Access Denied: Keeping yourself off an attacker’s radar

Paul Gilzow (wpDirAuth, Presentation) Locking down recon to reduce ability to detect (fingerprint) what’s running. Counter measures Use apache mod_authz File protection protect wp-content (no reason for php files to be able to be directly executed in wp-content, implicitly deny everything and whitelist things that are allowed—things that need to be downloaded as […]