# Wordpress Guide Rough Draft
- apache\conf\httpd.conf - some server/networking settings
#### Before messing around
- backup
-- `xampp/apache/mysql/htdocs`
#### <>/wp-admin/admin.php
- users
-- audit manually, limit amount of administrators
-- change password: `set new password` > `update profile`
-- edit perms: `role` > `no role` > `update user`
- plugins
-- research -> search "<name> cve"
-- delete bad ones, patch necessary ones
#### Database
- configuration settings: `htdocs/wp-config.php`
#### Logging
- apache
-- `apache/conf/httpd.conf`
-- enable and configure error to `info` or `debug`
-- make sure logio module is working: `CustomLog "logs/access.log" combined` (i think this is the cool access log)
- wordpress
-- add to wp-config:
-- `define('WP_DEBUG', true);`
-- `define('WP_DEBUG_LOG', true);`
-- logs end up in `/wp-content/debug.log`
-- (might have to delete old lines that define these same things)
#### Common Wordpress Spooks
- phpmyadmin / bonus webapps
-- remove ! (after backup ofc)
- sensitive information hosted on website
-- pii, backups, etc.
- vulnerable plugins
- poor user auditing/configuration
- add to php.ini
-- `disable_functions = "exec, shell_exec, passthru, system, proc_open, pcntl_exec, eval, popen, curl_exec, curl_multi_exec, parse_ini_file, show_source"`
-- if errors show that apps need any of these functions -> unblock necessary ones
#### Update
- <>/wp-admin/admin.php
-- `Dashboard` > `Updates`
# FUCK SHIT UP
- delete <>/wp-admin/admin.php
Sign in with Wallet
Connect another wallet