Rockforduk

Active Member
May 5, 2016
41
4
8
London
cPanel Access Level
Root Administrator
Hi Everyone,
I am trying to figure out the best way to secure my server with regards to remote uploads. Most of the sites hosted on my server are Wordpress and we need file uploads enabled for users via WordPress only. How can i stop other malicious remote uploads that are trying to directly upload to plugins and theme folders etc?

Thanks

Rockforduk
 

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,753
311
363
Chesapeake, VA
cPanel Access Level
DataCenter Provider
Generally speaking WordPress will prevent an unauthorized visitor from simply uploading a file. However if you or your users are not keeping the WordPress and all the plug-ins and themes updated then you do run the risk of exploits so the best thing to do is ensure that WordPress is always kept updated on all installs.
 
  • Like
Reactions: cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,261
313
Houston
I am inclined to agree with @GOT here but if you want more information or for us to take a look we'd be happy to.
Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!
 

Rockforduk

Active Member
May 5, 2016
41
4
8
London
cPanel Access Level
Root Administrator
Hi there,
I have configured ConfigServer Security & Firewall to block Modsec triggers which seems to be working the only thing is now my blocked IP list is growing rapidly.

Thanks
 

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,753
311
363
Chesapeake, VA
cPanel Access Level
DataCenter Provider
That's not really an issue and CSF will rotate them out after 200 are in there (or whatever you set the rotation limit to in the csf.conf.
 
  • Like
Reactions: Rockforduk