Any tips for preventing Wordpress exploits?

I

iso99

Well-Known Member
Jan 5, 2011
112
7
68
cPanel Access Level
Root Administrator
So far (and fortunately), I have only at least 2 active Wordpress installations (from clients) that have been affected by multiple exploits from themes and plugins. The result is repeated instances of spam (causing listing on spam orgs).

Any tips on how to combat this on a server-level? (Yes, necessary updates to scripts are required)

I've tried Modsecurity brute-force rules and Varnish cache rate-limiting. Both are helpful actually. Any Wordpress modsecurity rules you suggest to add?

Thanks!
 
jonathanlafleur

jonathanlafleur

Member
Oct 8, 2013
19
1
3
New Richmond
cPanel Access Level
Root Administrator
Twitter
Hi iso99, I know you've asked for server way, but a good thing is to install the plugin iTheme Security in them wordpress installation. With the help of this plugin you'll be able to modify default admin username, change database prefix, change wordpress admin path, wp-content path, who are all vulnerabilities that you can't control in other way.

On other hands, if you don't have access to them installation, there's ConfigServer eXploit Scanner that you can buy and install to scan every file uploaded for commons exploit.
 
  • Like
Reactions: SageBrian
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
L Question and Tips about "anonymousfox" Security 30
P Requesting some Tips and Tricks Security 4
G CSF + LFD DoS Protection - Tips & Tricks for attacks ; tcpkill Security 1
S Hotlink protection tips for a single domain Security 1
C Server Under Attack. DDOS Protection Tips / Detecting Entry? Security 1
Similar threads
Question and Tips about "anonymousfox"
Requesting some Tips and Tricks
CSF + LFD DoS Protection - Tips & Tricks for attacks ; tcpkill
Hotlink protection tips for a single domain
Server Under Attack. DDOS Protection Tips / Detecting Entry?
Top Bottom