<\/strong> common best practices are applied proactively, and you are ready to go.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What\u2019s covered by secure all?<\/h2>\n\n\n\n<p>The security vulnerabilities identified in 2012 [2] are still the security vulnerabilities of today [1].<\/p>\n\n\n\n<p><strong>wp secure all<\/strong> made it its mission to fix this grievance and make security the defacto standard.<\/p>\n\n\n\n<p>By executing <strong>wp secure all <\/strong>security best practices such as:<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Fix permissions<\/h5>\n\n\n\n<p>Set the correct permissions of all files &amp; directories in your WordPress installation.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Set security headers<\/h5>\n\n\n\n<p>We add HSTS (Strict-Transport-Security), X-XSS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Disable file editor<\/h5>\n\n\n\n<p>Prevents hackers from using file editor on your WordPress Dashboard.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Prevent PHP execution on sensitive locations<\/h5>\n\n\n\n<p>To extend security, you can block direct access to PHP files in plugins, themes, wp-includes and uploads.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Block access to sensitive stuff<\/h5>\n\n\n\n<p>Prevent hackers from accessing sensitive files and directories.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">And many more \u2026<\/h5>\n\n\n\n<p>See the README for an overview of all features.<\/p>\n\n\n\n<!--more-->\n\n\n\n<h2 class=\"wp-block-heading\">Why not using a plugin instead?<\/h2>\n\n\n\n<p>Security Plugins mitigate some security vulnerabilities, but also introduce new attack vectors. Security researchers show that WordPress Security Plugins are <em>\u201efailing entirely and even the most effective plugins failing to identify significant vulnerabilities\u201c<\/em> [3].<\/p>\n\n\n\n<p><strong>wp secure all<\/strong> on the other hand is integrated in the WP CLI tool, passes multiple quality reviews, and fixes common security vulnerabilities without adding additional attack surfaces.<\/p>\n\n\n\n<p>[1]: WORDPRESS.ORG, 2021, \u201eHardening WordPress\u201c. WordPress.org Forums [online]. 3 May 2021. [Accessed 20 March 2022].<\/p>\n\n\n\n<p>[2]: KOSKINEN, Teemu; et al.; \u201eQuality of WordPress plug-ins: an overview of security and user ratings\u201c. In: 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing. IEEE, 2012. S. 834-837.<\/p>\n\n\n\n<p>[3]: MURPHY, Daniel T.; et al.; \u201ePlugins to detect vulnerable plugins: An empirical assessment of the security scanner plugins for wordpress\u201c. In: 2021 IEEE\/ACIS 19th International Conference on Software Engineering Research, Management and Applications (SERA). IEEE, 2021. S. 39-44.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What does secure all not do?<\/h2>\n\n\n\n<p><strong>WP CLI Secure<\/strong> is part of the WP CLI and has the single purpose to secure your WordPress instance with one click.<\/p>\n\n\n\n<p>However, it does not provide monitoring and alerting in case of malware injection. Also, WP CLI Secure is not a replacement for the ModSecurity, fail2ban and properly configured web server and firewall rules.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>https:\/\/hackthewp.com\/ NEW feature in >wp-cli to secure any WordPress instance in just 60 seconds. One command to rule them all \ud83e\udd18 80% of the attacks to WordPress instances could be mitigated by simply applying common security best practices [1]. wp secure all exactly does that for you. Via wp secure all common best practices are [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[159,17],"tags":[29],"acf":[],"_links":{"self":[{"href":"https:\/\/hesmid.nl\/test\/wp-json\/wp\/v2\/posts\/14510"}],"collection":[{"href":"https:\/\/hesmid.nl\/test\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hesmid.nl\/test\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hesmid.nl\/test\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hesmid.nl\/test\/wp-json\/wp\/v2\/comments?post=14510"}],"version-history":[{"count":1,"href":"https:\/\/hesmid.nl\/test\/wp-json\/wp\/v2\/posts\/14510\/revisions"}],"predecessor-version":[{"id":14511,"href":"https:\/\/hesmid.nl\/test\/wp-json\/wp\/v2\/posts\/14510\/revisions\/14511"}],"wp:attachment":[{"href":"https:\/\/hesmid.nl\/test\/wp-json\/wp\/v2\/media?parent=14510"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hesmid.nl\/test\/wp-json\/wp\/v2\/categories?post=14510"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hesmid.nl\/test\/wp-json\/wp\/v2\/tags?post=14510"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}