Secure¶
Secure command secure WordOps backend auth, ip and port
Usage:
wo secure [options]
Options:
| argument | description |
|---|---|
--auth |
Set backend user credentials (user and) |
--port |
Set backend port (default: 22222) |
--ip |
Set the list of IP(s) allowed to access without authentification |
--ssh |
Harden SSH security |
--sshport |
Set custom ssh port (default: 22) |
--allowpassword |
Allow password authentification when hardening SSH security |
--force |
Force hardening SSH security without being prompt for confirmation |
WordOps uses Basic Auth to protect the backend from unauthorize people. To change the authorization method, backend's port,... You can use wo secure command.
Change backend credential¶
The user name and password of WordOps backend is showed when you create a first site. If you don't remember and want to reset, please use below command.
wo secure --auth
Provide HTTP authentication user name [admin]:master
Provide HTTP authentication password [5zVFELjHjShPPFr7qkoMzavP]:
Short hand:
wo secure --auth YourUsername aSecurePassword
Change backend port¶
In case you want to change WordOps backend port from 22222, use this command:
wo secure --port
WordOps admin port [22222]:23456
Reload: nginx [OK]
Successfully port changed 23456
Change whitelist IPs¶
By default, WordOps only allow IP 127.0.0.1 to connect to their backend. To allow your IP (ex. 1.1.1.1), use below command:
wo secure --ip
Enter the comma separated IP addresses to white list [127.0.0.1]:1.1.1.1
Successfully added IP address in acl.conf file
You can also edit directly the file /etc/nginx/common/acl.conf
Harden SSH security¶
Warning
To harden SSH security, WordOps render the configuration sshd_config from a template. In this template, root authentification with password is forbidden and by default password authentification is disabled. You can use the flag --allowpassword with --ssh to allow password authentification, but before running this command please make sure you will not be locked out of your server. Using password-less authentification with SSH keys is highly recommended.
To harden SSH security you can use the command :
wo secure --ssh
Additionally, if you want to allow password authentification (not recommended), you can use :
wo secure --ssh --allowpassword
Change SSH port¶
To avoid bruteforce on SSH, it's recommended to use another port than the default port (22).
Usage :
wo secure --sshport <port>
Exemple :
wo secure --sshport 2022
WordOps will automatically allow the new SSH port if UFW is enabled.