Hello,
I have a reseller account for my domains and I've been getting overloaded with hits this week to my hosting account trying to find exploits in my WordPress websites. I keep them all up to date and only have a few plugins that are updated regularly. I installed ShieldSecurity, Limit Login Attempts and WPSecurity. I have done as much as I can find researching this forum but my options are limited as I don't have a WHM account so I can't install CSP, but I do have ModSecurity active. I have moved my login pages. I have been watching where they are trying to get in mostly:
xmlrpc.php
vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
admin/.env
.env
wp-login.php
wp-content and well, the list could go on forever
I added these lines to my .htaccess file can you tell me if this is okay, because I'm just trying what I can find.
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
$ cat << EOF > ${HOME}/www/.htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php$ - [F]
</IfModule>
EOF
$ cat << EOF > ${HOME}/www/vendor/.htaccess
Require all denied
EOF
# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes\/.*\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
I am not sure what else I can do, I would be so grateful for any advice.
I have a reseller account for my domains and I've been getting overloaded with hits this week to my hosting account trying to find exploits in my WordPress websites. I keep them all up to date and only have a few plugins that are updated regularly. I installed ShieldSecurity, Limit Login Attempts and WPSecurity. I have done as much as I can find researching this forum but my options are limited as I don't have a WHM account so I can't install CSP, but I do have ModSecurity active. I have moved my login pages. I have been watching where they are trying to get in mostly:
xmlrpc.php
vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
admin/.env
.env
wp-login.php
wp-content and well, the list could go on forever
I added these lines to my .htaccess file can you tell me if this is okay, because I'm just trying what I can find.
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
$ cat << EOF > ${HOME}/www/.htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php$ - [F]
</IfModule>
EOF
$ cat << EOF > ${HOME}/www/vendor/.htaccess
Require all denied
EOF
# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes\/.*\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
I am not sure what else I can do, I would be so grateful for any advice.
Last edited by a moderator:
