Remote Uploads

Rockforduk

• October 13, 2019 06:46

Hi Everyone, I am trying to figure out the best way to secure my server with regards to remote uploads. Most of the sites hosted on my server are Wordpress and we need file uploads enabled for users via WordPress only. How can i stop other malicious remote uploads that are trying to directly upload to plugins and theme folders etc? Thanks Rockforduk

• 

  GOT

  • October 13, 2019 12:09

  Generally speaking WordPress will prevent an unauthorized visitor from simply uploading a file. However if you or your users are not keeping the WordPress and all the plug-ins and themes updated then you do run the risk of exploits so the best thing to do is ensure that WordPress is always kept updated on all installs.

  0
• 

  cPanelLauren

  • October 15, 2019 21:53

  I am inclined to agree with @GOT here but if you want more information or for us to take a look we'd be happy to. Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved. Thanks!

  0
• 

  Rockforduk

  • October 17, 2019 18:09

  Hi there, I have configured ConfigServer Security & Firewall to block Modsec triggers which seems to be working the only thing is now my blocked IP list is growing rapidly. Thanks

  0
• 

  GOT

  • October 17, 2019 18:19

  That's not really an issue and CSF will rotate them out after 200 are in there (or whatever you set the rotation limit to in the csf.conf.

  0

Please sign in to leave a comment.