How to secure my WordPress installation?

WordPress is a very widely-used blogging system and well known as entrance door. There ‘re tons of hacks, sources and tools trying to get access to the wordpress panel or the root system. There ‘re also tons of plugins trying to secure with changing the original wordpress code oder file names.

Why they doing this? Does it mean that the wordpress team is too stupid to develop secure code and blogging system? Or does it mean that the wordpress core as no secure? Anyway. I think it is a bad idea to let plugins or themes overwrite the original code. In an older blog entry I explained how I mount one wordpress installation from the port collection to all of my blogs. I’m using nullfs to mount it as read only directory. Plugins who try to overwrite or change original files will fail.

Back to the topic. First, a good idea is to secure the login attempts. I’m using https://de.wordpress.org/plugins/limit-login-attempts-reloaded/ and it works well. First step. I have to evaluate more plugins.

Docker on FreeBSD a bad idea? Why macOS and not BSD?

My FreeBSD 11.1 system runs really smooth, all is fine. As cloud system I’m using nextcloud and it works very well. The synchronization between desktop, web and apps is excellent. Shared calendar, files and so on… all fine.

Nextcloud offers a way to modify office documents via web interface, called Collabora Online – https://nextcloud.com/collaboraonline/. Collabora delivers the software as docker image. Docker does not support FreeBSD. There ‘re experimental ports. Do u want an experimental package on u’re production server. I don’t, do I. To create a jail for docker is not an option as well. I have to create zfs pool and zfs file system in the jail. This needs to reduce the jail security radically. No option. Running bhyve/iohyve in a jail is no option as well. Needs zfs stuff as well.

It seems the only option is to install the iohyve package on the master system, setup a linux vm and run docker in the linux vm. I’m going to challenge it.