[PRIO] Sécurité
BACKLOG
API wp-json Disable ! (attention au listing des users ⇒ on peut brutforce sur X users)
xmlrpc.php → a lock ! → WHITELIST l'ip tool ? → wp cli
apache
<file xmlrpc.php>
deny from all
</file>
wp scan → identifie les failles
prefix table ?
Désactiver le numero de version.
Bedrok → WP
offusquer wordpress ?
/wp-content/(plugins/themes)
public/style.css
Freelance → Bloqué les ACL
Bloqué :
plugin
themes
capabilities
settings
- PURGE plugin inutilisé
https://kinsta.com/fr/blog/securite-wordpress/
SSO copylaunch to admin WORDPRESS ?
→ ACL
capabilities → for each → their post
