Any tips for preventing Wordpress exploits?

iso99

• March 13, 2015 06:22

So far (and fortunately), I have only at least 2 active Wordpress installations (from clients) that have been affected by multiple exploits from themes and plugins. The result is repeated instances of spam (causing listing on spam orgs). Any tips on how to combat this on a server-level? (Yes, necessary updates to scripts are required) I've tried Modsecurity brute-force rules and Varnish cache rate-limiting. Both are helpful actually. Any Wordpress modsecurity rules you suggest to add? Thanks!

• 

  cPanelMichael

  • March 13, 2015 13:25

  Hello, You may find the following thread helpful: Mod_Security Rules For WordPress Thank you.

  0
• 

  iso99

  • March 13, 2015 15:02

  Hello, You may find the following thread helpful: Mod_Security Rules For WordPress Thank you.

  
  Hey thanks! I got these rules in place already though :)

  0
• 

  jonathanlafleur

  • March 13, 2015 20:28

  Hi iso99, I know you've asked for server way, but a good thing is to install the plugin iTheme Security in them wordpress installation. With the help of this plugin you'll be able to modify default admin username, change database prefix, change wordpress admin path, wp-content path, who are all vulnerabilities that you can't control in other way. On other hands, if you don't have access to them installation, there's ConfigServer eXploit Scanner that you can buy and install to scan every file uploaded for commons exploit.

  0

Please sign in to leave a comment.