fix: harden wordpress edge exposure

This commit is contained in:
bisco
2026-06-25 22:57:43 +02:00
parent 02e05ec3b6
commit 82ae9eaae4
11 changed files with 91 additions and 7 deletions
+4 -1
View File
@@ -10,6 +10,7 @@ docker compose run --rm --no-deps proxy nginx -t
docker compose -f docker-compose.yml -f docker-compose.test.yml up --build -d db wordpress proxy
docker compose -f docker-compose.yml -f docker-compose.test.yml --profile tools run --rm wp-cli /scripts/bootstrap.sh
docker compose -f docker-compose.yml -f docker-compose.test.yml --profile test run --build --rm functional-tests
docker compose -f docker-compose.yml -f docker-compose.test.yml --profile test run --rm security-tests
docker compose config --quiet
LETSENCRYPT_ENABLED=1 docker compose config --quiet
```
@@ -19,7 +20,9 @@ override replaces database and WordPress state with isolated Docker volumes, map
`azionelab.org` to the internal proxy, and never publishes an extra port. Browser tests
cover content and section order, contact actions, mobile overflow/navigation, semantic
landmarks, image alternatives, admin routing, security headers, blocked sensitive
routes, and unknown virtual hosts.
routes, blocked uploaded PHP requests, and unknown virtual hosts. Security checks also
assert that WordPress does not publish host ports and that Apache hardening remains
installed in the WordPress image.
Subjective visual review and a real-device accessibility audit remain manual release
checks.