Comment on WordPress Security Basics Series Pt.3 – Web Hosting Isolation by Valentin Born.
I have seen hosters, though, where every client had read access to every other client account—that, of course, means only one thing: run!
Recent Comments by Valentin Born
Eliminate Hacker Files With The WordPress File Security Bouncer
Also:
google*.html (for site verification)
Eliminate Hacker Files With The WordPress File Security Bouncer
Hi Paul, thanks for this feature. Haven’t had a chance to look at it, but, if not present already, maybe a user-editable textarea for an additional exclude list would be helpful?
Other candidates for the standard exclude list:
.htaccess* (for backups/tests)
user.ini (without leading dot)
/piwik/ (for the top-level scanner)
WordPress Site Management At Scale: Part 1 – The DNS Silo
> get DNS hosting off your web server.
Absolutely — gladly, I think most people have, already. At least if on shared hosting. Just like email and webmail, I see few hosters that still cram those onto their webservers; MySQL is still a different matter, with some, unfortunately.
Generally, good point about siloing; on root/vServers, we should definitely silo services off with virtualisation/containerisation.