Imagine if you have a blog with multiple posters, or you have “Require users to register and login in order to post a comment”. Well, I have an idea of why they would be doing that, but I still think it is disappointing. not useful at all as a DoS or brute force target 🙂 Instant HTTP 403 forbidden error for any IP other than the trusted one reaching into /wp-admin…. Well, that was before I realized I could just setup an Authenticated proxy over SSL server, just allow only the trusted IP access to the /wp-admin directory, and bypass mod_security for the trusted source IP. I’ve experimented in setting up WordPress implementations and found the combination of Apache with mod_security (w/ OWASP Modsecurity Core Ruleset) fronted by Cloudflare for the optimization and DoS protection parts, quite effective….Īfter working out which rules needed to be turned off, for the WP administration to work right. Personally, I would invest in a Web application Firewall or mod_security based protections before buying scanning plugins, that probably mostly just check a predefined version list, or look for specific script blobs in PHP files.Īttack resistance over detecting compromise or detecting individual bugs 🙂 It does not make sense that wp-login.php would be the only file targetted. Unless the website runs the PHP scripts under the same userid as the user id credential that owns the files, instead of an unprivileged anonymous user (the latter is the norm). Even that requires providing WordPress with FTP credentials. This generally requires the script be running either as the owner of the file, or with root / server administrator permissions.Īs far as I know wordpress never writes to its own script files: except when performing a software update. Some software update or PHP script or other process running in the OS environment, perhaps an automatic update tool with an unusually restrictive umask, must be re-creating the file (and neglecting to fix permissions) or modifying the chmod to 600 directly.
I haven’t ever seen or heard WordPress do anything like that, so, perhaps a 3rd party plugin I might diff the contents of the file, and verify it hasn’t been tampered with….
0 kommentar(er)
