{"id":59,"date":"2009-12-22T23:05:10","date_gmt":"2009-12-22T22:05:10","guid":{"rendered":"http:\/\/www.yanael.com\/?p=59"},"modified":"2009-12-30T18:02:33","modified_gmt":"2009-12-30T17:02:33","slug":"securiser-wordpress","status":"publish","type":"post","link":"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/","title":{"rendered":"Securiser WordPress"},"content":{"rendered":"

S\u00e9curiser son blog sous WordPress<\/h1>\n

Etape 1 – Restreindre l’acc\u00e8s \u00e0 wp-content et wp-includes<\/strong><\/p>\n

Pour cela, utilisons le bon vieux fichier .htaccess<\/em> et modifions le afin de restreindre l’acc\u00e8s \u00e0 tous les fichiers images, CSS et Java \ud83d\ude09<\/p>\n

Exemple ci-dessous<\/em>
\n
\nOrder Allow,Deny
\nDeny from all
\n<files ~ \"\\.(css|jpe?g|png|gif|js)$\">
\nAllow from all
\n<\/files>
\n<\/code>
\nSi vous voulez faire des exceptions pour certains plugin, il suffit de renseigner le fichier
\nwp-content\/.htaccess :<\/em>
\n
\n<files \"votreplugin<\/strong>.php\">
\nAllow from all
\n<\/files>
\n<\/code>
\nMettez ce code dans votre .htaccess<\/em> dans les r\u00e9pertoires wp-content<\/em> et wp-includes<\/em><\/p>\n


\n<\/em><\/p>\n

Etape 2 – Restreindre l’acc\u00e8s \u00e0 wp-admin
\n<\/strong>
\nPour restreindre l’acc\u00e8s \u00e0 wp-admin<\/em> vous avez 2 possibilit\u00e9s. Mettez un fichier .htaccess<\/em> dans votre r\u00e9pertoire wp-admin<\/em> avec l’un des deux choix suivants :<\/p>\n

Restriction par IP:<\/strong>
\n
\norder deny,allow
\nallow from a.b.c.d # o\u00f9 abcd est votre ip statique
\ndeny from all
\n<\/code>
\nAvec \u00e7a, le navigateur refusera l’acc\u00e8s au r\u00e9pertoire dans lequel est plac\u00e9 le .htaccess<\/em> si l’ip n’est pas la bonne.<\/p>\n

Restriction par mot de passe sur le r\u00e9pertoire (fichier .htaccess et .htpasswd):<\/strong><\/p>\n


\nAuthUserFile \/etc\/httpd\/htpasswd
\nAuthType Basic
\nAuthName \"restricted\"
\nOrder Deny,Allow
\nDeny from all
\nRequire valid-user
\nSatisfy any
\n<\/code>
\nou version am\u00e9lior\u00e9e:<\/strong><\/p>\n

Un bug est g\u00e9n\u00e9r\u00e9 lorsqu’un utilisateur poste un commentaire sans laisser son adresse email, une boite de dialogue de mot de passe appara\u00eet. Cela survient car des fichiers image ou CSS sont situ\u00e9s \u00e0 l’int\u00e9rieur du r\u00e9pertoire wp-admin. Pour s’en sortir, vous pouvez rajouter cette r\u00e8gle qui d\u00e9sactive les fichiers .php mais autorise le reste. De cette mani\u00e8re vous \u00e9vitez beaucoup d’attaques directes et permet de mieux s\u00e9curiser vos r\u00e9pertoires avec toutes ces fonctions.<\/p>\n


\n<files ~ \"\\.(php)$\">
\nAuthUserFile \/etc\/httpd\/htpasswd
\nAuthType Basic
\nAuthName \"restricted\"
\nOrder Deny,Allow
\nDeny from all
\nRequire valid-user
\nSatisfy any
\n<\/files><\/code><\/p>\n

C’est d\u00e9j\u00e0 un bon pas, il reste encore a faire bien s\u00fbr, je pense aux traditionnels chmod entre autre, et nous verrons cela \u00e9galement.<\/p>\n

\"\"<\/a><\/p>\n

Annuaire Webmaster<\/a><\/p>\n \n","protected":false},"excerpt":{"rendered":"

S\u00e9curiser son blog sous WordPress Etape 1 – Restreindre l’acc\u00e8s \u00e0 wp-content et wp-includes Pour cela, utilisons le bon vieux fichier .htaccess et modifions le afin de restreindre l’acc\u00e8s \u00e0 tous les fichiers images, CSS et Java \ud83d\ude09 Exemple ci-dessous Order Allow,Deny Deny from all <files ~ “\\.(css|jpe?g|png|gif|js)$”> Allow from all <\/files> Si vous voulez […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0},"categories":[4,32],"tags":[35,36,33,304,34],"yoast_head":"\nSecuriser Wordpress | Tranches de Veek<\/title>\n<meta name=\"description\" content=\"S\u00e9curiser son blog sous Wordpress Etape 1 - Restreindre l'acc\u00e8s \u00e0 wp-content et wp-includes Pour cela, utilisons le bon vieux fichier .htaccess et\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Securiser Wordpress | Tranches de Veek\" \/>\n<meta name=\"twitter:description\" content=\"S\u00e9curiser son blog sous Wordpress Etape 1 - Restreindre l'acc\u00e8s \u00e0 wp-content et wp-includes Pour cela, utilisons le bon vieux fichier .htaccess et\" \/>\n<meta name=\"twitter:image\" content=\"http:\/\/www.dicoblog.com\/annuaire-blogs\/images\/miniblogo.png\" \/>\n<meta name=\"twitter:creator\" content=\"@ari0k\" \/>\n<meta name=\"twitter:site\" content=\"@ari0k\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"ari0k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/\"},\"author\":{\"name\":\"ari0k\",\"@id\":\"http:\/\/www.yanael.com\/wp\/#\/schema\/person\/aba6b325d853c0a1a94f3542c487c6d7\"},\"headline\":\"Securiser WordPress\",\"datePublished\":\"2009-12-22T22:05:10+00:00\",\"dateModified\":\"2009-12-30T17:02:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/\"},\"wordCount\":256,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/www.yanael.com\/wp\/#\/schema\/person\/aba6b325d853c0a1a94f3542c487c6d7\"},\"keywords\":[\"htaccess\",\"htpasswd\",\"securiser\",\"S\u00e9curit\u00e9\",\"wordpress\"],\"articleSection\":[\"Informatique\",\"S\u00e9curit\u00e9\"],\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/\",\"url\":\"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/\",\"name\":\"Securiser Wordpress | Tranches de Veek\",\"isPartOf\":{\"@id\":\"http:\/\/www.yanael.com\/wp\/#website\"},\"datePublished\":\"2009-12-22T22:05:10+00:00\",\"dateModified\":\"2009-12-30T17:02:33+00:00\",\"description\":\"S\u00e9curiser son blog sous Wordpress Etape 1 - Restreindre l'acc\u00e8s \u00e0 wp-content et wp-includes Pour cela, utilisons le bon vieux fichier .htaccess et\",\"breadcrumb\":{\"@id\":\"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"http:\/\/www.yanael.com\/wp\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securiser WordPress\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.yanael.com\/wp\/#website\",\"url\":\"http:\/\/www.yanael.com\/wp\/\",\"name\":\"Tranches de Veek\",\"description\":\"404 - C'est comme la vie, mais en plus Geek !\",\"publisher\":{\"@id\":\"http:\/\/www.yanael.com\/wp\/#\/schema\/person\/aba6b325d853c0a1a94f3542c487c6d7\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.yanael.com\/wp\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-FR\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"http:\/\/www.yanael.com\/wp\/#\/schema\/person\/aba6b325d853c0a1a94f3542c487c6d7\",\"name\":\"ari0k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"http:\/\/www.yanael.com\/wp\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8ce11527add5c4c8a0afb43e6cf75917?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8ce11527add5c4c8a0afb43e6cf75917?s=96&d=retro&r=g\",\"caption\":\"ari0k\"},\"logo\":{\"@id\":\"http:\/\/www.yanael.com\/wp\/#\/schema\/person\/image\/\"},\"sameAs\":[\"http:\/\/www.yanael.com\"],\"url\":\"https:\/\/www.yanael.com\/wp\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securiser Wordpress | Tranches de Veek","description":"S\u00e9curiser son blog sous Wordpress Etape 1 - Restreindre l'acc\u00e8s \u00e0 wp-content et wp-includes Pour cela, utilisons le bon vieux fichier .htaccess et","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/","twitter_card":"summary_large_image","twitter_title":"Securiser Wordpress | Tranches de Veek","twitter_description":"S\u00e9curiser son blog sous Wordpress Etape 1 - Restreindre l'acc\u00e8s \u00e0 wp-content et wp-includes Pour cela, utilisons le bon vieux fichier .htaccess et","twitter_image":"http:\/\/www.dicoblog.com\/annuaire-blogs\/images\/miniblogo.png","twitter_creator":"@ari0k","twitter_site":"@ari0k","twitter_misc":{"\u00c9crit par":"ari0k","Dur\u00e9e de lecture estim\u00e9e":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/#article","isPartOf":{"@id":"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/"},"author":{"name":"ari0k","@id":"http:\/\/www.yanael.com\/wp\/#\/schema\/person\/aba6b325d853c0a1a94f3542c487c6d7"},"headline":"Securiser WordPress","datePublished":"2009-12-22T22:05:10+00:00","dateModified":"2009-12-30T17:02:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/"},"wordCount":256,"commentCount":0,"publisher":{"@id":"http:\/\/www.yanael.com\/wp\/#\/schema\/person\/aba6b325d853c0a1a94f3542c487c6d7"},"keywords":["htaccess","htpasswd","securiser","S\u00e9curit\u00e9","wordpress"],"articleSection":["Informatique","S\u00e9curit\u00e9"],"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/","url":"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/","name":"Securiser Wordpress | Tranches de Veek","isPartOf":{"@id":"http:\/\/www.yanael.com\/wp\/#website"},"datePublished":"2009-12-22T22:05:10+00:00","dateModified":"2009-12-30T17:02:33+00:00","description":"S\u00e9curiser son blog sous Wordpress Etape 1 - Restreindre l'acc\u00e8s \u00e0 wp-content et wp-includes Pour cela, utilisons le bon vieux fichier .htaccess et","breadcrumb":{"@id":"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.yanael.com\/wp\/securiser-wordpress-59\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"http:\/\/www.yanael.com\/wp\/"},{"@type":"ListItem","position":2,"name":"Securiser WordPress"}]},{"@type":"WebSite","@id":"http:\/\/www.yanael.com\/wp\/#website","url":"http:\/\/www.yanael.com\/wp\/","name":"Tranches de Veek","description":"404 - C'est comme la vie, mais en plus Geek !","publisher":{"@id":"http:\/\/www.yanael.com\/wp\/#\/schema\/person\/aba6b325d853c0a1a94f3542c487c6d7"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.yanael.com\/wp\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"fr-FR"},{"@type":["Person","Organization"],"@id":"http:\/\/www.yanael.com\/wp\/#\/schema\/person\/aba6b325d853c0a1a94f3542c487c6d7","name":"ari0k","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"http:\/\/www.yanael.com\/wp\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8ce11527add5c4c8a0afb43e6cf75917?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8ce11527add5c4c8a0afb43e6cf75917?s=96&d=retro&r=g","caption":"ari0k"},"logo":{"@id":"http:\/\/www.yanael.com\/wp\/#\/schema\/person\/image\/"},"sameAs":["http:\/\/www.yanael.com"],"url":"https:\/\/www.yanael.com\/wp\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.yanael.com\/wp\/wp-json\/wp\/v2\/posts\/59"}],"collection":[{"href":"https:\/\/www.yanael.com\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yanael.com\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yanael.com\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yanael.com\/wp\/wp-json\/wp\/v2\/comments?post=59"}],"version-history":[{"count":0,"href":"https:\/\/www.yanael.com\/wp\/wp-json\/wp\/v2\/posts\/59\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.yanael.com\/wp\/wp-json\/wp\/v2\/media?parent=59"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yanael.com\/wp\/wp-json\/wp\/v2\/categories?post=59"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yanael.com\/wp\/wp-json\/wp\/v2\/tags?post=59"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}