Securing my new Grav site


#1

My web host is really negative about sites that update their own code. For Wordpress, they promote using a CLI tool via ssh for installing and upgrading both core code and plugins, in order to avoid giving the web server account the ability to change the code on the site – in the name of preventing hijacking of the site for malicious purposes.

Thinking now about deploying my first Grav-based site. The flat-file nature of Grav is different from Wordpress, of course, and my need for the admin interface makes it impossible to fully lock down the files, but I appreciate the spirit of the security concern.

I need the admin interface for non-technical content maintainers to add and edit pages, so I’m wondering if it makes sense to limit the code-updating stuff (Grav updates, plugins etc) to the Grav CLI or to manual operations, running in ssh. Doing this would let me remove the web account’s write-access from most of the Grav directories. System areas of the admin interface would remain in place but would be non-functional, and could probably be hidden by judicious use of privileges.

Is this worth doing? Does leaving the user/pages subdirectory open to edit by the web account leave fundamentally the same vulnerabilities in place? Does the CLI have enough functionality for this to work smoothly? If I do go down this route, what other directories does the web account need write access to besides user/pages (for page editing via admin) and cache, logs (general operational functionality)?


#2

Hi EdinPa,

I’m no security expert, but I’m reading and keeping myself updated as much as I can to the extent of my capacity and need.
The CLI gives you the ability to update, clear cache, backup and more. You can read more here: https://learn.getgrav.org/15/cli-console/grav-cli

As for your admin panel users, you can use the plugin to restrict their privileges in the admin panel to the content section only.

That being said. Security starts by having a strong password and a reliable host. For example: make sure you enforce very strong password format to your users.

What I can say is that the team behind Grav CMS is a solid and experienced team of developers. They also use it for their own clients. So you can rest assure they don’t take security lightly. And should something be discovered, it will be patched.

After that, you can go into static site generator to generate plain html files of your site. But you will have to setup automated deployment etc… You can check netlify, gatsby, hugo for example.

Like everything in life, there are pros and cons to everything.


#3

Thanks for your thoughts, Julien. It does look like it should work, but it’s a scenario that I have not seen described… which always make me wonder if I’m fundamentally on the wrong track!