Results 1 to 12 of 12
-
01-03-2014, 01:15 PM #1Newbie
- Join Date
- Mar 2010
- Posts
- 20
Mod_Security Rules against Wordpress hacks
Could you advice some mod_security rules (or sources) to prevent hacking wordpress shells via theme upload. I am trying to keep the rules up to date but they come with other ways of hacking.
Thank you.Last edited by emresavas; 01-03-2014 at 01:20 PM.
-
01-03-2014, 03:53 PM #2Web Hosting Master
- Join Date
- Aug 2004
- Location
- Earth
- Posts
- 8,154
You can get the free gotroot rules, check out http://www.atomicorp.com/wiki/index....Security_Rules
They are updated regularly.
-
01-03-2014, 03:54 PM #3Sam is here
- Join Date
- Mar 2010
- Posts
- 822
Is your wordpress updated ? Also it's a good idea to password protect the wp-admin directory . Gotroot (Atomicorp) rules are great and I've been using those for many years.
Don't forget to harden your server from the core , when the core is not secured , web application firewalls and protections doesn't protect your server.█ Innovative Monitoring Solutions - Xitoring
█ Linux Server Monitoring | Windows Server Monitoring
█ Uptime Monitoring | Status Page | SSL Monitoring | API Monitoring
-
01-04-2014, 05:39 AM #4Aspiring Evangelist
- Join Date
- Mar 2009
- Location
- /home/khunj
- Posts
- 433
Besides 3rd party rules, WordPress allows you to disable the plugin and theme editor, and update/ installation too.
You can also disable any upload via PHP if needed.NinTechNet
★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
★ NinjaMonitoring : Monitor your website for suspicious activities.
-
01-04-2014, 05:50 AM #5Newbie
- Join Date
- Oct 2013
- Posts
- 24
Atomicorp does not provide free/delayed set of rules any more.
There are some new free rules from Comodo but not widely tested yet.
-
01-04-2014, 05:53 AM #6Web Hosting Master
- Join Date
- Dec 2007
- Location
- LocalHost
- Posts
- 1,317
Add following code in wp-config.php
Code:/** Disable File Editing */ define('DISALLOW_FILE_EDIT', true); /** Disable file modification including install and update of themes and plugins */ define('DISALLOW_FILE_MODS',true); /** Ask for FTP details when uploading and installing themes and plugins */ define('FS_METHOD', 'ftpext');
█ YagHost - Fast Reliable Hosting Since 2009
█ Managed VPS - NVMe DirectAdmin
█ Web Hosting - NVMe SSD, AMD EPYC, 10 Gbps (US, Europe, Singapore)
-
01-04-2014, 06:21 AM #7Temporarily Suspended
- Join Date
- Dec 2013
- Posts
- 35
Best way is to always secure your WordPress by using Better WP Security plugin. It would take only a couple of minutes for the entire process!
-
01-05-2014, 10:09 PM #8Newbie
- Join Date
- Jan 2014
- Location
- USA
- Posts
- 10
WordPress use technology atomicorp add ASL and rules ASL here steps
1.- Install mod_security
2.- install rules
https://www.atomicorp.com/wiki/index...tall_the_rules
best regards
-
01-06-2014, 05:40 AM #9Web Hosting Master
- Join Date
- Nov 2004
- Location
- Australia
- Posts
- 1,737
-
01-06-2014, 02:49 PM #10Aspiring Evangelist
- Join Date
- Jan 2014
- Location
- Fort Lauderdale
- Posts
- 362
Also fail2ban could be used, there is a config that tracks wordpress access in the log; when it picks up something suspect based on the settings, the offender is thrown into a jail.
-
01-13-2014, 05:31 AM #11Web Hosting Guru
- Join Date
- Nov 2013
- Posts
- 263
Please go through the below link on how to effectively fight against brute force attacks on wordpress
http://codex.wordpress.org/Brute_Force_Attacks
-
04-26-2014, 05:11 PM #12Newbie
- Join Date
- Mar 2010
- Posts
- 20
Hello again, after nearly five months I come up with some information that how we dealed with this issue.
*First we determined the old Wordpress installations and warned the users one by one.
*Then we installed Configserver eXploit Scanner on all of our cPanel servers and scanned them. As we hoped CXS find all the malicious codes and cleaned them.
*On third step we signed up to Atomicorp to get up-to-date mod_sec rules and we integrated it with ConfigServer ModSec plugin on every cPanel server.
Now we are scanning every shared hosting account every night via ConfigServer CXS before the backup process. To sum up; these steps on above satisfied us and solved the problem. If you configure well your ConfigServer ModSec it catches nearly all harmful proccesses but I advice you to use CXS for deep investigation and detailed scans.
If you have any addition or idea to this approach please clarify.Last edited by emresavas; 04-26-2014 at 05:13 PM. Reason: typo
Similar Threads
-
Mod_security rules
By ddrhost in forum Hosting Security and TechnologyReplies: 3Last Post: 01-23-2012, 03:06 PM -
mod_security rules
By NameSniper in forum Hosting Security and TechnologyReplies: 4Last Post: 05-26-2009, 08:03 PM -
having 406 error in wordpress blog : mod_security Prb
By bluearrow in forum Hosting Security and TechnologyReplies: 9Last Post: 05-07-2009, 01:59 AM -
mod_security 2 rules
By 1Ali in forum Hosting Security and TechnologyReplies: 2Last Post: 12-18-2008, 11:33 PM -
mod_security rules
By ManXP in forum Hosting Security and TechnologyReplies: 4Last Post: 08-18-2008, 06:28 AM