top of page

Vulnerability Mitigation

Our team implemented the following to enhance the security of the website and server:

Enhanced Server Security

  1. Change default credentials for WordPress, Server, and MariaDB.

  2. Self-signed SSL certificate and HTTP to HTTPS Redirection for improved data transfer security and user trust.

  3. Disabled SSH port 22 access

  4. Limited server access to Cockpit via port 9090

  5. Implementation of Fail2Ban, AIDE, and Nagios for IDS/IPS and logging functionality

  6. Implementation of FirewallD as a managed firewall

Enhanced Website Security

  1. Implemented Multi-factor authentication for WordPress admin

  2. Updated WordPress version

  3. Disabled post, comment, and form capabilities to reduce vulnerabilities

  4. Revised file permissions to align with best practices

  5. Enhanced wp-config.php security by disabling file editing capabilities

  6. Installed and configured WordFence web-application firewall

    1. Account lockout enabled​

    2. API Key setup

    3. All recommendations implemented

  7. Setup additional plug-ins for security and backups

    1. WPHide - change WordPress Admin​

    2. Sucuri Firewall

    3. Two Factor Authentication

Setting up HTTPS Self-Signed Certificate

HTTPS Certificate Implemented.png

Disabling SSH/Port 22

Setting Up Cockpit

Installing Cockpit.png

Cockpit URL: https://10.96.32.236:9090/

Cockpit - disabling security risk - AllowZoneDrifting.png

Fail2Ban, AIDE, and Nagios Implementation

FirewallD Implementation

Enabling firewall on 10-7.png
Firewall - whitelisting IP addresses.png

WordPress MFA

WordPress MFA prompt.jpg

WordPress Plugins and Updates

WordPress Updated to 5.8.1.png

WordFence Setup and Configuration

WordFence - activated after whitelisting IPs.png
bottom of page