We run a lot of wordpress sites and as usual, clients aren't great at updating their plugins.
What we find is that a lot of php files get modified after an exploit is - exploited, with malicious code being spidered into legitimate files, and also files being created that are 100% malicious code.
We have a way around this on non cPanel servers by just setting everything to read only for websites. However when we do this on a cPanel site, everything fails spectacularly.
On these read-only servers, we do all the plugin updates on a development box and then push to live.
Is there a way to make all the files folders (except for the uploads folder) read only on cpanel?
What we find is that a lot of php files get modified after an exploit is - exploited, with malicious code being spidered into legitimate files, and also files being created that are 100% malicious code.
We have a way around this on non cPanel servers by just setting everything to read only for websites. However when we do this on a cPanel site, everything fails spectacularly.
On these read-only servers, we do all the plugin updates on a development box and then push to live.
Is there a way to make all the files folders (except for the uploads folder) read only on cpanel?