It is vital to be vigilant when deploying web applications such as WordPress, Drupal and Joomla, whilst these applications offer a plethora of functionality if incorrectly maintained they are vulnerable to attack.
The biggest problem is that many third party plugins for these applications require low permissions to be able to install and run, having lacks permissions opens the server up and makes it easier to compromise.
General Tips to keep your websites safe.
Never use 777 permissions on directories or files, this allows the files to be written to by every user on the server. As an example if you have a file or directory that is 777 and someone identifies that they could write a file into that directory which edits files outside of that directory.
On a Linux platform you can use the following 2 commands to identify directories that use vulnerable permissions:
For Directories:find /var/www/vhosts/example.com/httpdocs/ -type d -perm +022 -ls
For Files:find /var/www/vhosts/example.com/httpdocs/ -type f -perm +033 -ls
Where /var/www/vhosts/example.com/httpdocs is the location to the root of your hosting space. Once you have a list of the files change them to either 755 for directories and 644 for files. If a script requires 777 permissions you should either look at an alternative application to use or provide the permissions for installation and setup and then change them back to 755/644 after.
Use Mod_fcgi to secure hosting space and prevent scripts being executed if not owned by a specific user. Within Plesk you can activate this by going to "Web Hosting Settings" for the domain and then next to "PHP Support" select FastCGI Application. This unfortunately causes a overhead on the server so if you have lots of websites make sure to optimize Apache and code to run as efficiently as possible.
Disable Anonymous FTP
Use Plesk Firewall Module or IPTables to only allow FTP and SSH access from a specific IP addresses. Ideally this is used in conjunction with a static IP address, unfortunately not everyone has this available to them and asking your internet provider is the best way to find out. If you unable to have a static IP address you can still limit the firewall to allow IP addresses from a range such as 192.168.2.0/24 which will allow all IP's in the range 192.168.2.1 to 192.168.2.255 or 192.168.0.0/16 which allows 192.168.1.1 to 192.168.255.255, helpful if you know the IP range that gets issued to you by your ISP.
The biggest problem is that many third party plugins for these applications require low permissions to be able to install and run, having lacks permissions opens the server up and makes it easier to compromise.
General Tips to keep your websites safe.
Never use 777 permissions on directories or files, this allows the files to be written to by every user on the server. As an example if you have a file or directory that is 777 and someone identifies that they could write a file into that directory which edits files outside of that directory.
On a Linux platform you can use the following 2 commands to identify directories that use vulnerable permissions:
For Directories:find /var/www/vhosts/example.com/httpdocs/ -type d -perm +022 -ls
For Files:find /var/www/vhosts/example.com/httpdocs/ -type f -perm +033 -ls
Where /var/www/vhosts/example.com/httpdocs is the location to the root of your hosting space. Once you have a list of the files change them to either 755 for directories and 644 for files. If a script requires 777 permissions you should either look at an alternative application to use or provide the permissions for installation and setup and then change them back to 755/644 after.
Use Mod_fcgi to secure hosting space and prevent scripts being executed if not owned by a specific user. Within Plesk you can activate this by going to "Web Hosting Settings" for the domain and then next to "PHP Support" select FastCGI Application. This unfortunately causes a overhead on the server so if you have lots of websites make sure to optimize Apache and code to run as efficiently as possible.
Disable Anonymous FTP
Use Plesk Firewall Module or IPTables to only allow FTP and SSH access from a specific IP addresses. Ideally this is used in conjunction with a static IP address, unfortunately not everyone has this available to them and asking your internet provider is the best way to find out. If you unable to have a static IP address you can still limit the firewall to allow IP addresses from a range such as 192.168.2.0/24 which will allow all IP's in the range 192.168.2.1 to 192.168.2.255 or 192.168.0.0/16 which allows 192.168.1.1 to 192.168.255.255, helpful if you know the IP range that gets issued to you by your ISP.