The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Any tips for preventing Wordpress exploits?

Discussion in 'Security' started by iso99, Mar 13, 2015.

  1. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    87
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    So far (and fortunately), I have only at least 2 active Wordpress installations (from clients) that have been affected by multiple exploits from themes and plugins. The result is repeated instances of spam (causing listing on spam orgs).

    Any tips on how to combat this on a server-level? (Yes, necessary updates to scripts are required)

    I've tried Modsecurity brute-force rules and Varnish cache rate-limiting. Both are helpful actually. Any Wordpress modsecurity rules you suggest to add?

    Thanks!
     
  2. iso99

    iso99 Well-Known Member

    Joined:
    Jan 5, 2011
    Messages:
    87
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hey thanks! I got these rules in place already though :)
     
  3. jonathanlafleur

    Joined:
    Oct 8, 2013
    Messages:
    16
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    New Richmond
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi iso99, I know you've asked for server way, but a good thing is to install the plugin iTheme Security in them wordpress installation. With the help of this plugin you'll be able to modify default admin username, change database prefix, change wordpress admin path, wp-content path, who are all vulnerabilities that you can't control in other way.

    On other hands, if you don't have access to them installation, there's ConfigServer eXploit Scanner that you can buy and install to scan every file uploaded for commons exploit.
     
    SageBrian likes this.
Loading...

Share This Page