Jump to content
aelius

Securitatea Wordpress

By aelius, in Tutoriale in romana

Recommended Posts

aelius Grand Master

aelius

Posted
Posted (edited)

Nu folosesc pentru ca nu au un certificat SSL valid. Setarea precizata de tine este utila doar daca este instalat un certificat SSL. In plus, nu vad ce are deaface certificatul ssl si conexiunea securizata cu plugin-urile vulnerabile.

SSL este doar pentru a asigura un mediu confidential de comunicare intre client si server.

Cel mai bine, faci disable la functiile php considerate a fi cu grad mare de risc, setezi php_admin_value in documentroot, utilizezi cat mai putine plugine in wordpress iar cele ce le folosesti, le verifici in prealabil, instalezi mod_security2 pe apache, iar toate astea nu fac decat sa minimizeze probabilitatea ca site-ul sa fie afectat de vulnerabilitati.

Apropo de setari SSL in wp-config.php:


define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

Daca vrei sa-ti faci tot site-ul (wp) accesibil pe https (SSL): https://www.rtfm.ro/diverse/wordpress-over-https/

Site-ul din exemplul tau, gigaom dot com:


hp ~ # openssl s_client -connect gigaom.com:443
CONNECTED(00000003)
depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/O=*.wordpress.com/OU=Domain Control Validated/CN=*.wordpress.com
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
 2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
   i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
 3 s:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
   i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgIHTsRneEuflzANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY
BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlm
aWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5
IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5Njky
ODcwHhcNMTAxMDE0MTEyOTI2WhcNMTUxMDE0MTEyOTI2WjBXMRgwFgYDVQQKEw8q
LndvcmRwcmVzcy5jb20xITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRl
ZDEYMBYGA1UEAxMPKi53b3JkcHJlc3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA8HVxtPIGCifPIjsKjiIkfLySgiljhGChFa+q5lfBQ3OvqF3t
lDr1mU3+MKPtFjAA8bnfXG+cQCyHv/aiKyJboraK6XV4bO9AcgVtc4QYYRgL9pAv
zNEPde6wMpBIsc5L+dKRdBkmo30wdHPDVOZOzEWtRwgqt723fEa34VtHmJltCLVk
hJT4JsVnU2sQqaG+RlJJyGNgDujwdOuboo8tRkbq1allIQrF6QQCAvKbkZFPfDHd
K4h2t0RvHoaivuaHJECZuw7St35J1LfbokNixHfHWzmhf7dy83Oz6wGmf7HSTQjG
I92XGx73lJBWdnZ6pESAl0z0XvvNz+eyWH0WUwIDAQABo4IBtjCCAbIwDwYDVR0T
AQH/BAUwAwEBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0P
AQH/BAQDAgWgMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ29kYWRkeS5j
b20vZ2RzMS0yNC5jcmwwTQYDVR0gBEYwRDBCBgtghkgBhv1tAQcXATAzMDEGCCsG
AQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMIGA
BggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHku
Y29tLzBKBggrBgEFBQcwAoY+aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv
bS9yZXBvc2l0b3J5L2dkX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgwFoAU/axh
MpNsRdbi7oVfmrrndplozOcwKQYDVR0RBCIwIIIPKi53b3JkcHJlc3MuY29tgg13
b3JkcHJlc3MuY29tMB0GA1UdDgQWBBS0LxcwXRnO4OGsS52wlrTIZXaqnzANBgkq
hkiG9w0BAQUFAAOCAQEAHPpi8d4ryH89h3anScdwc/i9OXXd4frvWgUTaLqR/wow
y8EIINBycbNttRccmBkexPrToi0pgmk5+MUukqc8USQ1r4dIxRN2EoSH2aWKop2U
eY9oA5Yl0TO2dexEyl9IUWkFTl/r77deF4HcYP++9apntxxZpxw2N+0IMwLasPgT
1JDLw4kJNwKvxBETYUqUPSGokHO5XGaFwVhcqDLLnRE/eSmfGcinzdgCFZHwW4oH
Ohz0kWTHfWkSu1QaAZg/5OuO1xur8FJWyq050CxPWyBkfroMLj2jzF/wFqiLNJko
7PMeIg87UdxZlDb2e8jc+YDBz9923bBPalJoHeganA==
-----END CERTIFICATE-----
[B]subject=/O=*.wordpress.com/OU=Domain Control Validated/CN=*.wordpress.com
[/B]issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
---
No client certificate CA names sent
---
SSL handshake has read 4829 bytes and written 465 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: EDD77E87C842096B8792D05478FD9F9D2169C87D9658D80ECBD845111BE84127
    Session-ID-ctx: 
    Master-Key: 589F7542057E1E83EB07828BCC6F319A3E262637E2FDFC21347E3ED1BEBBA21BFA972FAF0272136ABDC6066812D0F3DD
    Key-Arg   : None
    Start Time: 1339596091
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
read:errno=0
hp ~ #

Edited by aelius

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...