April 2011
Intermediate to advanced
432 pages
11h 1m
English
book
CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone®
by Tom Canavan
Content preview from CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone®Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Configuring PHP for Secure Operation
PHP is the language of three of the four CMSs spotlighted in this book. Joomla!, Drupal, and WordPress are written in PHP.
PHP is an interpreted language, meaning that the commands are acted upon by a command-line processor added to the web server. This PHP processor module will generate a traditional web page from the commands. PHP has been around since 1994 and has a very actively maintained code base.
Securing PHP is important not only for your server and data, but also for others on the Internet. Running an older, insecure version of PHP is just the same as running a vulnerable server. Fortunately, you can secure PHP fairly easily.
This section covers various security tools and processes, as well as a little about the php.ini configuration file.
suPHP
One of the first items of business is to determine (if you do not know) what the baseline of your PHP software is. Ideally, you want to be running suPHP, which is a tool that forces PHP scripts (like your CMS) to be executed with the permissions of their owners.
suPHP is a great tool to use to ensure that you are running PHP in a very secure fashion. If you are using a managed virtual private server (VPS) or dedicated server at a hosting company, a quick telephone call to the support staff can help you establish if you are running it.
The next method is to try to set folder permissions to 777. If you're running suPHP, you'll get a 500 Internal Error when you browse.
phpinfo
PHP has a great ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.