{"id":2525,"date":"2026-01-08T04:01:40","date_gmt":"2026-01-08T07:01:40","guid":{"rendered":"https:\/\/helpsysadmin.com.br\/blog\/?p=2525"},"modified":"2026-03-06T22:20:32","modified_gmt":"2026-03-07T01:20:32","slug":"hardening-de-kernel-linux-e-wordpress","status":"publish","type":"post","link":"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/","title":{"rendered":"Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o"},"content":{"rendered":"<div id=\"helps-1723177762\" class=\"helps-before-content-2 helps-entity-placement\"><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3661896953164277\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- 2anuncios display quadrado -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3661896953164277\"\r\n     data-ad-slot=\"5051229894\"\r\n     data-ad-format=\"auto\"\r\n     data-full-width-responsive=\"true\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><\/div>\n<h2 class=\"wp-block-heading\" id=\"h-o-que-e-hardening-de-kernel\">\ud83d\udd10 O que \u00e9 hardening de kernel?<\/h2>\n\n\n\n<p>Hardening de kernel \u00e9 o processo de <strong>reduzir a superf\u00edcie de ataque do sistema operacional<\/strong>, limitando comportamentos perigosos, prevenindo explora\u00e7\u00e3o de vulnerabilidades e dificultando escalonamento de privil\u00e9gios \u2014 <strong>sem quebrar aplica\u00e7\u00f5es<\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-1-requisitos-antes-de-aplicar\">\ud83d\udccc 1. Requisitos antes de aplicar<\/h2>\n\n\n\n<p>\u2714 Teste sempre em <strong>ambiente de staging<\/strong><br>\u2714 Tenha acesso via <strong>console\/VNC<\/strong> (n\u00e3o apenas SSH)<br>\u2714 Fa\u00e7a backup ou snapshot do servidor<br>\u2714 Conhe\u00e7a seu workload (containers, VPN, firewall, etc.)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-2-hardening-com-sysctl-kernel-runtime\">\u2699\ufe0f 2. Hardening com <code>sysctl<\/code> (kernel runtime)<\/h2>\n\n\n\n<p>Crie ou edite:<\/p>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>\/etc\/sysctl.d\/99-hardening.conf\n<\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-protecoes-contra-exploracao-e-escalonamento\">\ud83d\udd12 Prote\u00e7\u00f5es contra explora\u00e7\u00e3o e escalonamento<\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>kernel.kptr_restrict = 2\nkernel.dmesg_restrict = 1\nkernel.yama.ptrace_scope = 1\nkernel.unprivileged_bpf_disabled = 1\nkernel.randomize_va_space = 2\n<\/pre><\/div>\n\n\n\n<p>\u2714 Protege contra leak de endere\u00e7os<br>\u2714 Bloqueia ptrace entre processos<br>\u2714 Mant\u00e9m ASLR ativo<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-protecoes-de-rede-anti-spoofing-e-ataques-comuns\">\ud83c\udf10 Prote\u00e7\u00f5es de rede (anti-spoofing e ataques comuns)<\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>net.ipv4.conf.all.rp_filter = 1\nnet.ipv4.conf.default.rp_filter = 1\n\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv6.conf.all.accept_redirects = 0\n\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\n\nnet.ipv4.tcp_syncookies = 1\n<\/pre><\/div>\n\n\n\n<p>\u2714 Evita spoofing<br>\u2714 Bloqueia redirects maliciosos<br>\u2714 Mitiga SYN Flood<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-icmp-e-broadcast\">\ud83d\udeab ICMP e broadcast<\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>net.ipv4.icmp_echo_ignore_broadcasts = 1\nnet.ipv4.icmp_ignore_bogus_error_responses = 1\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-endurecimento-de-filesystem\">\ud83d\udd10 Endurecimento de filesystem<\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>fs.protected_hardlinks = 1\nfs.protected_symlinks = 1\nfs.suid_dumpable = 0\n<\/pre><\/div>\n\n\n\n<p>\u2714 Protege contra ataques via symlink<br>\u2714 Evita dump de processos SUID<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-aplicar-regras\">\ud83d\udd04 Aplicar regras<\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>sysctl --system\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-3-desabilitar-modulos-de-kernel-perigosos\">\ud83e\udde9 3. Desabilitar m\u00f3dulos de kernel perigosos<\/h2>\n\n\n\n<p>Crie:<\/p>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>\/etc\/modprobe.d\/hardening.conf\n<\/pre><\/div>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>install cramfs \/bin\/true\ninstall freevxfs \/bin\/true\ninstall jffs2 \/bin\/true\ninstall hfs \/bin\/true\ninstall hfsplus \/bin\/true\ninstall udf \/bin\/true\n<\/pre><\/div>\n\n\n\n<p>\u2714 Elimina vetores de ataque raros<br>\u2714 Nenhum impacto em servidores web<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-4-desativar-core-dumps\">\ud83d\udeb7 4. Desativar core dumps<\/h2>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>echo '* hard core 0' &gt; \/etc\/security\/limits.d\/99-core.conf\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-5-restringir-acesso-ao-kernel-e-memoria\">\ud83d\udd11 5. Restringir acesso ao kernel e mem\u00f3ria<\/h2>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>chmod 600 \/boot\/config-*\nchmod 700 \/boot\n<\/pre><\/div>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>mount -o remount,hidepid=2 \/proc\n<\/pre><\/div>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u26a0\ufe0f <strong>Cuidado<\/strong>: <code>hidepid=2<\/code> pode afetar ferramentas de monitoramento.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-6-compilar-kernel-customizado-opcional-alto-nivel\">\ud83e\udde0 6. Compilar kernel customizado (opcional \u2013 alto n\u00edvel)<\/h2>\n\n\n\n<p>Se voc\u00ea controla o kernel:<\/p>\n\n\n\n<p>\u2714 <code>CONFIG_SECURITY=y<\/code><br>\u2714 <code>CONFIG_HARDENED_USERCOPY=y<\/code><br>\u2714 <code>CONFIG_STACKPROTECTOR_STRONG=y<\/code><br>\u2714 <code>CONFIG_STRICT_KERNEL_RWX=y<\/code><br>\u2714 <code>CONFIG_RANDOMIZE_BASE=y<\/code><\/p>\n\n\n\n<p>\ud83d\udc49 Ideal para <strong>servidores cr\u00edticos<\/strong>, n\u00e3o obrigat\u00f3rio para VPS padr\u00e3o.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-7-combine-com-outras-camadas-obrigatorio\">\ud83d\udd25 7. Combine com outras camadas (obrigat\u00f3rio)<\/h2>\n\n\n\n<p>Hardening de kernel <strong>n\u00e3o substitui<\/strong>:<\/p>\n\n\n\n<p>\u2714 Firewall (nftables\/iptables)<br>\u2714 <a href=\"https:\/\/helpsysadmin.com.br\/blog\/como-instalar-crowdsec\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Como instalar Crowdsec\" target=\"_blank\" rel=\"noopener\">Crowdsec<\/a>(<strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/como-instalar-crowdsec\/\" target=\"_blank\" rel=\"noreferrer noopener\">Clique aqui e veja como instalar Crowdsec<\/a><\/strong>)<br>\u2714 <a href=\"https:\/\/helpsysadmin.com.br\/blog\/fail2ban-vs-crowdsec-em-producao\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Fail2Ban vs CrowdSec em Produ\u00e7\u00e3o: Qual \u00e9 a Melhor Solu\u00e7\u00e3o de Seguran\u00e7a para Servidores Linux?\" target=\"_blank\" rel=\"noopener\">Fail2ban<\/a>(opcional se utilizar Crowdsec)<br>\u2714 SSH hardening<br>\u2714 Atualiza\u00e7\u00f5es autom\u00e1ticas<br>\u2714 Monitoramento ativo (Zabbix, Netdata, etc.)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-o-que-nao-fazer-em-producao\">\u26a0\ufe0f O que N\u00c3O fazer em produ\u00e7\u00e3o<\/h2>\n\n\n\n<p>\u274c Desabilitar IPv6 sem testar<br>\u274c Bloquear <code>ptrace<\/code> totalmente (breaks debuggers)<br>\u274c Aplicar sysctl de \u201cblog aleat\u00f3rio\u201d<br>\u274c Copiar hardening de desktop para servidor<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-checklist-rapido\">\ud83d\udcca Checklist r\u00e1pido<\/h2>\n\n\n\n<p>\u2705 ASLR ativo<br>\u2705 BPF restrito<br>\u2705 Redirects desativados<br>\u2705 FS protegido<br>\u2705 M\u00f3dulos in\u00fateis bloqueados<br>\u2705 LSM ativo<br>\u2705 Monitoramento funcional<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-8-arquivo-99-hardening-conf-pronto-para-uso\">8. Arquivo 99-hardening.conf pronto para uso<\/h2>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udcc1 PARTE 1 \u2014 <code>99-hardening.conf<\/code> por distribui\u00e7\u00e3o<\/h2>\n\n\n\n<p>Todos os arquivos abaixo ficam em:<\/p>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>\/etc\/sysctl.d\/99-hardening.conf\n<\/pre><\/div>\n\n\n\n<p>Ap\u00f3s criar:<\/p>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>sysctl --system\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udfe0 Ubuntu 20.04 \/ 22.04 \/ 24.04 (LTS)<\/h2>\n\n\n\n<p>Compat\u00edvel com Apache, Nginx, PHP-FPM, MariaDB, Docker (com ressalvas)<\/p>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>############################\n# Kernel hardening\n############################\nkernel.kptr_restrict = 2\nkernel.dmesg_restrict = 1\nkernel.unprivileged_bpf_disabled = 1\nkernel.randomize_va_space = 2\nkernel.sysrq = 0\nkernel.yama.ptrace_scope = 1\n\n############################\n# Filesystem protections\n############################\nfs.protected_hardlinks = 1\nfs.protected_symlinks = 1\nfs.suid_dumpable = 0\nfs.protected_fifos = 2\nfs.protected_regular = 2\n\n############################\n# Network hardening\n############################\nnet.ipv4.ip_forward = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\n\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv6.conf.all.accept_redirects = 0\n\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\n\nnet.ipv4.conf.all.rp_filter = 1\nnet.ipv4.conf.default.rp_filter = 1\n\nnet.ipv4.tcp_syncookies = 1\nnet.ipv4.tcp_timestamps = 0\n\n############################\n# ICMP protection\n############################\nnet.ipv4.icmp_echo_ignore_broadcasts = 1\nnet.ipv4.icmp_ignore_bogus_error_responses = 1\n\n############################\n# IPv6 (mant\u00e9m ativo e seguro)\n############################\nnet.ipv6.conf.all.disable_ipv6 = 0\nnet.ipv6.conf.default.disable_ipv6 = 0\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd35 AlmaLinux \/ Rocky Linux 8 \/ 9<\/h2>\n\n\n\n<p>SELinux-friendly (modo Enforcing)<\/p>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>############################\n# Kernel\n############################\nkernel.kptr_restrict = 2\nkernel.dmesg_restrict = 1\nkernel.unprivileged_bpf_disabled = 1\nkernel.randomize_va_space = 2\nkernel.sysrq = 0\n\n############################\n# Filesystem\n############################\nfs.protected_hardlinks = 1\nfs.protected_symlinks = 1\nfs.suid_dumpable = 0\nfs.protected_fifos = 2\nfs.protected_regular = 2\n\n############################\n# Network\n############################\nnet.ipv4.ip_forward = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\n\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv6.conf.all.accept_redirects = 0\n\nnet.ipv4.conf.all.accept_source_route = 0\nnet.ipv4.conf.default.accept_source_route = 0\n\nnet.ipv4.conf.all.rp_filter = 1\nnet.ipv4.conf.default.rp_filter = 1\n\nnet.ipv4.tcp_syncookies = 1\n\n############################\n# ICMP\n############################\nnet.ipv4.icmp_echo_ignore_broadcasts = 1\nnet.ipv4.icmp_ignore_bogus_error_responses = 1\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udfe2 Debian 11 \/ 12<\/h2>\n\n\n\n<p>Muito est\u00e1vel para WordPress e DirectAdmin<\/p>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>kernel.kptr_restrict = 2\nkernel.dmesg_restrict = 1\nkernel.unprivileged_bpf_disabled = 1\nkernel.randomize_va_space = 2\nkernel.sysrq = 0\nkernel.yama.ptrace_scope = 1\n\nfs.protected_hardlinks = 1\nfs.protected_symlinks = 1\nfs.suid_dumpable = 0\nfs.protected_fifos = 2\nfs.protected_regular = 2\n\nnet.ipv4.ip_forward = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv6.conf.all.accept_redirects = 0\n\nnet.ipv4.conf.all.rp_filter = 1\nnet.ipv4.conf.default.rp_filter = 1\n\nnet.ipv4.tcp_syncookies = 1\nnet.ipv4.tcp_timestamps = 0\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-9-parte-2-hardening-especifico-para-wordpress-producao\">9.\ud83e\udde9 PARTE 2 \u2014 Hardening espec\u00edfico para WordPress (produ\u00e7\u00e3o)<\/h2>\n\n\n\n<p>Aqui o foco \u00e9 <strong>reduzir exploits comuns (RCE, LFI, brute force, malware)<\/strong> sem quebrar plugins ou updates.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd10 1. Kernel + FS (essencial)<\/h3>\n\n\n\n<p>J\u00e1 coberto pelo <code>99-hardening.conf<\/code>, mas <strong>adicione<\/strong>:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Desabilitar m\u00f3dulos raros (comum em exploits)<\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>\/etc\/modprobe.d\/wordpress-hardening.conf\n<\/pre><\/div>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>install cramfs \/bin\/true\ninstall freevxfs \/bin\/true\ninstall hfs \/bin\/true\ninstall hfsplus \/bin\/true\ninstall udf \/bin\/true\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\uddc2\ufe0f 2. Permiss\u00f5es corretas (cr\u00edtico)<\/h3>\n\n\n\n<p>Nunca rode WordPress como <code>777<\/code>. Abaixo exemplos de diretorio com 755 e arquivos 644.Altere \/var\/www para o caminho da conta do usu\u00e1rio.<\/p>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>find \/var\/www -type d -exec chmod 755 {} \\;\nfind \/var\/www -type f -exec chmod 644 {} \\;<\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><code>wp-config.php<\/code><\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>chmod 600 wp-config.php\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd10 WordPress \u2013 Bloquear execu\u00e7\u00e3o fora do necess\u00e1rio<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">NGINX + Apache (.htaccess)<\/h3>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\ud83c\udfaf Objetivo<br>Impedir <strong>RCE<\/strong>, <strong>uploads maliciosos<\/strong>, <strong>execu\u00e7\u00e3o indevida de PHP<\/strong> e <strong>exploits comuns<\/strong>, bloqueando <strong>antes do PHP<\/strong> sempre que poss\u00edvel.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83e\uddf1 CEN\u00c1RIO<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>NGINX como proxy reverso <strong>OU<\/strong> standalone<\/li>\n\n\n\n<li>Apache por tr\u00e1s (opcional)<\/li>\n\n\n\n<li>PHP-FPM ou mod_php<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u2714 Regra de ouro: <strong>NGINX bloqueia primeiro \u2192 Apache refor\u00e7a<\/strong><\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\udd47 PARTE 1 \u2014 NGINX (OBRIGAT\u00d3RIO SE EXISTIR)<\/h3>\n\n\n\n<p>\ud83d\udccd Arquivo do site (<code>server {}<\/code>)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1\ufe0f\u20e3 Bloquear PHP em uploads (CR\u00cdTICO)<\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>location ~* ^\/wp-content\/uploads\/.*\\.php$ {\n    deny all;\n    access_log off;\n    log_not_found off;\n}\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">2\ufe0f\u20e3 Bloquear PHP em <code>wp-includes<\/code><\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>location ~* ^\/wp-includes\/.*\\.php$ {\n    deny all;\n}\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">3\ufe0f\u20e3 Plugins (OPCIONAL \u2013 use com cautela)<\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>location ~* ^\/wp-content\/plugins\/.*\\.php$ {\n    deny all;\n}\n<\/pre><\/div>\n\n\n\n<p>\u2757 Pode quebrar plugins com endpoints pr\u00f3prios.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">4\ufe0f\u20e3 Proteger arquivos sens\u00edveis<\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>location ~* \/(wp-config\\.php|readme\\.html|license\\.txt) {\n    deny all;\n}\n\nlocation ~ \/\\. {\n    deny all;\n}\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">5\ufe0f\u20e3 Bloquear XML-RPC (recomendado)<\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>location = \/xmlrpc.php {\n    deny all;\n}\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">6\ufe0f\u20e3 Executar PHP APENAS onde \u00e9 necess\u00e1rio<\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>location ~ \\.php$ {\n    try_files $uri =404;\n\n    include fastcgi_params;\n    fastcgi_pass unix:\/run\/php\/php8.2-fpm.sock;\n    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n}\n<\/pre><\/div>\n\n\n\n<p>\u27a1\ufe0f Com isso, <strong>somente<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>\/index.php<\/code><\/li>\n\n\n\n<li><code>\/wp-login.php<\/code><\/li>\n\n\n\n<li><code>\/wp-admin\/*.php<\/code><\/li>\n<\/ul>\n\n\n\n<p>executam PHP.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\udd48 PARTE 2 \u2014 APACHE (.htaccess) (SEGUNDA CAMADA)<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udccd <code>\/wp-content\/uploads\/.htaccess<\/code><\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>&lt;FilesMatch &quot;\\.php$&quot;&gt;\n    Require all denied\n&lt;\/FilesMatch&gt;\n\nOptions -ExecCGI\nphp_flag engine off\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udccd <code>\/wp-includes\/.htaccess<\/code><\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>&lt;FilesMatch &quot;\\.php$&quot;&gt;\n    Require all denied\n&lt;\/FilesMatch&gt;\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udccd <code>\/wp-content\/plugins\/.htaccess<\/code> (OPCIONAL)<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\">Seguro (recomendado)<\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>&lt;FilesMatch &quot;\\.php$&quot;&gt;\n    Require all granted\n&lt;\/FilesMatch&gt;\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udccd <code>.htaccess<\/code> (RAIZ)<\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>&lt;FilesMatch &quot;(wp-config\\.php|readme\\.html|license\\.txt)&quot;&gt;\n    Require all denied\n&lt;\/FilesMatch&gt;\n\n&lt;FilesMatch &quot;^\\.&quot;&gt;\n    Require all denied\n&lt;\/FilesMatch&gt;\n\n&lt;Files xmlrpc.php&gt;\n    Require all denied\n&lt;\/Files&gt;\n\n&lt;LimitExcept GET POST HEAD&gt;\n    Require all denied\n&lt;\/LimitExcept&gt;\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\uddea TESTES OBRIGAT\u00d3RIOS<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>URL<\/th><th>Resultado<\/th><\/tr><\/thead><tbody><tr><td><code>\/wp-content\/uploads\/test.php<\/code><\/td><td>\u274c 403<\/td><\/tr><tr><td><code>\/wp-includes\/version.php<\/code><\/td><td>\u274c 403<\/td><\/tr><tr><td><code>\/wp-config.php<\/code><\/td><td>\u274c 403<\/td><\/tr><tr><td><code>\/xmlrpc.php<\/code><\/td><td>\u274c 403<\/td><\/tr><tr><td><code>\/wp-login.php<\/code><\/td><td>\u2705 OK<\/td><\/tr><tr><td><code>\/wp-admin\/admin.php<\/code><\/td><td>\u2705 OK<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Teste r\u00e1pido:<\/p>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>curl -I https:\/\/site.com\/wp-content\/uploads\/test.php\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u26a0\ufe0f OBSERVA\u00c7\u00d5ES IMPORTANTES<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>.htaccess<\/code> impacta performance \u2192 <strong>VHost no nginx \u00e9 melhor<\/strong><\/li>\n\n\n\n<li><code>php_flag<\/code> pode ser ignorado em PHP-FPM, mas <code>&lt;FilesMatch&gt;<\/code> continua eficaz<\/li>\n\n\n\n<li>Nunca use permiss\u00f5es <code>777<\/code><\/li>\n\n\n\n<li>Sempre teste plugins ap\u00f3s hardening<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u2705 CHECKLIST FINAL<\/h2>\n\n\n\n<p>\u2714 PHP bloqueado em uploads<br>\u2714 PHP bloqueado em wp-includes<br>\u2714 Execu\u00e7\u00e3o restrita ao core<br>\u2714 Arquivos sens\u00edveis protegidos<br>\u2714 XML-RPC bloqueado<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-10-wordpress-salts-obrigatorio\">\ud83d\udd11 10. WordPress SALTs (obrigat\u00f3rio)<\/h2>\n\n\n\n<p>No <code>wp-config.php<\/code>:<\/p>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>define('DISALLOW_FILE_EDIT', true);\ndefine('DISALLOW_FILE_MODS', true); \/\/ se usar deploy\/versionamento\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-11-php-hardening-essencial-para-wp\">\ud83d\udee1\ufe0f 11. PHP Hardening (essencial para WP)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><code>php.ini<\/code><\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>expose_php = Off\ndisplay_errors = Off\ncgi.fix_pathinfo = 0\nallow_url_fopen = Off\nallow_url_include = Off\n<\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Fun\u00e7\u00f5es perigosas<\/h3>\n\n\n\n<div class=\"wp-block-codemirror-blocks-code-block code-block\"><pre>disable_functions = exec,passthru,shell_exec,system,proc_open,popen\n<\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udcca 8. Monitoramento essencial<\/h2>\n\n\n\n<p>\u2714 Fail2ban com filtros WP ou Crowdsec (<strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/como-instalar-crowdsec\/\" target=\"_blank\" rel=\"noreferrer noopener\">Clique aqui para aprender Como instalar Crowdsec<\/a><\/strong>)<br>\u2714 Monitorar:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>consumo de CPU por PHP-FPM<\/li>\n\n\n\n<li>execu\u00e7\u00f5es fora de <code>\/usr\/bin\/php<\/code><\/li>\n\n\n\n<li>altera\u00e7\u00f5es em <code>wp-config.php<\/code><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u2705 Checklist final WordPress<\/h2>\n\n\n\n<p>\u2714 Kernel hardened<br>\u2714 PHP restrito<br>\u2714 Uploads protegidos<br>\u2714 Execu\u00e7\u00e3o PHP limitada<br>\u2714 Permiss\u00f5es corretas<br>\u2714 XML-RPC controlado<br>\u2714 Backups fora do webroot<\/p>\n\n\n\n<p><strong><a href=\"https:\/\/helpsysadmin.com.br\">Clique aqui e consulte nossos planos de Gerenciamento de Servidor<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ud83d\udd10 O que \u00e9 hardening de kernel? Hardening de kernel \u00e9 o processo de reduzir a superf\u00edcie de ataque do sistema operacional, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2536,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1279,1921,89],"tags":[18,3,2310,3961],"class_list":["post-2525","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-rede","category-seguranca-do-servidor","tag-seguranca","tag-servidor-linux","tag-sysadmin","tag-tuning-de-kernel-2"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.5 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o<\/title>\n<meta name=\"description\" content=\"Blog HelpSysAdmin - Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o\" \/>\n<meta property=\"og:description\" content=\"Blog HelpSysAdmin - Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o\" \/>\n<meta property=\"og:url\" content=\"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog HelpSysAdmin\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-08T07:01:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-07T01:20:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/01\/Hardening-de-kernel-Linux.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"563\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"HelpSysAdmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@brhelpsysad\" \/>\n<meta name=\"twitter:site\" content=\"@brhelpsysad\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/hardening-de-kernel-linux-e-wordpress\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/hardening-de-kernel-linux-e-wordpress\\\/\"},\"author\":{\"name\":\"HelpSysAdmin\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/person\\\/bdbe3d7d71a0c6a3cb474c18da574efb\"},\"headline\":\"Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o\",\"datePublished\":\"2026-01-08T07:01:40+00:00\",\"dateModified\":\"2026-03-07T01:20:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/hardening-de-kernel-linux-e-wordpress\\\/\"},\"wordCount\":648,\"publisher\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/hardening-de-kernel-linux-e-wordpress\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/01\\/Hardening-de-kernel-Linux.webp\",\"keywords\":[\"seguran\u00e7a\",\"servidor linux\",\"SysAdmin\",\"tuning de kernel\"],\"articleSection\":[\"Linux\",\"Rede\",\"Seguran\u00e7a\"],\"inLanguage\":\"pt-BR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/hardening-de-kernel-linux-e-wordpress\\\/\",\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/hardening-de-kernel-linux-e-wordpress\\\/\",\"name\":\"Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/hardening-de-kernel-linux-e-wordpress\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/hardening-de-kernel-linux-e-wordpress\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/01\\/Hardening-de-kernel-Linux.webp\",\"datePublished\":\"2026-01-08T07:01:40+00:00\",\"dateModified\":\"2026-03-07T01:20:32+00:00\",\"description\":\"Blog HelpSysAdmin - Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/hardening-de-kernel-linux-e-wordpress\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/hardening-de-kernel-linux-e-wordpress\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/hardening-de-kernel-linux-e-wordpress\\\/#primaryimage\",\"url\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/01\\/Hardening-de-kernel-Linux.webp\",\"contentUrl\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/01\\/Hardening-de-kernel-Linux.webp\",\"width\":1000,\"height\":563},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/hardening-de-kernel-linux-e-wordpress\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\",\"name\":\"Blog HelpSysAdmin\",\"description\":\"Blog Gerenciamento de Servidor\",\"publisher\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#organization\"},\"alternateName\":\"HelpSysAdmin Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#organization\",\"name\":\"HelpSysAdmin Gerenciamento de Servidores\",\"alternateName\":\"HelpSysAdmin\",\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\/\\/mlkpd8g42nae.i.optimole.com\\/w:512\\/h:512\\/q:mauto\\/f:best\\/https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2020\\/12\\/favicon.png\",\"contentUrl\":\"https:\\/\\/mlkpd8g42nae.i.optimole.com\\/w:512\\/h:512\\/q:mauto\\/f:best\\/https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2020\\/12\\/favicon.png\",\"width\":512,\"height\":512,\"caption\":\"HelpSysAdmin Gerenciamento de Servidores\"},\"image\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/brhelpsysad\",\"https:\\\/\\\/mastodon.social\\\/@helpsysadmin\"],\"description\":\"Oferecemos o gerenciamento de servidores dedicados, vps ou cloud. Apresentamos a melhor experi\u00eancia em atendimento e servi\u00e7o. Nosso time cuidar\u00e1 do seu servidor com backups, an\u00e1lises constantes, ajustes de seguran\u00e7a, realiza\u00e7\u00e3o de manuten\u00e7\u00e3o preventiva e corretiva, otimiza\u00e7\u00e3o de performance al\u00e9m de monitoramento 24\u00d77 com suporte Pr\u00f3 Ativo.\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"1\",\"maxValue\":\"10\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/person\\\/bdbe3d7d71a0c6a3cb474c18da574efb\",\"name\":\"HelpSysAdmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/litespeed\\/avatar\\/e587d5e97a45d2f6f29b0179adc1ebf4.jpg?ver=1777250343\",\"url\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/litespeed\\/avatar\\/e587d5e97a45d2f6f29b0179adc1ebf4.jpg?ver=1777250343\",\"contentUrl\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/litespeed\\/avatar\\/e587d5e97a45d2f6f29b0179adc1ebf4.jpg?ver=1777250343\",\"caption\":\"HelpSysAdmin\"},\"sameAs\":[\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o","description":"Blog HelpSysAdmin - Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/","og_locale":"pt_BR","og_type":"article","og_title":"Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o","og_description":"Blog HelpSysAdmin - Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o","og_url":"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/","og_site_name":"Blog HelpSysAdmin","article_published_time":"2026-01-08T07:01:40+00:00","article_modified_time":"2026-03-07T01:20:32+00:00","og_image":[{"width":1000,"height":563,"url":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/01\/Hardening-de-kernel-Linux.webp","type":"image\/webp"}],"author":"HelpSysAdmin","twitter_card":"summary_large_image","twitter_creator":"@brhelpsysad","twitter_site":"@brhelpsysad","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/#article","isPartOf":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/"},"author":{"name":"HelpSysAdmin","@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/person\/bdbe3d7d71a0c6a3cb474c18da574efb"},"headline":"Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o","datePublished":"2026-01-08T07:01:40+00:00","dateModified":"2026-03-07T01:20:32+00:00","mainEntityOfPage":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/"},"wordCount":648,"publisher":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#organization"},"image":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/#primaryimage"},"thumbnailUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/01\/Hardening-de-kernel-Linux.webp","keywords":["seguran\u00e7a","servidor linux","SysAdmin","tuning de kernel"],"articleSection":["Linux","Rede","Seguran\u00e7a"],"inLanguage":"pt-BR"},{"@type":"WebPage","@id":"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/","url":"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/","name":"Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o","isPartOf":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/#primaryimage"},"image":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/#primaryimage"},"thumbnailUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/01\/Hardening-de-kernel-Linux.webp","datePublished":"2026-01-08T07:01:40+00:00","dateModified":"2026-03-07T01:20:32+00:00","description":"Blog HelpSysAdmin - Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o","breadcrumb":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/#primaryimage","url":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/01\/Hardening-de-kernel-Linux.webp","contentUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/01\/Hardening-de-kernel-Linux.webp","width":1000,"height":563},{"@type":"BreadcrumbList","@id":"https:\/\/helpsysadmin.com.br\/blog\/hardening-de-kernel-linux-e-wordpress\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/helpsysadmin.com.br\/blog\/"},{"@type":"ListItem","position":2,"name":"Hardening de kernel Linux e wordpress para servidores de produ\u00e7\u00e3o"}]},{"@type":"WebSite","@id":"https:\/\/helpsysadmin.com.br\/blog\/#website","url":"https:\/\/helpsysadmin.com.br\/blog\/","name":"Blog HelpSysAdmin","description":"Blog Gerenciamento de Servidor","publisher":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#organization"},"alternateName":"HelpSysAdmin Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/helpsysadmin.com.br\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/helpsysadmin.com.br\/blog\/#organization","name":"HelpSysAdmin Gerenciamento de Servidores","alternateName":"HelpSysAdmin","url":"https:\/\/helpsysadmin.com.br\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:512\/h:512\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2020\/12\/favicon.png","contentUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:512\/h:512\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2020\/12\/favicon.png","width":512,"height":512,"caption":"HelpSysAdmin Gerenciamento de Servidores"},"image":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/brhelpsysad","https:\/\/mastodon.social\/@helpsysadmin"],"description":"Oferecemos o gerenciamento de servidores dedicados, vps ou cloud. Apresentamos a melhor experi\u00eancia em atendimento e servi\u00e7o. Nosso time cuidar\u00e1 do seu servidor com backups, an\u00e1lises constantes, ajustes de seguran\u00e7a, realiza\u00e7\u00e3o de manuten\u00e7\u00e3o preventiva e corretiva, otimiza\u00e7\u00e3o de performance al\u00e9m de monitoramento 24\u00d77 com suporte Pr\u00f3 Ativo.","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"1","maxValue":"10"}},{"@type":"Person","@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/person\/bdbe3d7d71a0c6a3cb474c18da574efb","name":"HelpSysAdmin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/litespeed\/avatar\/e587d5e97a45d2f6f29b0179adc1ebf4.jpg?ver=1777250343","url":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/litespeed\/avatar\/e587d5e97a45d2f6f29b0179adc1ebf4.jpg?ver=1777250343","contentUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/litespeed\/avatar\/e587d5e97a45d2f6f29b0179adc1ebf4.jpg?ver=1777250343","caption":"HelpSysAdmin"},"sameAs":["https:\/\/helpsysadmin.com.br\/blog\/"]}]}},"lang":"pt","translations":{"pt":2525},"pll_sync_post":{},"_links":{"self":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts\/2525","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/comments?post=2525"}],"version-history":[{"count":5,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts\/2525\/revisions"}],"predecessor-version":[{"id":2564,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts\/2525\/revisions\/2564"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/media\/2536"}],"wp:attachment":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/media?parent=2525"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/categories?post=2525"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/tags?post=2525"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}