Last week I did an article on increasing your WordPress security. This week I want to go over some useful shell commands that will let you know what’s going wrong with your security and then how to fix them. Most of these commands are going to be useful commands involving the
Even though these are all pretty much the same
find command with a few things changed, they should still be helpful. I like having them all here with the ability to copy-paste everything too – being lazy FTW! You can either use them or just check out the techniques to come up with your own commands – either way you will hopefully learn something new.
BEWARE! I don’t take any responsibility for you messing up your server. Think carefully before executing any of the commands below – especially those that actually change file permissions or ownership. Look over everything extremely carefully and make sure the command you are executing will work on your server in your case.
In all the scripts you will find below, you will find the path
/path/to/wordpress/installs/. This is the path to all your WordPress installs should you have more than one on your server. All the scripts are making the assumption that you manage more than one site on your server.
Also note that some of the scripts will contain the path
/httpdocs. This folder might not exist at all on your server so be sure to check out how your WordPress installations are put onto your server.
Find All 777 Directories
The following shell script will give you a list of all directories (including subdirectories) that have
777 file permissions. If you read my previous article on security then you know that you should go about changing these so hopefully this list will help.
If you want to output the list of directories to a file then you can use the following addition:
Change Permissions on All 777 Directories
This command uses the technique of chaining a
find command with an
exec to execute a
chmod on the results of the
find. You can use this to do a lot of things and I would highly recommend getting familiar with this technique. It’s extremely useful all the time I find so try it out and practice it as much as you can – you’ll be happy to have it in your bag of tricks.
Find All Upload Folders Without Apache Ownership
The following script will allow you to find all the upload folders (it will also give subfolders) where the ownership is not
apache. Note that if your server requires a different owner then change the
apache portion of this script.
You may also notice that this script finds the folders where
apache is neither the owner or the group. If you want just one or the other take out the portion that says
! -user apache (for the user) or
! -group apache (for the group).
Change All Upload Folders Without Apache Ownership to Apache Ownership
This command uses the same technique that we used when changing all permissions on 777 directories. We use the same command when finding all folders without
apache ownership and then simply execute a recursive
Find All .htaccess Files Without 644 Permissions
For those of you who don’t know, your
.htaccess file should have
644 permissions. This script will find all the
.htaccess files that don’t have this permission set.
Change All .htaccess Files Without 644 Permissions
This command uses the same technique that we used when changing all permissions on 777 directories but instead of directories we just do it with a file. We use the same command when finding all
644 permissions and then simply execute a
chmod command on all of them.
Check for Brute Force
The following example will show you how to check who is trying to brute force into your website. Please note that these scripts again assume that your
access_logs are located in the same location as on my server once you are in the path to all your WordPress installs. The first script below will display all the IP addresses that are accessing your server and how many times in the last day they have accessed your site (assuming your access_logs only keep one day’s worth of info). This is sorted so that the IP address at the bottom of the output will be the one that has accessed your server the most.
Next you’ll want to perform the following command on any IP addresses that have pinged your server an inordinate amount of times. Once you run this command it will show what the exact request from the IP address was – so if you see a bunch of
POST requests to
wp-login.php page then that person is definitely try to brute force you.
From there you can use the All In One WP Security & Firewall plugin to blacklist the IP address if it hasn’t been blacklisted automatically by the plugin already. Note that I use an obviously fake IP address but you’ll want to replace that with the ones you find from the first command.
As always thank you for reading and please share it around as much as you can! Please feel free to put any suggestions or ideas for future tutorials in the comments section below. Include any awesome shell scripts or commands you use on your own WordPress server!