I want to build my sites with Wordpress files that can't be modified and dirs where new files can't be added inside container (Docker, LXC or OpenVZ). Static content with permission without possibilities to execute, that will served by another web server (can't execute php code). Database user still can insert/update/delete.
Updates will be provide by change wordpress root, and update database.
What security brakes that attackers can use in Wordpress, where files and dirs are unmodified and all permissions (include database) are right? How can this allow them exploite server?
For easy: Admin password was sniffed/whatever and Attacker has it.
PS: Sorry for my English
Regards.
Aucun commentaire:
Enregistrer un commentaire