When we manage/administrate a WordPress (WP) website publicly accessible to the Internet, two things are important to considerate/thinking about in these days:
The first one is that he implement the security patch in the newer versions, so to keep your website far from known (public) vulnerabilities is mandatory to continuous update the Core of the Content Management Systems (CMS), the same works to themes and plugins. This subject comprehends the nineth topic of the OWASP Top 10 2013 – The Top Ten Most Critical Web Application Security Risks (A9 Using Components with Known Vulnerabilities)[1].
The second one is the constant possibility of be compromised/defaced or hijacked (web ransomware), according to the Website Hacked Trend Report 2016 (Sucuri Company) [2] the WordPress leads the market share with 60% of the adoption between the well-known CMS (Joomla, Drupal and Magento). And following this number, the occurence of security incidents in the WordPress is also more than the others, with 11.000 happened in the first semester of this year, 75% was in the WP platform.
Using some command lines through remote terminals simplifies this task (and also allows some automation).
About the first point mentioned, one notable free tool is the WP-CLI [3], it can list/activate/deactivate plugins/themes, showing which one need to update, and also can update the Core of the WordPress. When we talk about one single website this procedure can be done easily in the web interface, but when this number increases more than two it becomes more harder/painful to perform.
Some examples of this procedure are shown below:
List plugins or theme:
$ wp [plugin/theme] list
Activate/Deactivate plugins or Theme:
$ wp [plugin/theme] activate [Plugin_name/Theme_name]
$ wp [plugin/theme] deactivate [Plugin_name/Theme_name]
Update Plugin or Theme:
$ wp [plugin/theme] update [Plugin_name/Theme_name]
OR
$ wp [plugin/theme] update –all
Update the Core and WordPress database information:
$ wp core [update/update-db]
About the second point mentioned, the best way to fast recovery to this situation is proceeding a periodic backup routine of the database and website file. The WP-CLI allows to perform a dump of the database with only one short command line:
Database Dump:
$ wp db export;
Database Restore:
$ wp db import [SQL_file_dump];
Related to the website files we can use the TAR command line (native in most of the Linux distributions):
Backup:
tar -cvzf backup_file.tar.gz [website_Root_directory/]
Recovery:
tar -xvf backup_file.tar.gz -C [website_Root_directory/]
[su_box title=”About Icaro Torres” style=”noise” box_color=”#336588″][short_info id=’61896′ desc=”true” all=”false”][/su_box]
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…