Results 1 to 12 of 12
  1. #1

    Mod_Security Rules against Wordpress hacks

    Could you advice some mod_security rules (or sources) to prevent hacking wordpress shells via theme upload. I am trying to keep the rules up to date but they come with other ways of hacking.

    Thank you.
    Last edited by emresavas; 01-03-2014 at 01:20 PM.

  2. #2
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    8,154
    You can get the free gotroot rules, check out http://www.atomicorp.com/wiki/index....Security_Rules

    They are updated regularly.

  3. #3
    Is your wordpress updated ? Also it's a good idea to password protect the wp-admin directory . Gotroot (Atomicorp) rules are great and I've been using those for many years.

    Don't forget to harden your server from the core , when the core is not secured , web application firewalls and protections doesn't protect your server.
    Innovative Monitoring Solutions - Xitoring
    Linux Server Monitoring | Windows Server Monitoring
    Uptime Monitoring | Status Page | SSL Monitoring | API Monitoring

  4. #4
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    433
    Besides 3rd party rules, WordPress allows you to disable the plugin and theme editor, and update/ installation too.
    You can also disable any upload via PHP if needed.
    NinTechNet
    ★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
    ★ NinjaMonitoring : Monitor your website for suspicious activities.

  5. #5
    Atomicorp does not provide free/delayed set of rules any more.

    There are some new free rules from Comodo but not widely tested yet.

  6. #6
    Join Date
    Dec 2007
    Location
    LocalHost
    Posts
    1,317
    Add following code in wp-config.php
    Code:
    /** Disable File Editing  */
    define('DISALLOW_FILE_EDIT', true);
    /** Disable file modification including install and update of themes and plugins  */
    define('DISALLOW_FILE_MODS',true);
    /** Ask for FTP details when uploading and installing themes and plugins  */
    define('FS_METHOD', 'ftpext');
    Now move wp-config.php file above public_html
    YagHost - Fast Reliable Hosting Since 2009
    Managed VPS - NVMe DirectAdmin
    Web Hosting - NVMe SSD, AMD EPYC, 10 Gbps (US, Europe, Singapore)

  7. #7
    Best way is to always secure your WordPress by using Better WP Security plugin. It would take only a couple of minutes for the entire process!

  8. #8
    Join Date
    Jan 2014
    Location
    USA
    Posts
    10
    WordPress use technology atomicorp add ASL and rules ASL here steps

    1.- Install mod_security

    2.- install rules
    https://www.atomicorp.com/wiki/index...tall_the_rules

    best regards

  9. #9
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737
    Quote Originally Posted by DDHP Security View Post
    WordPress use technology atomicorp add ASL and rules ASL here steps
    As stated above, ASL no longer distribute a free version of their rules.

  10. #10
    Join Date
    Jan 2014
    Location
    Fort Lauderdale
    Posts
    362
    Also fail2ban could be used, there is a config that tracks wordpress access in the log; when it picks up something suspect based on the settings, the offender is thrown into a jail.

  11. #11
    Join Date
    Nov 2013
    Posts
    263
    Please go through the below link on how to effectively fight against brute force attacks on wordpress

    http://codex.wordpress.org/Brute_Force_Attacks

  12. #12
    Hello again, after nearly five months I come up with some information that how we dealed with this issue.

    *First we determined the old Wordpress installations and warned the users one by one.

    *Then we installed Configserver eXploit Scanner on all of our cPanel servers and scanned them. As we hoped CXS find all the malicious codes and cleaned them.

    *On third step we signed up to Atomicorp to get up-to-date mod_sec rules and we integrated it with ConfigServer ModSec plugin on every cPanel server.

    Now we are scanning every shared hosting account every night via ConfigServer CXS before the backup process. To sum up; these steps on above satisfied us and solved the problem. If you configure well your ConfigServer ModSec it catches nearly all harmful proccesses but I advice you to use CXS for deep investigation and detailed scans.

    If you have any addition or idea to this approach please clarify.
    Last edited by emresavas; 04-26-2014 at 05:13 PM. Reason: typo

Similar Threads

  1. Mod_security rules
    By ddrhost in forum Hosting Security and Technology
    Replies: 3
    Last Post: 01-23-2012, 03:06 PM
  2. mod_security rules
    By NameSniper in forum Hosting Security and Technology
    Replies: 4
    Last Post: 05-26-2009, 08:03 PM
  3. having 406 error in wordpress blog : mod_security Prb
    By bluearrow in forum Hosting Security and Technology
    Replies: 9
    Last Post: 05-07-2009, 01:59 AM
  4. mod_security 2 rules
    By 1Ali in forum Hosting Security and Technology
    Replies: 2
    Last Post: 12-18-2008, 11:33 PM
  5. mod_security rules
    By ManXP in forum Hosting Security and Technology
    Replies: 4
    Last Post: 08-18-2008, 06:28 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •