How can you harm a wordpress site if you have root but no write permissions?

V

Valeriy Solovyov2015-02-25 17:24:21

Information Security

Valeriy Solovyov, 2015-02-25 17:24:21

Hi all.
(after endless hacks of my sites, I want to secure them as much as possible)
I wonder what will happen if I set permissions for the entire wordpress code with a restriction on change. That is, you can not rewrite / supplement / delete.
Wordpress itself is inside an OpenVZ/Docker/LXC container.
The site itself:
chmod 555 /opt/wordpress/*
All static will be given specially from under another directory. No performance rights.
The database is local, but updates are allowed, only INSERT/UPDATE.
Let's say an administrator password is chosen for such a wonderful system. What can be done?
Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

N

Nikolai Korabelnikov, 2015-02-25
@nmk2002

#chmod 777 /opt/wordpress/*

I

Igor, 2015-02-25
@Biss

The following scheme is possible:
- Get root access to the server
- Find the CMS configuration file with the database data
- Connect to the database under this data
- Change the administrator password to the CMS through the database (convert some 12345 to md5 and update the cell with an encrypted password)
- Go to the admin. Gadim.