Any tips for preventing Wordpress exploits?


Well-Known Member
Jan 5, 2011
cPanel Access Level
Root Administrator
So far (and fortunately), I have only at least 2 active Wordpress installations (from clients) that have been affected by multiple exploits from themes and plugins. The result is repeated instances of spam (causing listing on spam orgs).

Any tips on how to combat this on a server-level? (Yes, necessary updates to scripts are required)

I've tried Modsecurity brute-force rules and Varnish cache rate-limiting. Both are helpful actually. Any Wordpress modsecurity rules you suggest to add?

Oct 8, 2013
New Richmond
cPanel Access Level
Root Administrator
Hi iso99, I know you've asked for server way, but a good thing is to install the plugin iTheme Security in them wordpress installation. With the help of this plugin you'll be able to modify default admin username, change database prefix, change wordpress admin path, wp-content path, who are all vulnerabilities that you can't control in other way.

On other hands, if you don't have access to them installation, there's ConfigServer eXploit Scanner that you can buy and install to scan every file uploaded for commons exploit.
  • Like
Reactions: SageBrian