When we manage/administrate a WordPress (WP) website publicly accessible to the Internet, two things are important to considerate/thinking about in these days:
The first one is that he implement the security patch in the newer versions, so to keep your website far from known (public) vulnerabilities is mandatory to continuous update the Core of the Content Management Systems (CMS), the same works to themes and plugins. This subject comprehends the nineth topic of the OWASP Top 10 2013 – The Top Ten Most Critical Web Application Security Risks (A9 Using Components with Known Vulnerabilities)[1].
The second one is the constant possibility of be compromised/defaced or hijacked (web ransomware), according to the Website Hacked Trend Report 2016 (Sucuri Company) [2] the WordPress leads the market share with 60% of the adoption between the well-known CMS (Joomla, Drupal and Magento). And following this number, the occurence of security incidents in the WordPress is also more than the others, with 11.000 happened in the first semester of this year, 75% was in the WP platform.
Using some command lines through remote terminals simplifies this task (and also allows some automation).
About the first point mentioned, one notable free tool is the WP-CLI [3], it can list/activate/deactivate plugins/themes, showing which one need to update, and also can update the Core of the WordPress. When we talk about one single website this procedure can be done easily in the web interface, but when this number increases more than two it becomes more harder/painful to perform.
Some examples of this procedure are shown below:
List plugins or theme:
$ wp [plugin/theme] list
Activate/Deactivate plugins or Theme:
$ wp [plugin/theme] activate [Plugin_name/Theme_name]
$ wp [plugin/theme] deactivate [Plugin_name/Theme_name]
Update Plugin or Theme:
$ wp [plugin/theme] update [Plugin_name/Theme_name]
OR
$ wp [plugin/theme] update –all
Update the Core and WordPress database information:
$ wp core [update/update-db]
About the second point mentioned, the best way to fast recovery to this situation is proceeding a periodic backup routine of the database and website file. The WP-CLI allows to perform a dump of the database with only one short command line:
Database Dump:
$ wp db export;
Database Restore:
$ wp db import [SQL_file_dump];
Related to the website files we can use the TAR command line (native in most of the Linux distributions):
Backup:
tar -cvzf backup_file.tar.gz [website_Root_directory/]
Recovery:
tar -xvf backup_file.tar.gz -C [website_Root_directory/]
[su_box title=”About Icaro Torres” style=”noise” box_color=”#336588″][short_info id=’61896′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.