Remote Uploads

[Rockforduk]

Hi Everyone,
I am trying to figure out the best way to secure my server with regards to remote uploads. Most of the sites hosted on my server are Wordpress and we need file uploads enabled for users via WordPress only. How can i stop other malicious remote uploads that are trying to directly upload to plugins and theme folders etc?

Thanks

Rockforduk

 

[GOT]

Generally speaking WordPress will prevent an unauthorized visitor from simply uploading a file. However if you or your users are not keeping the WordPress and all the plug-ins and themes updated then you do run the risk of exploits so the best thing to do is ensure that WordPress is always kept updated on all installs.

 

[cPanelLauren]

I am inclined to agree with @GOT here but if you want more information or for us to take a look we'd be happy to.
Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!

 

[Rockforduk]

Hi there,
I have configured ConfigServer Security & Firewall to block Modsec triggers which seems to be working the only thing is now my blocked IP list is growing rapidly.

Thanks

 

[GOT]

That's not really an issue and CSF will rotate them out after 200 are in there (or whatever you set the rotation limit to in the csf.conf.