I've ported my website locally installed to Internet. Is it secure?

1

Sorry about that ugly title, but I've managed to share my Wordpress installed locally (using WAMP server) to internet, just porting my 80 port to the public 1234 port in my router configuration.

So, if you enter to "my-public-address:1234", your are entering my website. I've previously changed the Host URL from Wordpress to "my-public-address:1234"

But, is it secure?

whitenoisedb

Posted 2014-02-13T04:12:47.887

Reputation: 287

Answers

1

This is kind of broad since the security of the site as stands could be anything. If your site is open to SQL injection due to non-sanitized queries, then you could be very open to attacks. If the site allows Mass Injection then you could be open to attacks. However, I will assume that the coding of your site and any extensions/plugins used are secured. Just having port 80 open (in your case port 1234) doesn't really open you to hackers since it's just going to serve your web content. Though, if your code isn't clean then you run the risk of getting hacked beyond just that server. Also, you have to consider that you will probably log into your website from public places. Since you're just opening HTTP, you're not really using any layers of encryption (HTTPS) which could leave you open to having someone sniff packets, see requests to your site and steal your login information. To keep things simple, as long as you're not transmitting sensitive data to and from your website and your code is sanitized and fairly well written, you lower the risk of a breach.

kobaltz

Posted 2014-02-13T04:12:47.887

Reputation: 14 361

Thanks for the info. I believe I'm doing right. I've consider the lack of HTTPS and those possible packets when logging in, but I work at my house. So, for curiosity, 1) Can those packets be captured by someone that it ISN'T connected to the wifi network -just having signal-? ... 2) In case of breaking the Wordpress site, could the hacker enter to my local disk data?? what he could do? – whitenoisedb – 2014-02-13T04:49:57.823

>

  • If you're using WPA2, then you should be okay. 2. Yes they could. I've seen several instances of where a Wordpress site was hijacked and allowed someone to upload files to the site. Typically the most common types of breaches will be to install and use your server to host a virus.
    • < – kobaltz – 2014-02-13T13:07:48.650

    Since you have the local IP address of your Wordpress site, you can log into the site locally instead of going through the external port which would help against the HTTPS issue. – kobaltz – 2014-02-13T13:08:30.560

    That's right. I also wonder about my files beyond the website root directory, which is just a folder in my hard disk. – whitenoisedb – 2014-02-13T14:17:20.460

    If the malicious person were to upload a php script and called something to randomly delete or upload files, then this could be a concern. Always make sure that you're running the latest updates of WordPress and that you're using trusted plugins. It can also be useful to run the Web Server with a different user that has limited permissions outside of the web directory. – kobaltz – 2014-02-13T15:25:39.230

    Asked: 2014-02-13T04:12:47.887

    Viewed: 51 times

    Active: 2014-02-13T04:24:50.103