Add link to OWASP WordPress Security Implementation Guideline

ataylorme / WordPress-Hosting-Best-Practices-Documentation

Other

84 stars 16 forks source link

Add link to OWASP WordPress Security Implementation Guideline #20

Closed ataylorme closed 6 years ago

ataylorme commented 6 years ago

Addresses #10

I'd prefer not to merge this until they fix the capitalization of WordPress. I've requested an account and plan to make the edit if the request is approved.

getsource commented 6 years ago

This guide doesn't seem very up to date (recommending Suhoshin, which I do not believe is actively developed or widely used anymore, is one example), and it doesn't seem to give guidance suitable for larger hosts with more varied installs.

As one example, it's not reasonable to request that wp-admin be blocked from any IP except localhost, for example.

Do you think that listing as an additional resource implies that we're endorsing the recommendations?

ataylorme commented 6 years ago

Do you think that listing as an additional resource implies that we're endorsing the recommendations?

I'm not sure but think we should err on the side of caution and not include it given the outdated items you've highlighted.