aelius Posted June 13, 2012 Report Share Posted June 13, 2012 (edited) Nu folosesc pentru ca nu au un certificat SSL valid. Setarea precizata de tine este utila doar daca este instalat un certificat SSL. In plus, nu vad ce are deaface certificatul ssl si conexiunea securizata cu plugin-urile vulnerabile.SSL este doar pentru a asigura un mediu confidential de comunicare intre client si server.Cel mai bine, faci disable la functiile php considerate a fi cu grad mare de risc, setezi php_admin_value in documentroot, utilizezi cat mai putine plugine in wordpress iar cele ce le folosesti, le verifici in prealabil, instalezi mod_security2 pe apache, iar toate astea nu fac decat sa minimizeze probabilitatea ca site-ul sa fie afectat de vulnerabilitati.Apropo de setari SSL in wp-config.php:define('FORCE_SSL_LOGIN', true);define('FORCE_SSL_ADMIN', true);Daca vrei sa-ti faci tot site-ul (wp) accesibil pe https (SSL): https://www.rtfm.ro/diverse/wordpress-over-https/Site-ul din exemplul tau, gigaom dot com:hp ~ # openssl s_client -connect gigaom.com:443CONNECTED(00000003)depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.comverify error:num=19:self signed certificate in certificate chainverify return:0---Certificate chain 0 s:/O=*.wordpress.com/OU=Domain Control Validated/CN=*.wordpress.com i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority 2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com 3 s:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com---Server certificate-----BEGIN CERTIFICATE-----MIIFWzCCBEOgAwIBAgIHTsRneEuflzANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5NjkyODcwHhcNMTAxMDE0MTEyOTI2WhcNMTUxMDE0MTEyOTI2WjBXMRgwFgYDVQQKEw8qLndvcmRwcmVzcy5jb20xITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEYMBYGA1UEAxMPKi53b3JkcHJlc3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8HVxtPIGCifPIjsKjiIkfLySgiljhGChFa+q5lfBQ3OvqF3tlDr1mU3+MKPtFjAA8bnfXG+cQCyHv/aiKyJboraK6XV4bO9AcgVtc4QYYRgL9pAvzNEPde6wMpBIsc5L+dKRdBkmo30wdHPDVOZOzEWtRwgqt723fEa34VtHmJltCLVkhJT4JsVnU2sQqaG+RlJJyGNgDujwdOuboo8tRkbq1allIQrF6QQCAvKbkZFPfDHdK4h2t0RvHoaivuaHJECZuw7St35J1LfbokNixHfHWzmhf7dy83Oz6wGmf7HSTQjGI92XGx73lJBWdnZ6pESAl0z0XvvNz+eyWH0WUwIDAQABo4IBtjCCAbIwDwYDVR0TAQH/BAUwAwEBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RzMS0yNC5jcmwwTQYDVR0gBEYwRDBCBgtghkgBhv1tAQcXATAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMIGABggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBKBggrBgEFBQcwAoY+aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgwFoAU/axhMpNsRdbi7oVfmrrndplozOcwKQYDVR0RBCIwIIIPKi53b3JkcHJlc3MuY29tgg13b3JkcHJlc3MuY29tMB0GA1UdDgQWBBS0LxcwXRnO4OGsS52wlrTIZXaqnzANBgkqhkiG9w0BAQUFAAOCAQEAHPpi8d4ryH89h3anScdwc/i9OXXd4frvWgUTaLqR/wowy8EIINBycbNttRccmBkexPrToi0pgmk5+MUukqc8USQ1r4dIxRN2EoSH2aWKop2UeY9oA5Yl0TO2dexEyl9IUWkFTl/r77deF4HcYP++9apntxxZpxw2N+0IMwLasPgT1JDLw4kJNwKvxBETYUqUPSGokHO5XGaFwVhcqDLLnRE/eSmfGcinzdgCFZHwW4oHOhz0kWTHfWkSu1QaAZg/5OuO1xur8FJWyq050CxPWyBkfroMLj2jzF/wFqiLNJko7PMeIg87UdxZlDb2e8jc+YDBz9923bBPalJoHeganA==-----END CERTIFICATE-----[B]subject=/O=*.wordpress.com/OU=Domain Control Validated/CN=*.wordpress.com[/B]issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287---No client certificate CA names sent---SSL handshake has read 4829 bytes and written 465 bytes---New, TLSv1/SSLv3, Cipher is AES256-SHAServer public key is 2048 bitSecure Renegotiation IS supportedCompression: NONEExpansion: NONESSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: EDD77E87C842096B8792D05478FD9F9D2169C87D9658D80ECBD845111BE84127 Session-ID-ctx: Master-Key: 589F7542057E1E83EB07828BCC6F319A3E262637E2FDFC21347E3ED1BEBBA21BFA972FAF0272136ABDC6066812D0F3DD Key-Arg : None Start Time: 1339596091 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain)---read:errno=0hp ~ # Edited June 13, 2012 by aelius Quote Link to comment Share on other sites More sharing options...
Wubi Posted June 13, 2012 Report Share Posted June 13, 2012 ^ Nimic de obiectat. Quote Link to comment Share on other sites More sharing options...
Vlachs Posted June 13, 2012 Report Share Posted June 13, 2012 Wp simplu este foarte sigur, nu este nevoie de 5k de protectii. Quote Link to comment Share on other sites More sharing options...
TSAshoBy Posted December 1, 2013 Report Share Posted December 1, 2013 Nu am inteles Quote Link to comment Share on other sites More sharing options...
