SICUREZZA

Controllare per vulnerabilità

owncloud:

https://owncloud.org/security/
https://hackerone.com/owncloud

http://www.cvedetails.com/vulnerability-list/vendor_id-11929/Owncloud.htm

wordpress:

http://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/

  1. no admin name user, no domain name as user (anche per db e ftp)
  2. Site always up-date
  3. controllare commenti chiusi ed iscrizioni utenti chiuse
  4. no login in wp-admin
  5. captcha on the login page/ no brute force
  6. ip list for bot
  7. https on login
  8. rewrite rule to 404 for admin area

 

WP-PLUGIN:

-Anti-Malware and Brute-Force Security by ELI

-iThemes Security (cloud solution, piuttosto invasiva)

-Sucuri (?!?! non aggiornato)