Almost all the hacks for wordpress revolve around writing some code to the server, and then using a URL to run the code.
The hacker exploits some weakness in some code already deployed on your server. The main job is to upload more code. Once the extra code can be uploaded it is executed, and the hacker can do whatever they like. Upload more code, that can do more hacking.
A normal wordpress install needs the web server (apache or nginx) to be able to write and modify files. When a plugin is installed, it needs to be written to the filesystem by the web server. If you take notice, installing a plugin is a bit like a hack getting installed.
So the struggle in running wordpress security long term, is enough access to run wordpress upgrades/plugins, and enough security to stop hackers. Long term, how are you going to guarantee you keep plugins up-to-date, and wordpress install up-date – that brings a whole lot of other issues. Even up-to-date plugins can be hacked.
What if we totally disabled writing to the filesystem ? WordPress wouldn’t be able to install any hacks – woohoo !!! wpDone mounts the hard disk as read-only – so not even the web server, or root, can write to wordpress. How is the hacker going to get a toe hold into your server now ? the hackers will have no chance.
The idea is that a hack attempt gets to crash into all our layers of security, and if it get’s through all those, then the final line of defense is to disallow any permanent writes to the disk. The linux kernel becomes part of our security, disallowing disk writes.
We are investigating ways we use this strategy for the mysql database as well, and use a read only database server. We already have mysql readonly slave replicas. But there are some other issues we need to untangle.
but how about plugins and wordpress updates, wp-cron tasks etc ? Well, wpDone has 2 strategies to deal with that.
More technical details, for the linux minded
By Scott Farrell on December 15th, 2015