IT Support Small Medium Business

part II : how to secure wordpress server and other LAMPs

In part I, we discussed how to secure wordpress server and other LAMPs by securing individual software components. Overall security of a wordpress server or other LAMP application server relies on more than secure configurations of its software components. The goal of practicing Information Security is to maintain CIA of a valuable resource, wherein CIA stands for Confidentiality, Integrity, and Availability.

A few quick run-through of best practices everyone can apply to ensure CIA of a wordpress server or other LAMP. As time allows, I’ll elaborate item by item.  You can leave a comment in annoucement of this article to tell us which item you’d like get explained or expanded on first.

• DRP (disater recovery planning) and exercises
  • periodic and religious backup
  • off-site archiving of backups and exercise backup media retrieval & actual data restore
  • exercise and document procedures to recover from different disaster scenarios
  • consider warm-standby or cold-backup server, system, and site.
• proper logging for performance, usability, audit, and intrusion detection
  • separate PHP log from Apache
  • separate firewall logs from system logs
  • log to a remote syslog server then to the local syslog server
• automated and ad-hoc log correlation, reporting, and alerting
  • A system monitor or NMS can be used to pull various log and alert is set for certain trigger events
  • logwatch for system logs. The report is sent to root by default on a stock FC6 and CentOS 4 system.
  • AWStats or webtrend can be used to study aggregated statistics on page serving.
  • Google webmaster tools or Goole Analytics to analyze interactions between the readership (or hackers wannabe) and your wordpress server
• proper log rotation, safe-keeping, and archiving
  • rotatelogs can be used as a helper
  • mod_log_rotate
• performance tuning and capacity planning
  • define performance metrics for your site
  • monitor constantly to establish baseline for the performance metrics as well as a set of related operating parameters.
  • Apache (start/minSpare/maxSpare/keepalive/logbuffer/deflate)
  • pre-compile a popular post to a static page
  • put /wordpress on a ramdisk or even plain tmpfs
  • add a front-end cache server using SQUID or even a hardware cache server or outsourced to Akamai-type global cache providers.

• 

• Pages

  • About
    • GnuPG Public Key
  • CentOS, a white-box twin of RHEL
    • useful RPMs for CentOS 4
  • Glossary
  • how to promote your site
  • SMB challeges :: manage information security
    • part I : how to secure wordpress server and other LAMPs
    • part II : how to secure wordpress server and other LAMPs
    • vulnerability assessment tools
  • System Monitors
    • NMS lineup
    • what to monitor
  • useful RPMs for Fedora Core Linux 6

• Archives

  • June 2008
  • May 2008
  • February 2008
  • January 2008
  • December 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007

• Meta

  • Register
  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress

Google AdSense Almost Spring Theme by David Law, based on Almost Spring theme · XHTML · CSS
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
Copyright 2006-2007 DryChilli Group. All rights reserved to the authors and DryChilli Group.