====== Sécuriser un site web ======
Articles d'introductions sur le hacking :\\
[[https://blog.sucuri.net/2015/02/why-websites-get-hacked.html|Why websites get hacked]]\\
[[https://blog.sucuri.net/2015/03/the-impacts-of-a-hacked-website.html|The impact of a hacked website]]\\
[[https://blog.sucuri.net/2015/05/website-security-how-do-websites-get-hacked.html|How do website get hacked]]

Pour Wordpress voir aussi : [[https://blog.sucuri.net/category/wordpress-security]]

[[https://sitecheck.sucuri.net/|Vérificateur de sécurité]] (compromission ou malware connus, etc)

Failles PHP : {{:webdev:webhacking_les_failles_php.pdf|}}

Module de firewall pour apache : [[https://modsecurity.org/about.html|ModSecurity]]

===== Améliorer la sécurité de Wordpress =====
[[http://codex.wordpress.org/Hardening_WordPress|Source]]

.htaccess :
<Code>
<files wp-config.php>
order allow,deny
deny from all
</files>
</Code>
Bloque l'accès à wp-config, au cas où.

wp-config.php :
<Code>
define('DISALLOW_FILE_EDIT', true);
</Code>
Désactive la possibilité d'éditer les fichiers depuis Wordpress.

  Detect. Prevention may fail, so we recommend scan your site for indicators of compromise or outdated software.
  Our plugin and CloudProxy to help you with that.
  If you like the open source route, you can try OSSEC, Snort and ModSecurity to help you achieve that.