ssh

WordPress is one of the most popular blogging platforms on the Internet. One of the first things I do when I setup a new WordPress installation is harden it. You can read about a number of my suggestions in the article Secure Your WordPress Installation. However, one of the more complex activities I undertake is securing the upgrade facility so that it uses SSH for handling all of my site’s updates. This is for Ubuntu 10.04 LTS: Create a “wordpress” user that will be used to manage your site. [shell] % sudo adduser wordpress [/shell] Add the following lines to your wp-config.php, I usually put mine right after the Language definition: [shell] /** * Define Upgrade FTP Usernames and Passwords...

SSH Tunnel Setup Create an SSH key (Version 2) to allow passwordless replication: $ ssh-keygen -t rsa Copy the SSH key to the Master (assumes same user account on Master and Slave): $ ssh-copy-id master.machine.dom Setup the SSH Tunnel from the Slave to the Master on Slave Port 3305: $ ssh -f master.machine.dom -L 3305:127.0.0.1:3306 -N Now local port 3305 is actually port 3306 on the Master. Test that you can access the Master Database from the Slave: $ mysql -h 127.0.0.1 -P 3305 -uUSER -p You must use 127.0.0.1, not localhost, because MySQL treats “localhost” differently. If you are able to get a MySQL connection and verify access...