Skip to main content

Trouble with securing my cPanel

cosmotch
Hello, I have a reseller account for my domains and I've been getting overloaded with hits this week to my hosting account trying to find exploits in my WordPress websites. I keep them all up to date and only have a few plugins that are updated regularly. I installed ShieldSecurity, Limit Login Attempts and WPSecurity. I have done as much as I can find researching this forum but my options are limited as I don't have a WHM account so I can't install CSP, but I do have ModSecurity active. I have moved my login pages. I have been watching where they are trying to get in mostly: xmlrpc.php vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php admin/.env .env wp-login.php wp-content and well, the list could go on forever :) I added these lines to my .htaccess file can you tell me if this is okay, because I'm just trying what I can find. # Block WordPress xmlrpc.php requests order deny,allow deny from all $ cat << EOF > ${HOME}/www/.htaccess RewriteEngine On RewriteRule ^vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php$ - [F] EOF $ cat << EOF > ${HOME}/www/vendor/.htaccess Require all denied EOF # Block the include-only files. RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes\/.*\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] I am not sure what else I can do, I would be so grateful for any advice.

Comments

3 comments

Date Votes
  • cPRex Jurassic Moderator
    Hey there! Blocking access to wp-admin adn wp-includes is a good step. There isn't going to be a way to completely stop users from making requests to your site - as long as your site is online, anyone can reach it, and attempt any URL they wish. If you have a block of IPs that are frequently making requests to your server, you could always block them in the system's firewall.
    0
  • cosmotch
    Thank you for replying, that is good to know. Do you happen to know that if my hosting company logins into my account, their IP address would show up in the last logins? I ask this as there were logins not from my IP, so I was worried that it had been compromised. But if they are the staff logging in take a look in response to my support tickets, then I will stop stressing over it.
    0
  • cPRex Jurassic Moderator
    Yes, even if they log in that would still show up in the last login entries.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post